diff --git a/api/grpc/auth/v1/auth.pb.go b/api/grpc/auth/v1/auth.pb.go index 1ee360a95f..de52a5f6b3 100644 --- a/api/grpc/auth/v1/auth.pb.go +++ b/api/grpc/auth/v1/auth.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: auth/v1/auth.proto package v1 @@ -24,17 +24,20 @@ const ( ) type AuthNReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` } func (x *AuthNReq) Reset() { *x = AuthNReq{} - mi := &file_auth_v1_auth_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_auth_v1_auth_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthNReq) String() string { @@ -45,7 +48,7 @@ func (*AuthNReq) ProtoMessage() {} func (x *AuthNReq) ProtoReflect() protoreflect.Message { mi := &file_auth_v1_auth_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -68,19 +71,22 @@ func (x *AuthNReq) GetToken() string { } type AuthNRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // id - UserId string `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // user id - DomainId string `protobuf:"bytes,3,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` // domain id - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // id + UserId string `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // user id + DomainId string `protobuf:"bytes,3,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` // domain id } func (x *AuthNRes) Reset() { *x = AuthNRes{} - mi := &file_auth_v1_auth_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_auth_v1_auth_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthNRes) String() string { @@ -91,7 +97,7 @@ func (*AuthNRes) ProtoMessage() {} func (x *AuthNRes) ProtoReflect() protoreflect.Message { mi := &file_auth_v1_auth_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -128,25 +134,28 @@ func (x *AuthNRes) GetDomainId() string { } type AuthZReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` // Domain - SubjectType string `protobuf:"bytes,2,opt,name=subject_type,json=subjectType,proto3" json:"subject_type,omitempty"` // Client or User - SubjectKind string `protobuf:"bytes,3,opt,name=subject_kind,json=subjectKind,proto3" json:"subject_kind,omitempty"` // ID or Token - SubjectRelation string `protobuf:"bytes,4,opt,name=subject_relation,json=subjectRelation,proto3" json:"subject_relation,omitempty"` // Subject relation - Subject string `protobuf:"bytes,5,opt,name=subject,proto3" json:"subject,omitempty"` // Subject value (id or token, depending on kind) - Relation string `protobuf:"bytes,6,opt,name=relation,proto3" json:"relation,omitempty"` // Relation to filter - Permission string `protobuf:"bytes,7,opt,name=permission,proto3" json:"permission,omitempty"` // Action - Object string `protobuf:"bytes,8,opt,name=object,proto3" json:"object,omitempty"` // Object ID - ObjectType string `protobuf:"bytes,9,opt,name=object_type,json=objectType,proto3" json:"object_type,omitempty"` // Client, User, Group - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` // Domain + SubjectType string `protobuf:"bytes,2,opt,name=subject_type,json=subjectType,proto3" json:"subject_type,omitempty"` // Client or User + SubjectKind string `protobuf:"bytes,3,opt,name=subject_kind,json=subjectKind,proto3" json:"subject_kind,omitempty"` // ID or Token + SubjectRelation string `protobuf:"bytes,4,opt,name=subject_relation,json=subjectRelation,proto3" json:"subject_relation,omitempty"` // Subject relation + Subject string `protobuf:"bytes,5,opt,name=subject,proto3" json:"subject,omitempty"` // Subject value (id or token, depending on kind) + Relation string `protobuf:"bytes,6,opt,name=relation,proto3" json:"relation,omitempty"` // Relation to filter + Permission string `protobuf:"bytes,7,opt,name=permission,proto3" json:"permission,omitempty"` // Action + Object string `protobuf:"bytes,8,opt,name=object,proto3" json:"object,omitempty"` // Object ID + ObjectType string `protobuf:"bytes,9,opt,name=object_type,json=objectType,proto3" json:"object_type,omitempty"` // Client, User, Group } func (x *AuthZReq) Reset() { *x = AuthZReq{} - mi := &file_auth_v1_auth_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_auth_v1_auth_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthZReq) String() string { @@ -157,7 +166,7 @@ func (*AuthZReq) ProtoMessage() {} func (x *AuthZReq) ProtoReflect() protoreflect.Message { mi := &file_auth_v1_auth_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -236,23 +245,26 @@ func (x *AuthZReq) GetObjectType() string { } type AuthZPatReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // User id - PatId string `protobuf:"bytes,2,opt,name=pat_id,json=patId,proto3" json:"pat_id,omitempty"` // Pat id - PlatformEntityType uint32 `protobuf:"varint,3,opt,name=platform_entity_type,json=platformEntityType,proto3" json:"platform_entity_type,omitempty"` // Platform entity type - OptionalDomainId string `protobuf:"bytes,4,opt,name=optional_domain_id,json=optionalDomainId,proto3" json:"optional_domain_id,omitempty"` // Optional domain id - OptionalDomainEntityType uint32 `protobuf:"varint,5,opt,name=optional_domain_entity_type,json=optionalDomainEntityType,proto3" json:"optional_domain_entity_type,omitempty"` // Optional domain entity type - Operation uint32 `protobuf:"varint,6,opt,name=operation,proto3" json:"operation,omitempty"` // Operation - EntityIds []string `protobuf:"bytes,7,rep,name=entity_ids,json=entityIds,proto3" json:"entity_ids,omitempty"` // EntityIDs - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // User id + PatId string `protobuf:"bytes,2,opt,name=pat_id,json=patId,proto3" json:"pat_id,omitempty"` // Pat id + PlatformEntityType uint32 `protobuf:"varint,3,opt,name=platform_entity_type,json=platformEntityType,proto3" json:"platform_entity_type,omitempty"` // Platform entity type + OptionalDomainId string `protobuf:"bytes,4,opt,name=optional_domain_id,json=optionalDomainId,proto3" json:"optional_domain_id,omitempty"` // Optional domain id + OptionalDomainEntityType uint32 `protobuf:"varint,5,opt,name=optional_domain_entity_type,json=optionalDomainEntityType,proto3" json:"optional_domain_entity_type,omitempty"` // Optional domain entity type + Operation uint32 `protobuf:"varint,6,opt,name=operation,proto3" json:"operation,omitempty"` // Operation + EntityIds []string `protobuf:"bytes,7,rep,name=entity_ids,json=entityIds,proto3" json:"entity_ids,omitempty"` // EntityIDs } func (x *AuthZPatReq) Reset() { *x = AuthZPatReq{} - mi := &file_auth_v1_auth_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_auth_v1_auth_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthZPatReq) String() string { @@ -263,7 +275,7 @@ func (*AuthZPatReq) ProtoMessage() {} func (x *AuthZPatReq) ProtoReflect() protoreflect.Message { mi := &file_auth_v1_auth_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -328,18 +340,21 @@ func (x *AuthZPatReq) GetEntityIds() []string { } type AuthZRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Authorized bool `protobuf:"varint,1,opt,name=authorized,proto3" json:"authorized,omitempty"` - Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Authorized bool `protobuf:"varint,1,opt,name=authorized,proto3" json:"authorized,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` } func (x *AuthZRes) Reset() { *x = AuthZRes{} - mi := &file_auth_v1_auth_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_auth_v1_auth_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthZRes) String() string { @@ -350,7 +365,7 @@ func (*AuthZRes) ProtoMessage() {} func (x *AuthZRes) ProtoReflect() protoreflect.Message { mi := &file_auth_v1_auth_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -493,6 +508,68 @@ func file_auth_v1_auth_proto_init() { if File_auth_v1_auth_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_auth_v1_auth_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*AuthNReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_v1_auth_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*AuthNRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_v1_auth_proto_msgTypes[2].Exporter = func(v any, i int) any { + switch v := v.(*AuthZReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_v1_auth_proto_msgTypes[3].Exporter = func(v any, i int) any { + switch v := v.(*AuthZPatReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_auth_v1_auth_proto_msgTypes[4].Exporter = func(v any, i int) any { + switch v := v.(*AuthZRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/grpc/auth/v1/auth_grpc.pb.go b/api/grpc/auth/v1/auth_grpc.pb.go index d85fabae7c..6e65c81fef 100644 --- a/api/grpc/auth/v1/auth_grpc.pb.go +++ b/api/grpc/auth/v1/auth_grpc.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.4.0 +// - protoc v5.27.1 // source: auth/v1/auth.proto package v1 @@ -18,8 +18,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( AuthService_Authorize_FullMethodName = "/auth.v1.AuthService/Authorize" @@ -91,7 +91,7 @@ func (c *authServiceClient) AuthenticatePAT(ctx context.Context, in *AuthNReq, o // AuthServiceServer is the server API for AuthService service. // All implementations must embed UnimplementedAuthServiceServer -// for forward compatibility. +// for forward compatibility // // AuthService is a service that provides authentication // and authorization functionalities for SuperMQ services. @@ -103,12 +103,9 @@ type AuthServiceServer interface { mustEmbedUnimplementedAuthServiceServer() } -// UnimplementedAuthServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedAuthServiceServer struct{} +// UnimplementedAuthServiceServer must be embedded to have forward compatible implementations. +type UnimplementedAuthServiceServer struct { +} func (UnimplementedAuthServiceServer) Authorize(context.Context, *AuthZReq) (*AuthZRes, error) { return nil, status.Errorf(codes.Unimplemented, "method Authorize not implemented") @@ -123,7 +120,6 @@ func (UnimplementedAuthServiceServer) AuthenticatePAT(context.Context, *AuthNReq return nil, status.Errorf(codes.Unimplemented, "method AuthenticatePAT not implemented") } func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {} -func (UnimplementedAuthServiceServer) testEmbeddedByValue() {} // UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to AuthServiceServer will @@ -133,13 +129,6 @@ type UnsafeAuthServiceServer interface { } func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) { - // If the following call pancis, it indicates UnimplementedAuthServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&AuthService_ServiceDesc, srv) } diff --git a/api/grpc/channels/v1/channels.pb.go b/api/grpc/channels/v1/channels.pb.go index d9750f5f7d..39262e0e76 100644 --- a/api/grpc/channels/v1/channels.pb.go +++ b/api/grpc/channels/v1/channels.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: channels/v1/channels.proto package v1 @@ -25,17 +25,20 @@ const ( ) type RemoveClientConnectionsReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` } func (x *RemoveClientConnectionsReq) Reset() { *x = RemoveClientConnectionsReq{} - mi := &file_channels_v1_channels_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_channels_v1_channels_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RemoveClientConnectionsReq) String() string { @@ -46,7 +49,7 @@ func (*RemoveClientConnectionsReq) ProtoMessage() {} func (x *RemoveClientConnectionsReq) ProtoReflect() protoreflect.Message { mi := &file_channels_v1_channels_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -69,16 +72,18 @@ func (x *RemoveClientConnectionsReq) GetClientId() string { } type RemoveClientConnectionsRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields } func (x *RemoveClientConnectionsRes) Reset() { *x = RemoveClientConnectionsRes{} - mi := &file_channels_v1_channels_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_channels_v1_channels_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RemoveClientConnectionsRes) String() string { @@ -89,7 +94,7 @@ func (*RemoveClientConnectionsRes) ProtoMessage() {} func (x *RemoveClientConnectionsRes) ProtoReflect() protoreflect.Message { mi := &file_channels_v1_channels_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -105,17 +110,20 @@ func (*RemoveClientConnectionsRes) Descriptor() ([]byte, []int) { } type UnsetParentGroupFromChannelsReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - ParentGroupId string `protobuf:"bytes,1,opt,name=parent_group_id,json=parentGroupId,proto3" json:"parent_group_id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ParentGroupId string `protobuf:"bytes,1,opt,name=parent_group_id,json=parentGroupId,proto3" json:"parent_group_id,omitempty"` } func (x *UnsetParentGroupFromChannelsReq) Reset() { *x = UnsetParentGroupFromChannelsReq{} - mi := &file_channels_v1_channels_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_channels_v1_channels_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UnsetParentGroupFromChannelsReq) String() string { @@ -126,7 +134,7 @@ func (*UnsetParentGroupFromChannelsReq) ProtoMessage() {} func (x *UnsetParentGroupFromChannelsReq) ProtoReflect() protoreflect.Message { mi := &file_channels_v1_channels_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -149,16 +157,18 @@ func (x *UnsetParentGroupFromChannelsReq) GetParentGroupId() string { } type UnsetParentGroupFromChannelsRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields } func (x *UnsetParentGroupFromChannelsRes) Reset() { *x = UnsetParentGroupFromChannelsRes{} - mi := &file_channels_v1_channels_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_channels_v1_channels_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UnsetParentGroupFromChannelsRes) String() string { @@ -169,7 +179,7 @@ func (*UnsetParentGroupFromChannelsRes) ProtoMessage() {} func (x *UnsetParentGroupFromChannelsRes) ProtoReflect() protoreflect.Message { mi := &file_channels_v1_channels_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -185,21 +195,24 @@ func (*UnsetParentGroupFromChannelsRes) Descriptor() ([]byte, []int) { } type AuthzReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - DomainId string `protobuf:"bytes,1,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` - ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` - ClientType string `protobuf:"bytes,3,opt,name=client_type,json=clientType,proto3" json:"client_type,omitempty"` - ChannelId string `protobuf:"bytes,4,opt,name=channel_id,json=channelId,proto3" json:"channel_id,omitempty"` - Type uint32 `protobuf:"varint,5,opt,name=type,proto3" json:"type,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DomainId string `protobuf:"bytes,1,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` + ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` + ClientType string `protobuf:"bytes,3,opt,name=client_type,json=clientType,proto3" json:"client_type,omitempty"` + ChannelId string `protobuf:"bytes,4,opt,name=channel_id,json=channelId,proto3" json:"channel_id,omitempty"` + Type uint32 `protobuf:"varint,5,opt,name=type,proto3" json:"type,omitempty"` } func (x *AuthzReq) Reset() { *x = AuthzReq{} - mi := &file_channels_v1_channels_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_channels_v1_channels_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthzReq) String() string { @@ -210,7 +223,7 @@ func (*AuthzReq) ProtoMessage() {} func (x *AuthzReq) ProtoReflect() protoreflect.Message { mi := &file_channels_v1_channels_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -261,17 +274,20 @@ func (x *AuthzReq) GetType() uint32 { } type AuthzRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Authorized bool `protobuf:"varint,1,opt,name=authorized,proto3" json:"authorized,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Authorized bool `protobuf:"varint,1,opt,name=authorized,proto3" json:"authorized,omitempty"` } func (x *AuthzRes) Reset() { *x = AuthzRes{} - mi := &file_channels_v1_channels_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_channels_v1_channels_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthzRes) String() string { @@ -282,7 +298,7 @@ func (*AuthzRes) ProtoMessage() {} func (x *AuthzRes) ProtoReflect() protoreflect.Message { mi := &file_channels_v1_channels_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -411,6 +427,80 @@ func file_channels_v1_channels_proto_init() { if File_channels_v1_channels_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_channels_v1_channels_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*RemoveClientConnectionsReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_channels_v1_channels_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*RemoveClientConnectionsRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_channels_v1_channels_proto_msgTypes[2].Exporter = func(v any, i int) any { + switch v := v.(*UnsetParentGroupFromChannelsReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_channels_v1_channels_proto_msgTypes[3].Exporter = func(v any, i int) any { + switch v := v.(*UnsetParentGroupFromChannelsRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_channels_v1_channels_proto_msgTypes[4].Exporter = func(v any, i int) any { + switch v := v.(*AuthzReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_channels_v1_channels_proto_msgTypes[5].Exporter = func(v any, i int) any { + switch v := v.(*AuthzRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/grpc/channels/v1/channels_grpc.pb.go b/api/grpc/channels/v1/channels_grpc.pb.go index 612280b166..8d1a88a3a9 100644 --- a/api/grpc/channels/v1/channels_grpc.pb.go +++ b/api/grpc/channels/v1/channels_grpc.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.4.0 +// - protoc v5.27.1 // source: channels/v1/channels.proto package v1 @@ -19,8 +19,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( ChannelsService_Authorize_FullMethodName = "/channels.v1.ChannelsService/Authorize" @@ -89,7 +89,7 @@ func (c *channelsServiceClient) RetrieveEntity(ctx context.Context, in *v1.Retri // ChannelsServiceServer is the server API for ChannelsService service. // All implementations must embed UnimplementedChannelsServiceServer -// for forward compatibility. +// for forward compatibility type ChannelsServiceServer interface { Authorize(context.Context, *AuthzReq) (*AuthzRes, error) RemoveClientConnections(context.Context, *RemoveClientConnectionsReq) (*RemoveClientConnectionsRes, error) @@ -98,12 +98,9 @@ type ChannelsServiceServer interface { mustEmbedUnimplementedChannelsServiceServer() } -// UnimplementedChannelsServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedChannelsServiceServer struct{} +// UnimplementedChannelsServiceServer must be embedded to have forward compatible implementations. +type UnimplementedChannelsServiceServer struct { +} func (UnimplementedChannelsServiceServer) Authorize(context.Context, *AuthzReq) (*AuthzRes, error) { return nil, status.Errorf(codes.Unimplemented, "method Authorize not implemented") @@ -118,7 +115,6 @@ func (UnimplementedChannelsServiceServer) RetrieveEntity(context.Context, *v1.Re return nil, status.Errorf(codes.Unimplemented, "method RetrieveEntity not implemented") } func (UnimplementedChannelsServiceServer) mustEmbedUnimplementedChannelsServiceServer() {} -func (UnimplementedChannelsServiceServer) testEmbeddedByValue() {} // UnsafeChannelsServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to ChannelsServiceServer will @@ -128,13 +124,6 @@ type UnsafeChannelsServiceServer interface { } func RegisterChannelsServiceServer(s grpc.ServiceRegistrar, srv ChannelsServiceServer) { - // If the following call pancis, it indicates UnimplementedChannelsServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&ChannelsService_ServiceDesc, srv) } diff --git a/api/grpc/clients/v1/clients.pb.go b/api/grpc/clients/v1/clients.pb.go index 5bf1fc93b4..24e2de4eeb 100644 --- a/api/grpc/clients/v1/clients.pb.go +++ b/api/grpc/clients/v1/clients.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: clients/v1/clients.proto package v1 @@ -25,18 +25,21 @@ const ( ) type AuthnReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` - ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` + ClientSecret string `protobuf:"bytes,2,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"` } func (x *AuthnReq) Reset() { *x = AuthnReq{} - mi := &file_clients_v1_clients_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_clients_v1_clients_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthnReq) String() string { @@ -47,7 +50,7 @@ func (*AuthnReq) ProtoMessage() {} func (x *AuthnReq) ProtoReflect() protoreflect.Message { mi := &file_clients_v1_clients_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -77,18 +80,21 @@ func (x *AuthnReq) GetClientSecret() string { } type AuthnRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Authenticated bool `protobuf:"varint,1,opt,name=authenticated,proto3" json:"authenticated,omitempty"` - Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Authenticated bool `protobuf:"varint,1,opt,name=authenticated,proto3" json:"authenticated,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` } func (x *AuthnRes) Reset() { *x = AuthnRes{} - mi := &file_clients_v1_clients_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_clients_v1_clients_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AuthnRes) String() string { @@ -99,7 +105,7 @@ func (*AuthnRes) ProtoMessage() {} func (x *AuthnRes) ProtoReflect() protoreflect.Message { mi := &file_clients_v1_clients_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -129,17 +135,20 @@ func (x *AuthnRes) GetId() string { } type RemoveChannelConnectionsReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - ChannelId string `protobuf:"bytes,1,opt,name=channel_id,json=channelId,proto3" json:"channel_id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ChannelId string `protobuf:"bytes,1,opt,name=channel_id,json=channelId,proto3" json:"channel_id,omitempty"` } func (x *RemoveChannelConnectionsReq) Reset() { *x = RemoveChannelConnectionsReq{} - mi := &file_clients_v1_clients_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_clients_v1_clients_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RemoveChannelConnectionsReq) String() string { @@ -150,7 +159,7 @@ func (*RemoveChannelConnectionsReq) ProtoMessage() {} func (x *RemoveChannelConnectionsReq) ProtoReflect() protoreflect.Message { mi := &file_clients_v1_clients_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -173,16 +182,18 @@ func (x *RemoveChannelConnectionsReq) GetChannelId() string { } type RemoveChannelConnectionsRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields } func (x *RemoveChannelConnectionsRes) Reset() { *x = RemoveChannelConnectionsRes{} - mi := &file_clients_v1_clients_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_clients_v1_clients_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RemoveChannelConnectionsRes) String() string { @@ -193,7 +204,7 @@ func (*RemoveChannelConnectionsRes) ProtoMessage() {} func (x *RemoveChannelConnectionsRes) ProtoReflect() protoreflect.Message { mi := &file_clients_v1_clients_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -209,17 +220,20 @@ func (*RemoveChannelConnectionsRes) Descriptor() ([]byte, []int) { } type UnsetParentGroupFromClientReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - ParentGroupId string `protobuf:"bytes,1,opt,name=parent_group_id,json=parentGroupId,proto3" json:"parent_group_id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ParentGroupId string `protobuf:"bytes,1,opt,name=parent_group_id,json=parentGroupId,proto3" json:"parent_group_id,omitempty"` } func (x *UnsetParentGroupFromClientReq) Reset() { *x = UnsetParentGroupFromClientReq{} - mi := &file_clients_v1_clients_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_clients_v1_clients_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UnsetParentGroupFromClientReq) String() string { @@ -230,7 +244,7 @@ func (*UnsetParentGroupFromClientReq) ProtoMessage() {} func (x *UnsetParentGroupFromClientReq) ProtoReflect() protoreflect.Message { mi := &file_clients_v1_clients_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -253,16 +267,18 @@ func (x *UnsetParentGroupFromClientReq) GetParentGroupId() string { } type UnsetParentGroupFromClientRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields } func (x *UnsetParentGroupFromClientRes) Reset() { *x = UnsetParentGroupFromClientRes{} - mi := &file_clients_v1_clients_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_clients_v1_clients_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *UnsetParentGroupFromClientRes) String() string { @@ -273,7 +289,7 @@ func (*UnsetParentGroupFromClientRes) ProtoMessage() {} func (x *UnsetParentGroupFromClientRes) ProtoReflect() protoreflect.Message { mi := &file_clients_v1_clients_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -419,6 +435,80 @@ func file_clients_v1_clients_proto_init() { if File_clients_v1_clients_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_clients_v1_clients_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*AuthnReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_clients_v1_clients_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*AuthnRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_clients_v1_clients_proto_msgTypes[2].Exporter = func(v any, i int) any { + switch v := v.(*RemoveChannelConnectionsReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_clients_v1_clients_proto_msgTypes[3].Exporter = func(v any, i int) any { + switch v := v.(*RemoveChannelConnectionsRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_clients_v1_clients_proto_msgTypes[4].Exporter = func(v any, i int) any { + switch v := v.(*UnsetParentGroupFromClientReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_clients_v1_clients_proto_msgTypes[5].Exporter = func(v any, i int) any { + switch v := v.(*UnsetParentGroupFromClientRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/grpc/clients/v1/clients_grpc.pb.go b/api/grpc/clients/v1/clients_grpc.pb.go index bd04a8c47f..f1db399d6d 100644 --- a/api/grpc/clients/v1/clients_grpc.pb.go +++ b/api/grpc/clients/v1/clients_grpc.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.4.0 +// - protoc v5.27.1 // source: clients/v1/clients.proto package v1 @@ -19,8 +19,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( ClientsService_Authenticate_FullMethodName = "/clients.v1.ClientsService/Authenticate" @@ -129,7 +129,7 @@ func (c *clientsServiceClient) UnsetParentGroupFromClient(ctx context.Context, i // ClientsServiceServer is the server API for ClientsService service. // All implementations must embed UnimplementedClientsServiceServer -// for forward compatibility. +// for forward compatibility // // ClientsService is a service that provides clients // authorization functionalities for SuperMQ services. @@ -145,12 +145,9 @@ type ClientsServiceServer interface { mustEmbedUnimplementedClientsServiceServer() } -// UnimplementedClientsServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedClientsServiceServer struct{} +// UnimplementedClientsServiceServer must be embedded to have forward compatible implementations. +type UnimplementedClientsServiceServer struct { +} func (UnimplementedClientsServiceServer) Authenticate(context.Context, *AuthnReq) (*AuthnRes, error) { return nil, status.Errorf(codes.Unimplemented, "method Authenticate not implemented") @@ -174,7 +171,6 @@ func (UnimplementedClientsServiceServer) UnsetParentGroupFromClient(context.Cont return nil, status.Errorf(codes.Unimplemented, "method UnsetParentGroupFromClient not implemented") } func (UnimplementedClientsServiceServer) mustEmbedUnimplementedClientsServiceServer() {} -func (UnimplementedClientsServiceServer) testEmbeddedByValue() {} // UnsafeClientsServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to ClientsServiceServer will @@ -184,13 +180,6 @@ type UnsafeClientsServiceServer interface { } func RegisterClientsServiceServer(s grpc.ServiceRegistrar, srv ClientsServiceServer) { - // If the following call pancis, it indicates UnimplementedClientsServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&ClientsService_ServiceDesc, srv) } diff --git a/api/grpc/common/v1/common.pb.go b/api/grpc/common/v1/common.pb.go index 281366d3e6..c1b9bd402c 100644 --- a/api/grpc/common/v1/common.pb.go +++ b/api/grpc/common/v1/common.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: common/v1/common.proto package v1 @@ -24,17 +24,20 @@ const ( ) type RetrieveEntitiesReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Ids []string `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ids []string `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"` } func (x *RetrieveEntitiesReq) Reset() { *x = RetrieveEntitiesReq{} - mi := &file_common_v1_common_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RetrieveEntitiesReq) String() string { @@ -45,7 +48,7 @@ func (*RetrieveEntitiesReq) ProtoMessage() {} func (x *RetrieveEntitiesReq) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -68,20 +71,23 @@ func (x *RetrieveEntitiesReq) GetIds() []string { } type RetrieveEntitiesRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Total uint64 `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"` - Limit uint64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"` - Offset uint64 `protobuf:"varint,3,opt,name=offset,proto3" json:"offset,omitempty"` - Entities []*EntityBasic `protobuf:"bytes,4,rep,name=entities,proto3" json:"entities,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Total uint64 `protobuf:"varint,1,opt,name=total,proto3" json:"total,omitempty"` + Limit uint64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"` + Offset uint64 `protobuf:"varint,3,opt,name=offset,proto3" json:"offset,omitempty"` + Entities []*EntityBasic `protobuf:"bytes,4,rep,name=entities,proto3" json:"entities,omitempty"` } func (x *RetrieveEntitiesRes) Reset() { *x = RetrieveEntitiesRes{} - mi := &file_common_v1_common_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RetrieveEntitiesRes) String() string { @@ -92,7 +98,7 @@ func (*RetrieveEntitiesRes) ProtoMessage() {} func (x *RetrieveEntitiesRes) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -136,17 +142,20 @@ func (x *RetrieveEntitiesRes) GetEntities() []*EntityBasic { } type RetrieveEntityReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` } func (x *RetrieveEntityReq) Reset() { *x = RetrieveEntityReq{} - mi := &file_common_v1_common_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RetrieveEntityReq) String() string { @@ -157,7 +166,7 @@ func (*RetrieveEntityReq) ProtoMessage() {} func (x *RetrieveEntityReq) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -180,17 +189,20 @@ func (x *RetrieveEntityReq) GetId() string { } type RetrieveEntityRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Entity *EntityBasic `protobuf:"bytes,1,opt,name=entity,proto3" json:"entity,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Entity *EntityBasic `protobuf:"bytes,1,opt,name=entity,proto3" json:"entity,omitempty"` } func (x *RetrieveEntityRes) Reset() { *x = RetrieveEntityRes{} - mi := &file_common_v1_common_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RetrieveEntityRes) String() string { @@ -201,7 +213,7 @@ func (*RetrieveEntityRes) ProtoMessage() {} func (x *RetrieveEntityRes) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[3] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -224,20 +236,23 @@ func (x *RetrieveEntityRes) GetEntity() *EntityBasic { } type EntityBasic struct { - state protoimpl.MessageState `protogen:"open.v1"` - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - DomainId string `protobuf:"bytes,2,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` - ParentGroupId string `protobuf:"bytes,3,opt,name=parent_group_id,json=parentGroupId,proto3" json:"parent_group_id,omitempty"` - Status uint32 `protobuf:"varint,4,opt,name=status,proto3" json:"status,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + DomainId string `protobuf:"bytes,2,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` + ParentGroupId string `protobuf:"bytes,3,opt,name=parent_group_id,json=parentGroupId,proto3" json:"parent_group_id,omitempty"` + Status uint32 `protobuf:"varint,4,opt,name=status,proto3" json:"status,omitempty"` } func (x *EntityBasic) Reset() { *x = EntityBasic{} - mi := &file_common_v1_common_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *EntityBasic) String() string { @@ -248,7 +263,7 @@ func (*EntityBasic) ProtoMessage() {} func (x *EntityBasic) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[4] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -292,17 +307,20 @@ func (x *EntityBasic) GetStatus() uint32 { } type AddConnectionsReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Connections []*Connection `protobuf:"bytes,1,rep,name=connections,proto3" json:"connections,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Connections []*Connection `protobuf:"bytes,1,rep,name=connections,proto3" json:"connections,omitempty"` } func (x *AddConnectionsReq) Reset() { *x = AddConnectionsReq{} - mi := &file_common_v1_common_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AddConnectionsReq) String() string { @@ -313,7 +331,7 @@ func (*AddConnectionsReq) ProtoMessage() {} func (x *AddConnectionsReq) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[5] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -336,17 +354,20 @@ func (x *AddConnectionsReq) GetConnections() []*Connection { } type AddConnectionsRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"` } func (x *AddConnectionsRes) Reset() { *x = AddConnectionsRes{} - mi := &file_common_v1_common_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *AddConnectionsRes) String() string { @@ -357,7 +378,7 @@ func (*AddConnectionsRes) ProtoMessage() {} func (x *AddConnectionsRes) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[6] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -380,17 +401,20 @@ func (x *AddConnectionsRes) GetOk() bool { } type RemoveConnectionsReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Connections []*Connection `protobuf:"bytes,1,rep,name=connections,proto3" json:"connections,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Connections []*Connection `protobuf:"bytes,1,rep,name=connections,proto3" json:"connections,omitempty"` } func (x *RemoveConnectionsReq) Reset() { *x = RemoveConnectionsReq{} - mi := &file_common_v1_common_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RemoveConnectionsReq) String() string { @@ -401,7 +425,7 @@ func (*RemoveConnectionsReq) ProtoMessage() {} func (x *RemoveConnectionsReq) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[7] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -424,17 +448,20 @@ func (x *RemoveConnectionsReq) GetConnections() []*Connection { } type RemoveConnectionsRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"` } func (x *RemoveConnectionsRes) Reset() { *x = RemoveConnectionsRes{} - mi := &file_common_v1_common_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RemoveConnectionsRes) String() string { @@ -445,7 +472,7 @@ func (*RemoveConnectionsRes) ProtoMessage() {} func (x *RemoveConnectionsRes) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[8] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -468,20 +495,23 @@ func (x *RemoveConnectionsRes) GetOk() bool { } type Connection struct { - state protoimpl.MessageState `protogen:"open.v1"` - ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` - ChannelId string `protobuf:"bytes,2,opt,name=channel_id,json=channelId,proto3" json:"channel_id,omitempty"` - DomainId string `protobuf:"bytes,3,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` - Type uint32 `protobuf:"varint,4,opt,name=type,proto3" json:"type,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` + ChannelId string `protobuf:"bytes,2,opt,name=channel_id,json=channelId,proto3" json:"channel_id,omitempty"` + DomainId string `protobuf:"bytes,3,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` + Type uint32 `protobuf:"varint,4,opt,name=type,proto3" json:"type,omitempty"` } func (x *Connection) Reset() { *x = Connection{} - mi := &file_common_v1_common_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_common_v1_common_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Connection) String() string { @@ -492,7 +522,7 @@ func (*Connection) ProtoMessage() {} func (x *Connection) ProtoReflect() protoreflect.Message { mi := &file_common_v1_common_proto_msgTypes[9] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -637,6 +667,128 @@ func file_common_v1_common_proto_init() { if File_common_v1_common_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_common_v1_common_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*RetrieveEntitiesReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*RetrieveEntitiesRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[2].Exporter = func(v any, i int) any { + switch v := v.(*RetrieveEntityReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[3].Exporter = func(v any, i int) any { + switch v := v.(*RetrieveEntityRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[4].Exporter = func(v any, i int) any { + switch v := v.(*EntityBasic); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[5].Exporter = func(v any, i int) any { + switch v := v.(*AddConnectionsReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[6].Exporter = func(v any, i int) any { + switch v := v.(*AddConnectionsRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[7].Exporter = func(v any, i int) any { + switch v := v.(*RemoveConnectionsReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[8].Exporter = func(v any, i int) any { + switch v := v.(*RemoveConnectionsRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_common_v1_common_proto_msgTypes[9].Exporter = func(v any, i int) any { + switch v := v.(*Connection); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/grpc/domains/v1/domains.pb.go b/api/grpc/domains/v1/domains.pb.go index 897979d4aa..78f92234f6 100644 --- a/api/grpc/domains/v1/domains.pb.go +++ b/api/grpc/domains/v1/domains.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: domains/v1/domains.proto package v1 @@ -25,17 +25,20 @@ const ( ) type DeleteUserRes struct { - state protoimpl.MessageState `protogen:"open.v1"` - Deleted bool `protobuf:"varint,1,opt,name=deleted,proto3" json:"deleted,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Deleted bool `protobuf:"varint,1,opt,name=deleted,proto3" json:"deleted,omitempty"` } func (x *DeleteUserRes) Reset() { *x = DeleteUserRes{} - mi := &file_domains_v1_domains_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_domains_v1_domains_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DeleteUserRes) String() string { @@ -46,7 +49,7 @@ func (*DeleteUserRes) ProtoMessage() {} func (x *DeleteUserRes) ProtoReflect() protoreflect.Message { mi := &file_domains_v1_domains_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -69,17 +72,20 @@ func (x *DeleteUserRes) GetDeleted() bool { } type DeleteUserReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` } func (x *DeleteUserReq) Reset() { *x = DeleteUserReq{} - mi := &file_domains_v1_domains_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_domains_v1_domains_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *DeleteUserReq) String() string { @@ -90,7 +96,7 @@ func (*DeleteUserReq) ProtoMessage() {} func (x *DeleteUserReq) ProtoReflect() protoreflect.Message { mi := &file_domains_v1_domains_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -177,6 +183,32 @@ func file_domains_v1_domains_proto_init() { if File_domains_v1_domains_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_domains_v1_domains_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*DeleteUserRes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_domains_v1_domains_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*DeleteUserReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/api/grpc/domains/v1/domains_grpc.pb.go b/api/grpc/domains/v1/domains_grpc.pb.go index 90b85349f8..e92c95153e 100644 --- a/api/grpc/domains/v1/domains_grpc.pb.go +++ b/api/grpc/domains/v1/domains_grpc.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.4.0 +// - protoc v5.27.1 // source: domains/v1/domains.proto package v1 @@ -19,8 +19,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( DomainsService_DeleteUserFromDomains_FullMethodName = "/domains.v1.DomainsService/DeleteUserFromDomains" @@ -68,7 +68,7 @@ func (c *domainsServiceClient) RetrieveEntity(ctx context.Context, in *v1.Retrie // DomainsServiceServer is the server API for DomainsService service. // All implementations must embed UnimplementedDomainsServiceServer -// for forward compatibility. +// for forward compatibility // // DomainsService is a service that provides access to // domains functionalities for SuperMQ services. @@ -78,12 +78,9 @@ type DomainsServiceServer interface { mustEmbedUnimplementedDomainsServiceServer() } -// UnimplementedDomainsServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedDomainsServiceServer struct{} +// UnimplementedDomainsServiceServer must be embedded to have forward compatible implementations. +type UnimplementedDomainsServiceServer struct { +} func (UnimplementedDomainsServiceServer) DeleteUserFromDomains(context.Context, *DeleteUserReq) (*DeleteUserRes, error) { return nil, status.Errorf(codes.Unimplemented, "method DeleteUserFromDomains not implemented") @@ -92,7 +89,6 @@ func (UnimplementedDomainsServiceServer) RetrieveEntity(context.Context, *v1.Ret return nil, status.Errorf(codes.Unimplemented, "method RetrieveEntity not implemented") } func (UnimplementedDomainsServiceServer) mustEmbedUnimplementedDomainsServiceServer() {} -func (UnimplementedDomainsServiceServer) testEmbeddedByValue() {} // UnsafeDomainsServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to DomainsServiceServer will @@ -102,13 +98,6 @@ type UnsafeDomainsServiceServer interface { } func RegisterDomainsServiceServer(s grpc.ServiceRegistrar, srv DomainsServiceServer) { - // If the following call pancis, it indicates UnimplementedDomainsServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&DomainsService_ServiceDesc, srv) } diff --git a/api/grpc/groups/v1/groups.pb.go b/api/grpc/groups/v1/groups.pb.go index b6ea939b4d..e417290f33 100644 --- a/api/grpc/groups/v1/groups.pb.go +++ b/api/grpc/groups/v1/groups.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: groups/v1/groups.proto package v1 diff --git a/api/grpc/groups/v1/groups_grpc.pb.go b/api/grpc/groups/v1/groups_grpc.pb.go index d362f88c2b..c9c55f598d 100644 --- a/api/grpc/groups/v1/groups_grpc.pb.go +++ b/api/grpc/groups/v1/groups_grpc.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.4.0 +// - protoc v5.27.1 // source: groups/v1/groups.proto package v1 @@ -19,8 +19,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( GroupsService_RetrieveEntity_FullMethodName = "/groups.v1.GroupsService/RetrieveEntity" @@ -56,7 +56,7 @@ func (c *groupsServiceClient) RetrieveEntity(ctx context.Context, in *v1.Retriev // GroupsServiceServer is the server API for GroupsService service. // All implementations must embed UnimplementedGroupsServiceServer -// for forward compatibility. +// for forward compatibility // // GroupssService is a service that provides groups // functionalities for SuperMQ services. @@ -65,18 +65,14 @@ type GroupsServiceServer interface { mustEmbedUnimplementedGroupsServiceServer() } -// UnimplementedGroupsServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedGroupsServiceServer struct{} +// UnimplementedGroupsServiceServer must be embedded to have forward compatible implementations. +type UnimplementedGroupsServiceServer struct { +} func (UnimplementedGroupsServiceServer) RetrieveEntity(context.Context, *v1.RetrieveEntityReq) (*v1.RetrieveEntityRes, error) { return nil, status.Errorf(codes.Unimplemented, "method RetrieveEntity not implemented") } func (UnimplementedGroupsServiceServer) mustEmbedUnimplementedGroupsServiceServer() {} -func (UnimplementedGroupsServiceServer) testEmbeddedByValue() {} // UnsafeGroupsServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to GroupsServiceServer will @@ -86,13 +82,6 @@ type UnsafeGroupsServiceServer interface { } func RegisterGroupsServiceServer(s grpc.ServiceRegistrar, srv GroupsServiceServer) { - // If the following call pancis, it indicates UnimplementedGroupsServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&GroupsService_ServiceDesc, srv) } diff --git a/api/grpc/token/v1/token.pb.go b/api/grpc/token/v1/token.pb.go index 54e897e51f..9a6ae98193 100644 --- a/api/grpc/token/v1/token.pb.go +++ b/api/grpc/token/v1/token.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: token/v1/token.proto package v1 @@ -24,18 +24,21 @@ const ( ) type IssueReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` - Type uint32 `protobuf:"varint,3,opt,name=type,proto3" json:"type,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` + Type uint32 `protobuf:"varint,3,opt,name=type,proto3" json:"type,omitempty"` } func (x *IssueReq) Reset() { *x = IssueReq{} - mi := &file_token_v1_token_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_token_v1_token_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *IssueReq) String() string { @@ -46,7 +49,7 @@ func (*IssueReq) ProtoMessage() {} func (x *IssueReq) ProtoReflect() protoreflect.Message { mi := &file_token_v1_token_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -76,17 +79,20 @@ func (x *IssueReq) GetType() uint32 { } type RefreshReq struct { - state protoimpl.MessageState `protogen:"open.v1"` - RefreshToken string `protobuf:"bytes,1,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RefreshToken string `protobuf:"bytes,1,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"` } func (x *RefreshReq) Reset() { *x = RefreshReq{} - mi := &file_token_v1_token_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_token_v1_token_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *RefreshReq) String() string { @@ -97,7 +103,7 @@ func (*RefreshReq) ProtoMessage() {} func (x *RefreshReq) ProtoReflect() protoreflect.Message { mi := &file_token_v1_token_proto_msgTypes[1] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -123,19 +129,22 @@ func (x *RefreshReq) GetRefreshToken() string { // field can be used to determine how to validate the token. // Also, different tokens can be encoded in different ways. type Token struct { - state protoimpl.MessageState `protogen:"open.v1"` - AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` - RefreshToken *string `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3,oneof" json:"refresh_token,omitempty"` - AccessType string `protobuf:"bytes,3,opt,name=access_type,json=accessType,proto3" json:"access_type,omitempty"` - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` + RefreshToken *string `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3,oneof" json:"refresh_token,omitempty"` + AccessType string `protobuf:"bytes,3,opt,name=access_type,json=accessType,proto3" json:"access_type,omitempty"` } func (x *Token) Reset() { *x = Token{} - mi := &file_token_v1_token_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_token_v1_token_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Token) String() string { @@ -146,7 +155,7 @@ func (*Token) ProtoMessage() {} func (x *Token) ProtoReflect() protoreflect.Message { mi := &file_token_v1_token_proto_msgTypes[2] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -251,6 +260,44 @@ func file_token_v1_token_proto_init() { if File_token_v1_token_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_token_v1_token_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*IssueReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_token_v1_token_proto_msgTypes[1].Exporter = func(v any, i int) any { + switch v := v.(*RefreshReq); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_token_v1_token_proto_msgTypes[2].Exporter = func(v any, i int) any { + switch v := v.(*Token); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } file_token_v1_token_proto_msgTypes[2].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ diff --git a/api/grpc/token/v1/token_grpc.pb.go b/api/grpc/token/v1/token_grpc.pb.go index f3adacfb70..bd0768a51e 100644 --- a/api/grpc/token/v1/token_grpc.pb.go +++ b/api/grpc/token/v1/token_grpc.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.29.0 +// - protoc-gen-go-grpc v1.4.0 +// - protoc v5.27.1 // source: token/v1/token.proto package v1 @@ -18,8 +18,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.64.0 or later. -const _ = grpc.SupportPackageIsVersion9 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( TokenService_Issue_FullMethodName = "/token.v1.TokenService/Issue" @@ -64,19 +64,16 @@ func (c *tokenServiceClient) Refresh(ctx context.Context, in *RefreshReq, opts . // TokenServiceServer is the server API for TokenService service. // All implementations must embed UnimplementedTokenServiceServer -// for forward compatibility. +// for forward compatibility type TokenServiceServer interface { Issue(context.Context, *IssueReq) (*Token, error) Refresh(context.Context, *RefreshReq) (*Token, error) mustEmbedUnimplementedTokenServiceServer() } -// UnimplementedTokenServiceServer must be embedded to have -// forward compatible implementations. -// -// NOTE: this should be embedded by value instead of pointer to avoid a nil -// pointer dereference when methods are called. -type UnimplementedTokenServiceServer struct{} +// UnimplementedTokenServiceServer must be embedded to have forward compatible implementations. +type UnimplementedTokenServiceServer struct { +} func (UnimplementedTokenServiceServer) Issue(context.Context, *IssueReq) (*Token, error) { return nil, status.Errorf(codes.Unimplemented, "method Issue not implemented") @@ -85,7 +82,6 @@ func (UnimplementedTokenServiceServer) Refresh(context.Context, *RefreshReq) (*T return nil, status.Errorf(codes.Unimplemented, "method Refresh not implemented") } func (UnimplementedTokenServiceServer) mustEmbedUnimplementedTokenServiceServer() {} -func (UnimplementedTokenServiceServer) testEmbeddedByValue() {} // UnsafeTokenServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to TokenServiceServer will @@ -95,13 +91,6 @@ type UnsafeTokenServiceServer interface { } func RegisterTokenServiceServer(s grpc.ServiceRegistrar, srv TokenServiceServer) { - // If the following call pancis, it indicates UnimplementedTokenServiceServer was - // embedded by pointer and is nil. This will cause panics if an - // unimplemented method is ever invoked, so we test this at initialization - // time to prevent it from happening at runtime later due to I/O. - if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { - t.testEmbeddedByValue() - } s.RegisterService(&TokenService_ServiceDesc, srv) } diff --git a/api/http/authn.go b/api/http/authn.go index ee9e394f3a..b714a15085 100644 --- a/api/http/authn.go +++ b/api/http/authn.go @@ -8,7 +8,6 @@ import ( "net/http" apiutil "github.com/absmach/supermq/api/http/util" - "github.com/absmach/supermq/auth" smqauthn "github.com/absmach/supermq/pkg/authn" "github.com/go-chi/chi/v5" ) @@ -38,7 +37,6 @@ func AuthenticateMiddleware(authn smqauthn.Authentication, domainCheck bool) fun return } resp.DomainID = domain - resp.DomainUserID = auth.EncodeDomainUserID(domain, resp.UserID) } ctx := context.WithValue(r.Context(), SessionKey, resp) diff --git a/auth/service.go b/auth/service.go index bf31a40850..11120b1024 100644 --- a/auth/service.go +++ b/auth/service.go @@ -356,10 +356,9 @@ func (svc service) checkUserDomain(ctx context.Context, key Key) (subject string }); err == nil { return key.User, nil } - // Check user is domain member. - domainUserSubject := EncodeDomainUserID(key.Domain, key.User) + if err = svc.Authorize(ctx, policies.Policy{ - Subject: domainUserSubject, + Subject: key.User, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: key.Domain, @@ -367,7 +366,7 @@ func (svc service) checkUserDomain(ctx context.Context, key Key) (subject string }); err != nil { return "", err } - return domainUserSubject, nil + return key.User, nil } return "", nil } @@ -432,31 +431,6 @@ func SwitchToPermission(relation string) string { } } -func EncodeDomainUserID(domainID, userID string) string { - if domainID == "" || userID == "" { - return "" - } - return domainID + "_" + userID -} - -func DecodeDomainUserID(domainUserID string) (string, string) { - if domainUserID == "" { - return domainUserID, domainUserID - } - duid := strings.Split(domainUserID, "_") - - switch { - case len(duid) == 2: - return duid[0], duid[1] - case len(duid) == 1: - return duid[0], "" - case len(duid) == 0 || len(duid) > 2: - fallthrough - default: - return "", "" - } -} - func (svc service) CreatePAT(ctx context.Context, token, name, description string, duration time.Duration, scope Scope) (PAT, error) { key, err := svc.Identify(ctx, token) if err != nil { diff --git a/auth/service_test.go b/auth/service_test.go index 18115fd4c7..cfb62a13e4 100644 --- a/auth/service_test.go +++ b/auth/service_test.go @@ -421,14 +421,14 @@ func TestIssue(t *testing.T) { ObjectType: policies.PlatformType, }, checkDomainMemberReq: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, ObjectType: policies.DomainType, }, checkDomainMemberReq1: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, @@ -455,7 +455,7 @@ func TestIssue(t *testing.T) { ObjectType: policies.PlatformType, }, checkDomainMemberReq: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, @@ -552,14 +552,14 @@ func TestIssue(t *testing.T) { ObjectType: policies.PlatformType, }, checkDomainMemberReq: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, ObjectType: policies.DomainType, }, checkDomainMemberReq1: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, @@ -586,14 +586,14 @@ func TestIssue(t *testing.T) { ObjectType: policies.PlatformType, }, checkDomainMemberReq: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, ObjectType: policies.DomainType, }, checkDomainMemberReq1: policies.Policy{ - Subject: auth.EncodeDomainUserID(domainID, userID), + Subject: userID, SubjectType: policies.UserType, Permission: policies.MembershipPermission, Object: domainID, @@ -1163,82 +1163,3 @@ func TestSwitchToPermission(t *testing.T) { assert.Equal(t, tc.result, result, fmt.Sprintf("switching to permission expected to succeed: %s", result)) } } - -func TestEncodeDomainUserID(t *testing.T) { - cases := []struct { - desc string - domainID string - userID string - response string - }{ - { - desc: "encode domain user id successfully", - domainID: validID, - userID: validID, - response: validID + "_" + validID, - }, - { - desc: "encode domain user id with empty userID", - domainID: validID, - userID: "", - response: "", - }, - { - desc: "encode domain user id with empty domain ID", - domainID: "", - userID: validID, - response: "", - }, - { - desc: "encode domain user id with empty domain ID and userID", - domainID: "", - userID: "", - response: "", - }, - } - - for _, tc := range cases { - ar := auth.EncodeDomainUserID(tc.domainID, tc.userID) - assert.Equal(t, tc.response, ar, fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.response, ar)) - } -} - -func TestDecodeDomainUserID(t *testing.T) { - cases := []struct { - desc string - domainUserID string - respDomainID string - respUserID string - }{ - { - desc: "decode domain user id successfully", - domainUserID: validID + "_" + validID, - respDomainID: validID, - respUserID: validID, - }, - { - desc: "decode domain user id with empty domainUserID", - domainUserID: "", - respDomainID: "", - respUserID: "", - }, - { - desc: "decode domain user id with empty UserID", - domainUserID: validID, - respDomainID: validID, - respUserID: "", - }, - { - desc: "decode domain user id with invalid domainuserId", - domainUserID: validID + "_" + validID + "_" + validID + "_" + validID, - respDomainID: "", - respUserID: "", - }, - } - - for _, tc := range cases { - ar, er := auth.DecodeDomainUserID(tc.domainUserID) - assert.Equal(t, tc.respUserID, er, fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.respUserID, er)) - assert.Equal(t, tc.respDomainID, ar, fmt.Sprintf("%s expected %s got %s\n", tc.desc, tc.respDomainID, ar)) - } -} diff --git a/certs/api/endpoint_test.go b/certs/api/endpoint_test.go index 66be87e00d..f0e086c3f9 100644 --- a/certs/api/endpoint_test.go +++ b/certs/api/endpoint_test.go @@ -224,7 +224,7 @@ func TestIssueCert(t *testing.T) { body: strings.NewReader(tc.request), } if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("IssueCert", mock.Anything, tc.domainID, tc.token, tc.clientID, tc.ttl).Return(tc.svcRes, tc.svcErr) @@ -310,7 +310,7 @@ func TestViewCert(t *testing.T) { token: tc.token, } if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ViewCert", mock.Anything, tc.serialID).Return(tc.svcRes, tc.svcErr) @@ -403,7 +403,7 @@ func TestRevokeCert(t *testing.T) { token: tc.token, } if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("RevokeCert", mock.Anything, tc.domainID, tc.token, tc.serialID).Return(tc.svcRes, tc.svcErr) @@ -646,7 +646,7 @@ func TestListSerials(t *testing.T) { token: tc.token, } if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ListSerials", mock.Anything, tc.clientID, certs.PageMetadata{Revoked: tc.revoked, Offset: tc.offset, Limit: tc.limit}).Return(tc.svcRes, tc.svcErr) diff --git a/channels/api/http/endpoint_test.go b/channels/api/http/endpoint_test.go index d5c4243781..10def5adaa 100644 --- a/channels/api/http/endpoint_test.go +++ b/channels/api/http/endpoint_test.go @@ -174,7 +174,7 @@ func TestCreateChannelEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("CreateChannels", mock.Anything, tc.session, tc.req).Return(tc.svcResp, []roles.RoleProvision{}, tc.svcErr) @@ -310,7 +310,7 @@ func TestCreateChannelsEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("CreateChannels", mock.Anything, tc.session, tc.req[0]).Return(tc.svcResp, []roles.RoleProvision{}, tc.svcErr) @@ -407,7 +407,7 @@ func TestViewChannelEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("ViewChannel", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) @@ -714,7 +714,7 @@ func TestListChannels(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("ListChannels", mock.Anything, tc.session, mock.Anything).Return(tc.listChannelsResponse, tc.err) @@ -857,7 +857,7 @@ func TestUpdateChannelEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("UpdateChannel", mock.Anything, tc.session, tc.updateReq).Return(tc.svcResp, tc.svcErr) @@ -997,7 +997,7 @@ func TestUpdateChannelTagsEndpoint(t *testing.T) { body: strings.NewReader(tc.data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("UpdateChannelTags", mock.Anything, tc.session, channels.Channel{ID: tc.id, Tags: []string{newTag}}).Return(tc.svcResp, tc.svcErr) @@ -1139,7 +1139,7 @@ func TestSetChannelParentGroupEndpoint(t *testing.T) { body: strings.NewReader(tc.data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("SetParentGroup", mock.Anything, tc.session, validID, tc.id).Return(tc.svcErr) @@ -1227,7 +1227,7 @@ func TestRemoveChannelParentGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RemoveParentGroup", mock.Anything, tc.session, tc.id).Return(tc.svcErr) @@ -1323,7 +1323,7 @@ func TestEnableChannelEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("EnableChannel", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) @@ -1426,7 +1426,7 @@ func TestDisableChannelEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("DisableChannel", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) @@ -1535,7 +1535,7 @@ func TestConnectChannelClientEndpoint(t *testing.T) { body: strings.NewReader(tc.data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("Connect", mock.Anything, tc.session, []string{tc.id}, []string{validID}, []connections.ConnType{1}).Return(tc.svcErr) @@ -1637,7 +1637,7 @@ func TestDisconnectChannelClientEndpoint(t *testing.T) { body: strings.NewReader(tc.data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("Disconnect", mock.Anything, tc.session, []string{tc.id}, []string{validID}, []connections.ConnType{1}).Return(tc.svcErr) @@ -1767,7 +1767,7 @@ func TestConnectEndpoint(t *testing.T) { })), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("Connect", mock.Anything, tc.session, tc.channelIDs, tc.clientIDs, tc.types).Return(tc.svcErr) @@ -1897,7 +1897,7 @@ func TestDisconnectEndpoint(t *testing.T) { })), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("Disconnect", mock.Anything, tc.session, tc.channelIDs, tc.clientIDs, tc.types).Return(tc.svcErr) @@ -1980,7 +1980,7 @@ func TestDeleteChannelEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RemoveChannel", mock.Anything, tc.session, tc.id).Return(tc.svcErr) diff --git a/channels/middleware/authorization.go b/channels/middleware/authorization.go index ebf0ff19ec..584f048422 100644 --- a/channels/middleware/authorization.go +++ b/channels/middleware/authorization.go @@ -100,7 +100,7 @@ func (am *authorizationMiddleware) CreateChannels(ctx context.Context, session a if err := am.extAuthorize(ctx, channels.DomainOpCreateChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.DomainType, Object: session.DomainID, }); err != nil { @@ -112,7 +112,7 @@ func (am *authorizationMiddleware) CreateChannels(ctx context.Context, session a if err := am.extAuthorize(ctx, channels.GroupOpSetChildChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.GroupType, Object: ch.ParentGroup, }); err != nil { @@ -141,7 +141,7 @@ func (am *authorizationMiddleware) ViewChannel(ctx context.Context, session auth if err := am.authorize(ctx, channels.OpViewChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: id, }); err != nil { @@ -209,7 +209,7 @@ func (am *authorizationMiddleware) UpdateChannel(ctx context.Context, session au if err := am.authorize(ctx, channels.OpUpdateChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: channel.ID, }); err != nil { @@ -236,7 +236,7 @@ func (am *authorizationMiddleware) UpdateChannelTags(ctx context.Context, sessio if err := am.authorize(ctx, channels.OpUpdateChannelTags, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: channel.ID, }); err != nil { @@ -263,7 +263,7 @@ func (am *authorizationMiddleware) EnableChannel(ctx context.Context, session au if err := am.authorize(ctx, channels.OpEnableChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: id, }); err != nil { @@ -290,7 +290,7 @@ func (am *authorizationMiddleware) DisableChannel(ctx context.Context, session a if err := am.authorize(ctx, channels.OpDisableChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: id, }); err != nil { @@ -317,7 +317,7 @@ func (am *authorizationMiddleware) RemoveChannel(ctx context.Context, session au if err := am.authorize(ctx, channels.OpDeleteChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: id, }); err != nil { @@ -356,7 +356,7 @@ func (am *authorizationMiddleware) Connect(ctx context.Context, session authn.Se if err := am.authorize(ctx, channels.OpConnectClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: chID, }); err != nil { @@ -368,7 +368,7 @@ func (am *authorizationMiddleware) Connect(ctx context.Context, session authn.Se if err := am.extAuthorize(ctx, channels.ClientsOpConnectChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: thID, }); err != nil { @@ -409,7 +409,7 @@ func (am *authorizationMiddleware) Disconnect(ctx context.Context, session authn if err := am.authorize(ctx, channels.OpDisconnectClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: chID, }); err != nil { @@ -421,7 +421,7 @@ func (am *authorizationMiddleware) Disconnect(ctx context.Context, session authn if err := am.extAuthorize(ctx, channels.ClientsOpDisconnectChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: thID, }); err != nil { @@ -449,7 +449,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a if err := am.authorize(ctx, channels.OpSetParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: id, }); err != nil { @@ -459,7 +459,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a if err := am.extAuthorize(ctx, channels.GroupOpSetChildChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.GroupType, Object: parentGroupID, }); err != nil { @@ -486,7 +486,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio if err := am.authorize(ctx, channels.OpSetParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ChannelType, Object: id, }); err != nil { @@ -501,7 +501,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio if err := am.extAuthorize(ctx, channels.GroupOpSetChildChannel, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.GroupType, Object: ch.ParentGroup, }); err != nil { diff --git a/channels/private/service.go b/channels/private/service.go index ec06c1c3bf..f569caae89 100644 --- a/channels/private/service.go +++ b/channels/private/service.go @@ -6,7 +6,6 @@ package private import ( "context" - "github.com/absmach/supermq/auth" "github.com/absmach/supermq/channels" "github.com/absmach/supermq/pkg/errors" svcerr "github.com/absmach/supermq/pkg/errors/service" @@ -41,7 +40,7 @@ func (svc service) Authorize(ctx context.Context, req channels.AuthzReq) error { return err } pr := policies.Policy{ - Subject: auth.EncodeDomainUserID(req.DomainID, req.ClientID), + Subject: req.ClientID, SubjectType: policies.UserType, Object: req.ChannelID, Permission: permission, diff --git a/channels/service.go b/channels/service.go index c2d614c401..26771fe00f 100644 --- a/channels/service.go +++ b/channels/service.go @@ -253,7 +253,7 @@ func (svc service) RemoveChannel(ctx context.Context, session authn.Session, id }, } - if err := svc.RemoveEntitiesRoles(ctx, session.DomainID, session.DomainUserID, []string{id}, filterDeletePolicies, deletePolicies); err != nil { + if err := svc.RemoveEntitiesRoles(ctx, session.DomainID, session.UserID, []string{id}, filterDeletePolicies, deletePolicies); err != nil { return errors.Wrap(svcerr.ErrDeletePolicies, err) } diff --git a/channels/service_test.go b/channels/service_test.go index 3353946827..e0fe2723a7 100644 --- a/channels/service_test.go +++ b/channels/service_test.go @@ -49,7 +49,7 @@ var ( } parentGroupID = testsutil.GenerateUUID(&testing.T{}) validID = testsutil.GenerateUUID(&testing.T{}) - validSession = authn.Session{UserID: validID, DomainID: validID, DomainUserID: validID} + validSession = authn.Session{UserID: validID, DomainID: validID} errRollbackRoles = errors.New("failed to rollback roles") ) diff --git a/clients/api/http/endpoints_test.go b/clients/api/http/endpoints_test.go index 8104737cc3..80fe600dc2 100644 --- a/clients/api/http/endpoints_test.go +++ b/clients/api/http/endpoints_test.go @@ -119,7 +119,7 @@ func TestCreateClient(t *testing.T) { client: client, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusCreated, err: nil, @@ -129,7 +129,7 @@ func TestCreateClient(t *testing.T) { client: client, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusConflict, err: svcerr.ErrConflict, @@ -155,7 +155,7 @@ func TestCreateClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -173,7 +173,7 @@ func TestCreateClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, err: errors.ErrMalformedEntity, @@ -190,7 +190,7 @@ func TestCreateClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, err: svcerr.ErrInvalidStatus, @@ -206,7 +206,7 @@ func TestCreateClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: "application/xml", status: http.StatusUnsupportedMediaType, err: apiutil.ErrValidation, @@ -280,7 +280,7 @@ func TestCreateClients(t *testing.T) { client: items, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusOK, err: nil, @@ -310,7 +310,7 @@ func TestCreateClients(t *testing.T) { client: []clients.Client{}, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -331,7 +331,7 @@ func TestCreateClients(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -345,7 +345,7 @@ func TestCreateClients(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: "application/xml", status: http.StatusUnsupportedMediaType, err: apiutil.ErrValidation, @@ -367,7 +367,7 @@ func TestCreateClients(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: errors.ErrMalformedEntity, }, @@ -377,7 +377,7 @@ func TestCreateClients(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusUnprocessableEntity, err: svcerr.ErrCreateEntity, }, @@ -434,7 +434,7 @@ func TestListClients(t *testing.T) { desc: "list clients as admin with valid token", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, status: http.StatusOK, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ @@ -448,7 +448,7 @@ func TestListClients(t *testing.T) { desc: "list clients as non admin with valid token", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, status: http.StatusOK, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ @@ -477,7 +477,7 @@ func TestListClients(t *testing.T) { desc: "list clients with offset", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Offset: 1, @@ -493,7 +493,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid offset", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "offset=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -502,7 +502,7 @@ func TestListClients(t *testing.T) { desc: "list clients with limit", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Limit: 1, @@ -518,7 +518,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid limit", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "limit=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -527,7 +527,7 @@ func TestListClients(t *testing.T) { desc: "list clients with limit greater than max", token: validToken, domainID: domainID, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: fmt.Sprintf("limit=%d", api.MaxLimitSize+1), status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -536,7 +536,7 @@ func TestListClients(t *testing.T) { desc: "list clients with name", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Total: 1, @@ -551,7 +551,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid name", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "name=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -560,7 +560,7 @@ func TestListClients(t *testing.T) { desc: "list clients with duplicate name", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "name=1&name=2", status: http.StatusBadRequest, err: apiutil.ErrInvalidQueryParams, @@ -569,7 +569,7 @@ func TestListClients(t *testing.T) { desc: "list clients with status", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Total: 1, @@ -584,7 +584,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid status", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "status=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -593,7 +593,7 @@ func TestListClients(t *testing.T) { desc: "list clients with duplicate status", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "status=enabled&status=disabled", status: http.StatusBadRequest, err: apiutil.ErrInvalidQueryParams, @@ -602,7 +602,7 @@ func TestListClients(t *testing.T) { desc: "list clients with tags", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Total: 1, @@ -617,7 +617,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid tags", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "tag=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -626,7 +626,7 @@ func TestListClients(t *testing.T) { desc: "list clients with duplicate tags", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "tag=tag1&tag=tag2", status: http.StatusBadRequest, err: apiutil.ErrInvalidQueryParams, @@ -635,7 +635,7 @@ func TestListClients(t *testing.T) { desc: "list clients with metadata", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Total: 1, @@ -650,7 +650,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid metadata", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "metadata=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -659,7 +659,7 @@ func TestListClients(t *testing.T) { desc: "list clients with duplicate metadata", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "metadata=%7B%22domain%22%3A%20%22example.com%22%7D&metadata=%7B%22domain%22%3A%20%22example.com%22%7D", status: http.StatusBadRequest, err: apiutil.ErrInvalidQueryParams, @@ -668,7 +668,7 @@ func TestListClients(t *testing.T) { desc: "list clients with permissions", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Total: 1, @@ -683,7 +683,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid permissions", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "permission=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -692,7 +692,7 @@ func TestListClients(t *testing.T) { desc: "list clients with duplicate permissions", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "permission=view&permission=view", status: http.StatusBadRequest, err: apiutil.ErrInvalidQueryParams, @@ -701,7 +701,7 @@ func TestListClients(t *testing.T) { desc: "list clients with list perms", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, listClientsResponse: clients.ClientsPage{ Page: clients.Page{ Total: 1, @@ -716,7 +716,7 @@ func TestListClients(t *testing.T) { desc: "list clients with invalid list perms", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "list_perms=invalid", status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -725,7 +725,7 @@ func TestListClients(t *testing.T) { desc: "list clients with duplicate list perms", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID, SuperAdmin: false}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, SuperAdmin: false}, query: "list_perms=true&listPerms=true", status: http.StatusBadRequest, err: apiutil.ErrInvalidQueryParams, @@ -779,7 +779,7 @@ func TestViewClient(t *testing.T) { desc: "view client with valid token", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, id: client.ID, status: http.StatusOK, @@ -806,7 +806,7 @@ func TestViewClient(t *testing.T) { desc: "view client with invalid id", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, id: inValid, status: http.StatusForbidden, @@ -866,7 +866,7 @@ func TestUpdateClient(t *testing.T) { desc: "update client with valid token", domainID: domainID, id: client.ID, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, data: fmt.Sprintf(`{"name":"%s","tags":["%s"],"metadata":%s}`, newName, newTag, toJSON(newMetadata)), token: validToken, contentType: contentType, @@ -907,7 +907,7 @@ func TestUpdateClient(t *testing.T) { data: fmt.Sprintf(`{"name":"%s","tags":["%s"],"metadata":%s}`, newName, newTag, toJSON(newMetadata)), domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: "application/xml", status: http.StatusUnsupportedMediaType, @@ -919,7 +919,7 @@ func TestUpdateClient(t *testing.T) { data: fmt.Sprintf(`{"name":%s}`, "invalid"), domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, @@ -931,7 +931,7 @@ func TestUpdateClient(t *testing.T) { data: fmt.Sprintf(`{"name":"%s","tags":["%s"],"metadata":%s}`, newName, newTag, toJSON(newMetadata)), domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, contentType: contentType, status: http.StatusBadRequest, @@ -940,7 +940,7 @@ func TestUpdateClient(t *testing.T) { { desc: "update client with name that is too long", id: client.ID, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, data: fmt.Sprintf(`{"name":"%s","tags":["%s"],"metadata":%s}`, strings.Repeat("a", api.MaxNameSize+1), newTag, toJSON(newMetadata)), domainID: domainID, token: validToken, @@ -1015,7 +1015,7 @@ func TestUpdateClientsTags(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusOK, err: nil, @@ -1048,7 +1048,7 @@ func TestUpdateClientsTags(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusForbidden, err: svcerr.ErrAuthorization, @@ -1060,7 +1060,7 @@ func TestUpdateClientsTags(t *testing.T) { contentType: "application/xml", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusUnsupportedMediaType, err: apiutil.ErrValidation, }, @@ -1071,7 +1071,7 @@ func TestUpdateClientsTags(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -1083,7 +1083,7 @@ func TestUpdateClientsTags(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: errors.ErrMalformedEntity, @@ -1148,7 +1148,7 @@ func TestUpdateClientSecret(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusOK, err: nil, }, @@ -1198,7 +1198,7 @@ func TestUpdateClientSecret(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrValidation, }, @@ -1215,7 +1215,7 @@ func TestUpdateClientSecret(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -1233,7 +1233,7 @@ func TestUpdateClientSecret(t *testing.T) { contentType: "application/xml", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusUnsupportedMediaType, err: apiutil.ErrValidation, @@ -1251,7 +1251,7 @@ func TestUpdateClientSecret(t *testing.T) { contentType: contentType, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -1311,7 +1311,7 @@ func TestEnableClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusOK, err: nil, @@ -1332,7 +1332,7 @@ func TestEnableClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -1396,7 +1396,7 @@ func TestDisableClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusOK, err: nil, @@ -1417,7 +1417,7 @@ func TestDisableClient(t *testing.T) { }, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrValidation, @@ -1476,7 +1476,7 @@ func TestDeleteClient(t *testing.T) { id: client.ID, domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusNoContent, err: nil, @@ -1504,7 +1504,7 @@ func TestDeleteClient(t *testing.T) { id: " ", domainID: domainID, token: validToken, - authnRes: smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, err: apiutil.ErrMissingID, @@ -1653,7 +1653,7 @@ func TestSetClientParentGroupEndpoint(t *testing.T) { body: strings.NewReader(tc.data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("SetParentGroup", mock.Anything, tc.session, validID, tc.id).Return(tc.svcErr) @@ -1741,7 +1741,7 @@ func TestRemoveClientParentGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RemoveParentGroup", mock.Anything, tc.session, tc.id).Return(tc.svcErr) diff --git a/clients/middleware/authorization.go b/clients/middleware/authorization.go index 8a3483b601..1c1ae6c035 100644 --- a/clients/middleware/authorization.go +++ b/clients/middleware/authorization.go @@ -92,7 +92,7 @@ func (am *authorizationMiddleware) CreateClients(ctx context.Context, session au if err := am.extAuthorize(ctx, clients.DomainOpCreateClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.DomainType, Object: session.DomainID, }); err != nil { @@ -120,7 +120,7 @@ func (am *authorizationMiddleware) View(ctx context.Context, session authn.Sessi if err := am.authorize(ctx, clients.OpViewClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -191,7 +191,7 @@ func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Ses if err := am.authorize(ctx, clients.OpUpdateClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: client.ID, }); err != nil { @@ -219,7 +219,7 @@ func (am *authorizationMiddleware) UpdateTags(ctx context.Context, session authn if err := am.authorize(ctx, clients.OpUpdateClientTags, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: client.ID, }); err != nil { @@ -247,7 +247,7 @@ func (am *authorizationMiddleware) UpdateSecret(ctx context.Context, session aut if err := am.authorize(ctx, clients.OpUpdateClientSecret, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -274,7 +274,7 @@ func (am *authorizationMiddleware) Enable(ctx context.Context, session authn.Ses if err := am.authorize(ctx, clients.OpEnableClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -302,7 +302,7 @@ func (am *authorizationMiddleware) Disable(ctx context.Context, session authn.Se if err := am.authorize(ctx, clients.OpDisableClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -328,7 +328,7 @@ func (am *authorizationMiddleware) Delete(ctx context.Context, session authn.Ses if err := am.authorize(ctx, clients.OpDeleteClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -356,7 +356,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a if err := am.authorize(ctx, clients.OpSetParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -366,7 +366,7 @@ func (am *authorizationMiddleware) SetParentGroup(ctx context.Context, session a if err := am.extAuthorize(ctx, clients.GroupOpSetChildClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.GroupType, Object: parentGroupID, }); err != nil { @@ -393,7 +393,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio if err := am.authorize(ctx, clients.OpRemoveParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.ClientType, Object: id, }); err != nil { @@ -409,7 +409,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio if err := am.extAuthorize(ctx, clients.GroupOpSetChildClient, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, ObjectType: policies.GroupType, Object: th.ParentGroup, }); err != nil { diff --git a/clients/service.go b/clients/service.go index 5638d91462..af168b48b9 100644 --- a/clients/service.go +++ b/clients/service.go @@ -362,7 +362,7 @@ func (svc service) Delete(ctx context.Context, session authn.Session, id string) }, } - if err := svc.RemoveEntitiesRoles(ctx, session.DomainID, session.DomainUserID, []string{id}, filterDeletePolicies, deletePolicies); err != nil { + if err := svc.RemoveEntitiesRoles(ctx, session.DomainID, session.UserID, []string{id}, filterDeletePolicies, deletePolicies); err != nil { return errors.Wrap(svcerr.ErrDeletePolicies, err) } diff --git a/clients/service_test.go b/clients/service_test.go index 5adbd75143..6d2d59a5b6 100644 --- a/clients/service_test.go +++ b/clients/service_test.go @@ -944,7 +944,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group successfully", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityResp: &grpcCommonV1.RetrieveEntityRes{ Entity: &grpcCommonV1.EntityBasic{ @@ -959,7 +959,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with failed to retrieve client", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: clients.Client{}, retrieveByIDErr: svcerr.ErrNotFound, err: svcerr.ErrUpdateEntity, @@ -968,7 +968,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with parent already set", clientID: parentedClient.ID, parentGroupID: validID, - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: parentedClient, err: nil, }, @@ -976,7 +976,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group of client with existing parent group", clientID: cparentedClient.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: cparentedClient, err: svcerr.ErrConflict, }, @@ -984,7 +984,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with failed to retrieve entity", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityErr: svcerr.ErrAuthorization, err: svcerr.ErrUpdateEntity, @@ -993,7 +993,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with parent group from different domain", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityResp: &grpcCommonV1.RetrieveEntityRes{ Entity: &grpcCommonV1.EntityBasic{ @@ -1008,7 +1008,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with disabled parent group", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityResp: &grpcCommonV1.RetrieveEntityRes{ Entity: &grpcCommonV1.EntityBasic{ @@ -1023,7 +1023,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with failed to add policies", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityResp: &grpcCommonV1.RetrieveEntityRes{ Entity: &grpcCommonV1.EntityBasic{ @@ -1039,7 +1039,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with failed to set parent group", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityResp: &grpcCommonV1.RetrieveEntityRes{ Entity: &grpcCommonV1.EntityBasic{ @@ -1055,7 +1055,7 @@ func TestSetParentGroup(t *testing.T) { desc: "set parent group with failed to set parent group and failed rollback", clientID: client.ID, parentGroupID: testsutil.GenerateUUID(t), - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: client, retrieveEntityResp: &grpcCommonV1.RetrieveEntityRes{ Entity: &grpcCommonV1.EntityBasic{ @@ -1116,14 +1116,14 @@ func TestRemoveParentGroup(t *testing.T) { { desc: "remove parent group successfully", clientID: parentedGroup.ID, - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: parentedGroup, err: nil, }, { desc: "remove parent group with failed to retrieve client", clientID: parentedGroup.ID, - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: clients.Client{}, retrieveByIDErr: svcerr.ErrNotFound, err: svcerr.ErrViewEntity, @@ -1131,7 +1131,7 @@ func TestRemoveParentGroup(t *testing.T) { { desc: "remove parent group with failed to delete policies", clientID: parentedGroup.ID, - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: parentedGroup, deletePoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrDeletePolicies, @@ -1139,7 +1139,7 @@ func TestRemoveParentGroup(t *testing.T) { { desc: "remove parent group with failed to remove parent group", clientID: parentedGroup.ID, - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: parentedGroup, removeParentGroupErr: svcerr.ErrUpdateEntity, err: svcerr.ErrUpdateEntity, @@ -1147,7 +1147,7 @@ func TestRemoveParentGroup(t *testing.T) { { desc: "remove parent group with failed to remove parent group and failed to add policies", clientID: parentedGroup.ID, - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID + "_" + validID}, + session: smqauthn.Session{UserID: validID, DomainID: validID}, retrieveByIDResp: parentedGroup, removeParentGroupErr: svcerr.ErrUpdateEntity, addPoliciesErr: svcerr.ErrUpdateEntity, diff --git a/docker/spicedb/schema.zed b/docker/spicedb/schema.zed index cb63ecba75..e0af424a4f 100644 --- a/docker/spicedb/schema.zed +++ b/docker/spicedb/schema.zed @@ -318,9 +318,9 @@ definition domain { channel_update + channel_read + channel_delete + channel_set_parent_group + channel_connect_to_client + channel_publish + channel_subscribe + channel_manage_role + channel_add_role_users + channel_remove_role_users + channel_view_role_users + group_update + group_membership + group_read + group_delete + group_set_child + group_set_parent + - group_manage_role + group_add_role_users + group_remove_role_users + group_view_role_users + group_manage_role + group_add_role_users + group_remove_role_users + group_view_role_users + organization->admin - permission admin = read & update & enable & disable & delete & manage_role & add_role_users & remove_role_users & view_role_users + permission admin = (read & update & enable & disable & delete & manage_role & add_role_users & remove_role_users & view_role_users) + organization->admin permission client_create_permission = client_create + team->client_create + organization->admin permission channel_create_permission = channel_create + team->channel_create + organization->admin diff --git a/domains/api/http/endpoint_test.go b/domains/api/http/endpoint_test.go index 51a9b31adb..6d0eb8bf45 100644 --- a/domains/api/http/endpoint_test.go +++ b/domains/api/http/endpoint_test.go @@ -664,7 +664,7 @@ func TestViewDomain(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = authn.Session{UserID: userID, DomainID: tc.domainID, DomainUserID: tc.domainID + "_" + userID} + tc.session = authn.Session{UserID: userID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RetrieveDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -818,7 +818,7 @@ func TestUpdateDomain(t *testing.T) { } if tc.token == validToken { - tc.session = authn.Session{UserID: userID, DomainID: tc.domainID, DomainUserID: tc.domainID + "_" + userID} + tc.session = authn.Session{UserID: userID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("UpdateDomain", mock.Anything, tc.session, tc.domainID, tc.updateReq).Return(tc.svcRes, tc.svcErr) @@ -903,7 +903,7 @@ func TestEnableDomain(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = authn.Session{UserID: userID, DomainID: tc.domainID, DomainUserID: tc.domainID + "_" + userID} + tc.session = authn.Session{UserID: userID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("EnableDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -981,7 +981,7 @@ func TestDisableDomain(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = authn.Session{UserID: userID, DomainID: tc.domainID, DomainUserID: tc.domainID + "_" + userID} + tc.session = authn.Session{UserID: userID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("DisableDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -1059,7 +1059,7 @@ func TestFreezeDomain(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = authn.Session{UserID: userID, DomainID: tc.domainID, DomainUserID: tc.domainID + "_" + userID} + tc.session = authn.Session{UserID: userID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("FreezeDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) diff --git a/domains/middleware/authorization.go b/domains/middleware/authorization.go index 0b8e9ef636..86753567df 100644 --- a/domains/middleware/authorization.go +++ b/domains/middleware/authorization.go @@ -53,7 +53,7 @@ func (am *authorizationMiddleware) CreateDomain(ctx context.Context, session aut func (am *authorizationMiddleware) RetrieveDomain(ctx context.Context, session authn.Session, id string) (domains.Domain, error) { if err := am.authorize(ctx, domains.OpRetrieveDomain, authz.PolicyReq{ - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: id, @@ -66,7 +66,7 @@ func (am *authorizationMiddleware) RetrieveDomain(ctx context.Context, session a func (am *authorizationMiddleware) UpdateDomain(ctx context.Context, session authn.Session, id string, d domains.DomainReq) (domains.Domain, error) { if err := am.authorize(ctx, domains.OpUpdateDomain, authz.PolicyReq{ - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: id, @@ -79,7 +79,7 @@ func (am *authorizationMiddleware) UpdateDomain(ctx context.Context, session aut func (am *authorizationMiddleware) EnableDomain(ctx context.Context, session authn.Session, id string) (domains.Domain, error) { if err := am.authorize(ctx, domains.OpEnableDomain, authz.PolicyReq{ - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: id, @@ -93,7 +93,7 @@ func (am *authorizationMiddleware) EnableDomain(ctx context.Context, session aut func (am *authorizationMiddleware) DisableDomain(ctx context.Context, session authn.Session, id string) (domains.Domain, error) { if err := am.authorize(ctx, domains.OpDisableDomain, authz.PolicyReq{ - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: id, diff --git a/groups/api/http/endpoint_test.go b/groups/api/http/endpoint_test.go index c8d762e46d..6122378b2a 100644 --- a/groups/api/http/endpoint_test.go +++ b/groups/api/http/endpoint_test.go @@ -205,7 +205,7 @@ func TestCreateGroupEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("CreateGroup", mock.Anything, tc.session, tc.req.Group).Return(tc.svcResp, []roles.RoleProvision{}, tc.svcErr) @@ -302,7 +302,7 @@ func TestViewGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("ViewGroup", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) @@ -447,7 +447,7 @@ func TestUpdateGroupEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("UpdateGroup", mock.Anything, tc.session, tc.updateReq).Return(tc.svcResp, tc.svcErr) @@ -550,7 +550,7 @@ func TestEnableGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("EnableGroup", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) @@ -653,7 +653,7 @@ func TestDisableGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("DisableGroup", mock.Anything, tc.session, tc.id).Return(tc.svcResp, tc.svcErr) @@ -960,7 +960,7 @@ func TestListGroups(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("ListGroups", mock.Anything, tc.session, mock.Anything).Return(tc.listGroupsResponse, tc.err) @@ -1050,7 +1050,7 @@ func TestDeleteGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("DeleteGroup", mock.Anything, tc.session, tc.id).Return(tc.svcErr) @@ -1219,7 +1219,7 @@ func TestRetrieveGroupHierarchyEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RetrieveGroupHierarchy", mock.Anything, tc.session, tc.groupID, tc.pageMeta).Return(tc.svcRes, tc.svcErr) @@ -1368,7 +1368,7 @@ func TestAddParentGroupEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("AddParentGroup", mock.Anything, tc.session, tc.id, tc.parentID).Return(tc.svcErr) @@ -1459,7 +1459,7 @@ func TestRemoveParentGroupEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RemoveParentGroup", mock.Anything, tc.session, tc.id).Return(tc.svcErr) @@ -1611,7 +1611,7 @@ func TestAddChildrenGroupsEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("AddChildrenGroups", mock.Anything, tc.session, tc.id, tc.childrenIDs).Return(tc.svcErr) @@ -1753,7 +1753,7 @@ func TestRemoveChildrenGroupsEndpoint(t *testing.T) { body: strings.NewReader(data), } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RemoveChildrenGroups", mock.Anything, tc.session, tc.id, tc.childrenIDs).Return(tc.svcErr) @@ -1844,7 +1844,7 @@ func TestRemoveAllChildrenGroupsEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("RemoveAllChildrenGroups", mock.Anything, tc.session, tc.id).Return(tc.svcErr) @@ -1988,7 +1988,7 @@ func TestListChildrenGroupsEndpoint(t *testing.T) { token: tc.token, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID + "_" + validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := authn.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr) svcCall := svc.On("ListChildrenGroups", mock.Anything, tc.session, tc.id, int64(1), int64(0), tc.pageMeta).Return(tc.svcRes, tc.svcErr) diff --git a/groups/middleware/authorization.go b/groups/middleware/authorization.go index 668baa01e6..f1927c2907 100644 --- a/groups/middleware/authorization.go +++ b/groups/middleware/authorization.go @@ -99,7 +99,7 @@ func (am *authorizationMiddleware) CreateGroup(ctx context.Context, session auth Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Object: session.DomainID, ObjectType: policies.DomainType, }); err != nil { @@ -111,7 +111,7 @@ func (am *authorizationMiddleware) CreateGroup(ctx context.Context, session auth Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Object: g.Parent, ObjectType: policies.GroupType, }); err != nil { @@ -141,7 +141,7 @@ func (am *authorizationMiddleware) UpdateGroup(ctx context.Context, session auth Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Object: g.ID, ObjectType: policies.GroupType, }); err != nil { @@ -170,7 +170,7 @@ func (am *authorizationMiddleware) ViewGroup(ctx context.Context, session authn. Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -204,7 +204,7 @@ func (am *authorizationMiddleware) ListGroups(ctx context.Context, session authn Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Object: session.DomainID, ObjectType: policies.DomainType, }); err != nil { @@ -223,7 +223,7 @@ func (am *authorizationMiddleware) ListUserGroups(ctx context.Context, session a Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Object: session.DomainID, ObjectType: policies.DomainType, }); err != nil { @@ -250,7 +250,7 @@ func (am *authorizationMiddleware) EnableGroup(ctx context.Context, session auth if err := am.authorize(ctx, groups.OpEnableGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -278,7 +278,7 @@ func (am *authorizationMiddleware) DisableGroup(ctx context.Context, session aut if err := am.authorize(ctx, groups.OpDisableGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -306,7 +306,7 @@ func (am *authorizationMiddleware) DeleteGroup(ctx context.Context, session auth if err := am.authorize(ctx, groups.OpDeleteGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -334,7 +334,7 @@ func (am *authorizationMiddleware) RetrieveGroupHierarchy(ctx context.Context, s if err := am.authorize(ctx, groups.OpRetrieveGroupHierarchy, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -361,7 +361,7 @@ func (am *authorizationMiddleware) AddParentGroup(ctx context.Context, session a if err := am.authorize(ctx, groups.OpAddParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -371,7 +371,7 @@ func (am *authorizationMiddleware) AddParentGroup(ctx context.Context, session a if err := am.authorize(ctx, groups.OpAddChildrenGroups, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: parentID, ObjectType: policies.GroupType, }); err != nil { @@ -398,7 +398,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio if err := am.authorize(ctx, groups.OpRemoveParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -414,7 +414,7 @@ func (am *authorizationMiddleware) RemoveParentGroup(ctx context.Context, sessio if err := am.authorize(ctx, groups.OpRemoveParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: group.Parent, ObjectType: policies.GroupType, }); err != nil { @@ -442,7 +442,7 @@ func (am *authorizationMiddleware) AddChildrenGroups(ctx context.Context, sessio if err := am.authorize(ctx, groups.OpAddChildrenGroups, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -453,7 +453,7 @@ func (am *authorizationMiddleware) AddChildrenGroups(ctx context.Context, sessio if err := am.authorize(ctx, groups.OpAddParentGroup, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: childID, ObjectType: policies.GroupType, }); err != nil { @@ -482,7 +482,7 @@ func (am *authorizationMiddleware) RemoveChildrenGroups(ctx context.Context, ses if err := am.authorize(ctx, groups.OpRemoveChildrenGroups, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -510,7 +510,7 @@ func (am *authorizationMiddleware) RemoveAllChildrenGroups(ctx context.Context, if err := am.authorize(ctx, groups.OpRemoveAllChildrenGroups, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { @@ -538,7 +538,7 @@ func (am *authorizationMiddleware) ListChildrenGroups(ctx context.Context, sessi if err := am.authorize(ctx, groups.OpListChildrenGroups, smqauthz.PolicyReq{ Domain: session.DomainID, SubjectType: policies.UserType, - Subject: session.DomainUserID, + Subject: session.UserID, Object: id, ObjectType: policies.GroupType, }); err != nil { diff --git a/groups/service.go b/groups/service.go index b8755d8b9a..6ada2de4ce 100644 --- a/groups/service.go +++ b/groups/service.go @@ -183,7 +183,7 @@ func (svc service) RetrieveGroupHierarchy(ctx context.Context, session smqauthn. return HierarchyPage{}, errors.Wrap(svcerr.ErrViewEntity, err) } hids := svc.getGroupIDs(hp.Groups) - ids, err := svc.filterAllowedGroupIDsOfUserID(ctx, session.DomainUserID, "read_permission", hids) + ids, err := svc.filterAllowedGroupIDsOfUserID(ctx, session.UserID, "read_permission", hids) if err != nil { return HierarchyPage{}, errors.Wrap(svcerr.ErrViewEntity, err) } @@ -454,7 +454,7 @@ func (svc service) DeleteGroup(ctx context.Context, session smqauthn.Session, id Object: id, }) } - if err := svc.RemoveEntitiesRoles(ctx, session.DomainID, session.DomainUserID, []string{id}, filterDeletePolicies, deletePolicies); err != nil { + if err := svc.RemoveEntitiesRoles(ctx, session.DomainID, session.UserID, []string{id}, filterDeletePolicies, deletePolicies); err != nil { return errors.Wrap(svcerr.ErrDeletePolicies, err) } diff --git a/groups/service_test.go b/groups/service_test.go index a02d85a30d..432bdc1d16 100644 --- a/groups/service_test.go +++ b/groups/service_test.go @@ -68,7 +68,7 @@ var ( } validID = testsutil.GenerateUUID(&testing.T{}) errRollbackRoles = errors.New("failed to rollback roles") - validSession = authn.Session{UserID: validID, DomainID: validID, DomainUserID: validID} + validSession = authn.Session{UserID: validID, DomainID: validID} ) var ( @@ -431,7 +431,7 @@ func TestListGroups(t *testing.T) { }{ { desc: "list groups as super admin successfully", - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID, SuperAdmin: true}, + session: smqauthn.Session{UserID: validID, DomainID: validID, SuperAdmin: true}, pageMeta: groups.PageMeta{ Limit: 10, Offset: 0, @@ -453,7 +453,7 @@ func TestListGroups(t *testing.T) { }, { desc: "list groups as super admin with failed to retrieve", - session: smqauthn.Session{UserID: validID, DomainID: validID, DomainUserID: validID, SuperAdmin: true}, + session: smqauthn.Session{UserID: validID, DomainID: validID, SuperAdmin: true}, pageMeta: groups.PageMeta{ Limit: 10, Offset: 0, diff --git a/http/handler.go b/http/handler.go index 9961035577..1a8af25d78 100644 --- a/http/handler.go +++ b/http/handler.go @@ -148,7 +148,7 @@ func (h *handler) Publish(ctx context.Context, topic *string, payload *[]byte) e return mgate.NewHTTPProxyError(http.StatusUnauthorized, svcerr.ErrAuthentication) } clientType = policies.UserType - clientID = authnSession.DomainUserID + clientID = authnSession.UserID default: return mgate.NewHTTPProxyError(http.StatusUnauthorized, svcerr.ErrAuthentication) } diff --git a/http/handler_test.go b/http/handler_test.go index 81095728b2..2a97cdbd05 100644 --- a/http/handler_test.go +++ b/http/handler_test.go @@ -179,7 +179,7 @@ func TestPublish(t *testing.T) { password: validToken, session: &tokenSession, channelID: chanID, - authNRes1: smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + authNRes1: smqauthn.Session{UserID: validID, DomainID: validID}, authNErr: nil, authZRes: &grpcChannelsV1.AuthzRes{Authorized: true}, authZErr: nil, @@ -279,7 +279,7 @@ func TestPublish(t *testing.T) { session: &tokenSession, channelID: chanID, status: http.StatusUnauthorized, - authNRes1: smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + authNRes1: smqauthn.Session{UserID: validID, DomainID: validID}, authNErr: svcerr.ErrAuthentication, err: svcerr.ErrAuthentication, }, diff --git a/invitations/api/endpoint_test.go b/invitations/api/endpoint_test.go index 540c169661..bab850e502 100644 --- a/invitations/api/endpoint_test.go +++ b/invitations/api/endpoint_test.go @@ -82,7 +82,7 @@ func TestSendInvitation(t *testing.T) { desc: "valid request", token: validToken, data: fmt.Sprintf(`{"user_id": "%s","domain_id": "%s", "relation": "%s"}`, validID, domainID, "domain"), - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusCreated, contentType: validContenType, svcErr: nil, @@ -107,7 +107,7 @@ func TestSendInvitation(t *testing.T) { desc: "invalid content type", token: validToken, data: fmt.Sprintf(`{"user_id": "%s","domain_id": "%s", "relation": "%s"}`, validID, validID, "domain"), - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusUnsupportedMediaType, contentType: "text/plain", svcErr: nil, @@ -116,7 +116,7 @@ func TestSendInvitation(t *testing.T) { desc: "invalid data", token: validToken, data: `data`, - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusBadRequest, contentType: validContenType, svcErr: nil, @@ -125,7 +125,7 @@ func TestSendInvitation(t *testing.T) { desc: "with service error", token: validToken, data: fmt.Sprintf(`{"user_id": "%s", "domain_id": "%s", "relation": "%s"}`, validID, domainID, "domain"), - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, status: http.StatusForbidden, contentType: validContenType, svcErr: svcerr.ErrAuthorization, @@ -169,7 +169,7 @@ func TestListInvitation(t *testing.T) { }{ { desc: "valid request", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, status: http.StatusOK, contentType: validContenType, @@ -184,7 +184,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with offset", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: "offset=1", status: http.StatusOK, @@ -201,7 +201,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with limit", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: "limit=1", status: http.StatusOK, @@ -218,7 +218,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with user_id", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: fmt.Sprintf("user_id=%s", validID), status: http.StatusOK, @@ -227,7 +227,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with duplicate user_id", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: "user_id=1&user_id=2", status: http.StatusBadRequest, @@ -236,7 +236,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with invited_by", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: fmt.Sprintf("invited_by=%s", validID), status: http.StatusOK, @@ -245,7 +245,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with duplicate invited_by", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: "invited_by=1&invited_by=2", status: http.StatusBadRequest, @@ -254,7 +254,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with relation", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: fmt.Sprintf("relation=%s", "relation"), status: http.StatusOK, @@ -263,7 +263,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with duplicate relation", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: "relation=1&relation=2", status: http.StatusBadRequest, @@ -272,7 +272,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with state", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, query: "state=pending", status: http.StatusOK, @@ -297,7 +297,7 @@ func TestListInvitation(t *testing.T) { }, { desc: "with service error", - authnRes: smqauthn.Session{UserID: validID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID}, token: validToken, status: http.StatusForbidden, contentType: validContenType, @@ -341,7 +341,7 @@ func TestViewInvitation(t *testing.T) { }{ { desc: "valid request", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, userID: validID, domainID: domainID, @@ -360,7 +360,7 @@ func TestViewInvitation(t *testing.T) { }, { desc: "with service error", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, userID: validID, domainID: domainID, @@ -435,7 +435,7 @@ func TestDeleteInvitation(t *testing.T) { }{ { desc: "valid request", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, userID: validID, domainID: domainID, @@ -454,7 +454,7 @@ func TestDeleteInvitation(t *testing.T) { }, { desc: "with service error", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, userID: validID, domainID: domainID, @@ -527,7 +527,7 @@ func TestAcceptInvitation(t *testing.T) { }{ { desc: "valid request", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, data: fmt.Sprintf(`{"domain_id": "%s"}`, validID), token: validToken, status: http.StatusNoContent, @@ -544,7 +544,7 @@ func TestAcceptInvitation(t *testing.T) { }, { desc: "with service error", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, data: fmt.Sprintf(`{"domain_id": "%s"}`, validID), status: http.StatusForbidden, @@ -607,7 +607,7 @@ func TestRejectInvitation(t *testing.T) { }{ { desc: "valid request", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, data: fmt.Sprintf(`{"domain_id": "%s"}`, validID), status: http.StatusNoContent, @@ -624,7 +624,7 @@ func TestRejectInvitation(t *testing.T) { }, { desc: "unauthorized error", - authnRes: smqauthn.Session{UserID: validID, DomainID: domainID, DomainUserID: domainID + "_" + validID}, + authnRes: smqauthn.Session{UserID: validID, DomainID: domainID}, token: validToken, data: fmt.Sprintf(`{"domain_id": "%s"}`, "invalid"), status: http.StatusForbidden, diff --git a/invitations/middleware/authorization.go b/invitations/middleware/authorization.go index 6d955eb415..75fc785882 100644 --- a/invitations/middleware/authorization.go +++ b/invitations/middleware/authorization.go @@ -6,7 +6,6 @@ package middleware import ( "context" - "github.com/absmach/supermq/auth" "github.com/absmach/supermq/invitations" "github.com/absmach/supermq/pkg/authn" "github.com/absmach/supermq/pkg/authz" @@ -30,9 +29,7 @@ func AuthorizationMiddleware(authz authz.Authorization, svc invitations.Service) } func (am *authorizationMiddleware) SendInvitation(ctx context.Context, session authn.Session, invitation invitations.Invitation) (err error) { - session.DomainUserID = auth.EncodeDomainUserID(session.DomainID, session.UserID) - domainUserId := auth.EncodeDomainUserID(invitation.DomainID, invitation.UserID) - if err := am.authorize(ctx, domainUserId, policies.MembershipPermission, policies.DomainType, invitation.DomainID); err == nil { + if err := am.authorize(ctx, invitation.UserID, policies.MembershipPermission, policies.DomainType, invitation.DomainID); err == nil { // return error if the user is already a member of the domain return errors.Wrap(svcerr.ErrConflict, ErrMemberExist) } @@ -45,7 +42,6 @@ func (am *authorizationMiddleware) SendInvitation(ctx context.Context, session a } func (am *authorizationMiddleware) ViewInvitation(ctx context.Context, session authn.Session, userID, domain string) (invitation invitations.Invitation, err error) { - session.DomainUserID = auth.EncodeDomainUserID(session.DomainID, session.UserID) if session.UserID != userID { if err := am.checkAdmin(ctx, session); err != nil { return invitations.Invitation{}, err @@ -56,7 +52,6 @@ func (am *authorizationMiddleware) ViewInvitation(ctx context.Context, session a } func (am *authorizationMiddleware) ListInvitations(ctx context.Context, session authn.Session, page invitations.Page) (invs invitations.InvitationPage, err error) { - session.DomainUserID = auth.EncodeDomainUserID(session.DomainID, session.UserID) if err := am.authorize(ctx, session.UserID, policies.AdminPermission, policies.PlatformType, policies.SuperMQObject); err == nil { session.SuperAdmin = true } @@ -64,7 +59,7 @@ func (am *authorizationMiddleware) ListInvitations(ctx context.Context, session if !session.SuperAdmin { switch { case page.DomainID != "": - if err := am.authorize(ctx, session.DomainUserID, policies.AdminPermission, policies.DomainType, page.DomainID); err != nil { + if err := am.authorize(ctx, session.UserID, policies.AdminPermission, policies.DomainType, page.DomainID); err != nil { return invitations.InvitationPage{}, err } default: @@ -84,7 +79,6 @@ func (am *authorizationMiddleware) RejectInvitation(ctx context.Context, session } func (am *authorizationMiddleware) DeleteInvitation(ctx context.Context, session authn.Session, userID, domainID string) (err error) { - session.DomainUserID = auth.EncodeDomainUserID(session.DomainID, session.UserID) if err := am.checkAdmin(ctx, session); err != nil { return err } @@ -94,7 +88,7 @@ func (am *authorizationMiddleware) DeleteInvitation(ctx context.Context, session // checkAdmin checks if the given user is a domain or platform administrator. func (am *authorizationMiddleware) checkAdmin(ctx context.Context, session authn.Session) error { - if err := am.authorize(ctx, session.DomainUserID, policies.AdminPermission, policies.DomainType, session.DomainID); err == nil { + if err := am.authorize(ctx, session.UserID, policies.AdminPermission, policies.DomainType, session.DomainID); err == nil { return nil } diff --git a/invitations/service_test.go b/invitations/service_test.go index 3b28ddabd5..589003faaa 100644 --- a/invitations/service_test.go +++ b/invitations/service_test.go @@ -55,7 +55,7 @@ func TestSendInvitation(t *testing.T) { { desc: "send invitation successful", token: validToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, tokenUserID: testsutil.GenerateUUID(t), req: validInvitation, err: nil, @@ -65,7 +65,7 @@ func TestSendInvitation(t *testing.T) { { desc: "failed to issue token", token: invalidToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, tokenUserID: testsutil.GenerateUUID(t), req: validInvitation, err: svcerr.ErrCreateEntity, @@ -84,7 +84,7 @@ func TestSendInvitation(t *testing.T) { { desc: "resend invitation", token: invalidToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, tokenUserID: testsutil.GenerateUUID(t), req: invitations.Invitation{ UserID: validInvitation.UserID, @@ -153,7 +153,7 @@ func TestViewInvitation(t *testing.T) { tokenUserID: testsutil.GenerateUUID(t), userID: validInvitation.UserID, domainID: validInvitation.DomainID, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, resp: validInvitation, err: nil, repoErr: nil, @@ -164,7 +164,7 @@ func TestViewInvitation(t *testing.T) { token: validToken, userID: validInvitation.UserID, domainID: validInvitation.DomainID, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, tokenUserID: testsutil.GenerateUUID(t), err: svcerr.ErrNotFound, repoErr: svcerr.ErrNotFound, @@ -174,7 +174,7 @@ func TestViewInvitation(t *testing.T) { token: validToken, userID: validInvitation.UserID, domainID: validInvitation.DomainID, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, resp: validInvitation, tokenUserID: validInvitation.UserID, err: nil, @@ -185,7 +185,7 @@ func TestViewInvitation(t *testing.T) { token: validToken, userID: validInvitation.UserID, domainID: validInvitation.DomainID, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, tokenUserID: validInvitation.InvitedBy, resp: validInvitation, err: nil, @@ -240,7 +240,7 @@ func TestListInvitations(t *testing.T) { }{ { desc: "list invitations successful", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, page: validPage, resp: validResp, err: nil, @@ -249,7 +249,7 @@ func TestListInvitations(t *testing.T) { { desc: "list invitations unsuccessful", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: validUserID}, + session: authn.Session{DomainID: validDomainID, UserID: validUserID}, page: validPage, err: repoerr.ErrViewEntity, resp: invitations.InvitationPage{}, @@ -291,7 +291,7 @@ func TestAcceptInvitation(t *testing.T) { desc: "accept invitation successful", token: validToken, domainID: "", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, resp: invitations.Invitation{ UserID: userID, DomainID: testsutil.GenerateUUID(t), @@ -304,14 +304,14 @@ func TestAcceptInvitation(t *testing.T) { { desc: "accept invitation with failed to retrieve all", token: validToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, err: svcerr.ErrNotFound, repoErr: svcerr.ErrNotFound, }, { desc: "accept invitation with sdk err", token: validToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: "", resp: invitations.Invitation{ UserID: userID, @@ -326,7 +326,7 @@ func TestAcceptInvitation(t *testing.T) { { desc: "accept invitation with failed update confirmation", token: validToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: "", resp: invitations.Invitation{ UserID: userID, @@ -341,7 +341,7 @@ func TestAcceptInvitation(t *testing.T) { { desc: "accept invitation that is already confirmed", token: validToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: "", resp: invitations.Invitation{ UserID: userID, @@ -356,7 +356,7 @@ func TestAcceptInvitation(t *testing.T) { { desc: "accept rejected invitation", token: validToken, - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: "", resp: invitations.Invitation{ UserID: userID, @@ -464,7 +464,7 @@ func TestRejectInvitation(t *testing.T) { }{ { desc: "reject invitations for the same user", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: validInvitation.DomainID, resp: validInvitation, err: nil, @@ -473,7 +473,7 @@ func TestRejectInvitation(t *testing.T) { }, { desc: "reject invitations for the invited user", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: validInvitation.DomainID, resp: invitations.Invitation{}, err: svcerr.ErrAuthorization, @@ -482,7 +482,7 @@ func TestRejectInvitation(t *testing.T) { }, { desc: "error retrieving invitation", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: validInvitation.DomainID, resp: invitations.Invitation{}, err: repoerr.ErrNotFound, @@ -491,7 +491,7 @@ func TestRejectInvitation(t *testing.T) { }, { desc: "error updating rejection", - session: authn.Session{DomainUserID: validDomainUserID, DomainID: validDomainID, UserID: userID}, + session: authn.Session{DomainID: validDomainID, UserID: userID}, domainID: validInvitation.DomainID, resp: validInvitation, err: repoerr.ErrUpdateEntity, diff --git a/journal/api/endpoint_test.go b/journal/api/endpoint_test.go index 38e944f9a4..2d2893e6f7 100644 --- a/journal/api/endpoint_test.go +++ b/journal/api/endpoint_test.go @@ -379,11 +379,7 @@ func TestListEntityJournalsEndpoint(t *testing.T) { for _, c := range cases { t.Run(c.desc, func(t *testing.T) { if c.token == validToken { - c.session = smqauthn.Session{ - UserID: userID, - DomainID: domainID, - DomainUserID: domainID + "_" + userID, - } + c.session = smqauthn.Session{UserID: userID, DomainID: domainID} } authCall := authn.On("Authenticate", mock.Anything, c.token).Return(c.session, c.authnErr) svcCall := svc.On("RetrieveAll", mock.Anything, c.session, mock.Anything).Return(journal.JournalsPage{}, c.svcErr) @@ -465,7 +461,6 @@ func TestRetrieveClientTelemetryEndpoint(t *testing.T) { c.session = smqauthn.Session{ UserID: userID, DomainID: c.domainID, - DomainUserID: c.domainID + "_" + userID, } } authCall := authn.On("Authenticate", mock.Anything, c.token).Return(c.session, c.authnErr) diff --git a/journal/middleware/authorization.go b/journal/middleware/authorization.go index e819835868..9842b8753d 100644 --- a/journal/middleware/authorization.go +++ b/journal/middleware/authorization.go @@ -39,7 +39,7 @@ func (am *authorizationMiddleware) RetrieveAll(ctx context.Context, session smqa permission := readPermission objectType := page.EntityType.String() object := page.EntityID - subject := session.DomainUserID + subject := session.UserID // If the entity is a user, we need to check if the user is an admin if page.EntityType.String() == policies.UserType { @@ -70,7 +70,7 @@ func (am *authorizationMiddleware) RetrieveClientTelemetry(ctx context.Context, Domain: session.DomainID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, - Subject: session.DomainUserID, + Subject: session.UserID, Permission: readPermission, ObjectType: policies.ClientType, Object: clientID, diff --git a/journal/service_test.go b/journal/service_test.go index bec590add6..b43f183549 100644 --- a/journal/service_test.go +++ b/journal/service_test.go @@ -73,7 +73,7 @@ func TestReadAll(t *testing.T) { repo := new(mocks.Repository) svc := journal.NewService(idProvider, repo) - validSession := smqauthn.Session{DomainUserID: testsutil.GenerateUUID(t), UserID: testsutil.GenerateUUID(t), DomainID: testsutil.GenerateUUID(t)} + validSession := smqauthn.Session{UserID: testsutil.GenerateUUID(t), DomainID: testsutil.GenerateUUID(t)} validPage := journal.Page{ Offset: 0, Limit: 10, diff --git a/pkg/authn/authn.go b/pkg/authn/authn.go index 6a61cc8c58..d2be26c199 100644 --- a/pkg/authn/authn.go +++ b/pkg/authn/authn.go @@ -30,7 +30,6 @@ func (t TokenType) String() string { type Session struct { Type TokenType PatID string - DomainUserID string UserID string DomainID string SuperAdmin bool diff --git a/pkg/authn/authsvc/authn.go b/pkg/authn/authsvc/authn.go index 2acb88ac12..486d825342 100644 --- a/pkg/authn/authsvc/authn.go +++ b/pkg/authn/authsvc/authn.go @@ -54,5 +54,5 @@ func (a authentication) Authenticate(ctx context.Context, token string) (authn.S return authn.Session{}, errors.Wrap(errors.ErrAuthentication, err) } - return authn.Session{Type: authn.AccessToken, DomainUserID: res.GetId(), UserID: res.GetUserId(), DomainID: res.GetDomainId()}, nil + return authn.Session{Type: authn.AccessToken, UserID: res.GetUserId(), DomainID: res.GetDomainId()}, nil } diff --git a/pkg/authz/authsvc/authz.go b/pkg/authz/authsvc/authz.go index f0d1de592b..7c86cbd672 100644 --- a/pkg/authz/authsvc/authz.go +++ b/pkg/authz/authsvc/authz.go @@ -5,6 +5,7 @@ package authsvc import ( "context" + "fmt" grpcAuthV1 "github.com/absmach/supermq/api/grpc/auth/v1" "github.com/absmach/supermq/auth/api/grpc/auth" @@ -55,6 +56,7 @@ func (a authorization) Authorize(ctx context.Context, pr authz.PolicyReq) error domainID = pr.Object } if err := a.checkDomain(ctx, pr.SubjectType, pr.Subject, domainID); err != nil { + fmt.Println("Error thrwon here 0") return errors.Wrap(svcerr.ErrDomainAuthorization, err) } } @@ -72,9 +74,11 @@ func (a authorization) Authorize(ctx context.Context, pr authz.PolicyReq) error } res, err := a.authSvcClient.Authorize(ctx, &req) if err != nil { + fmt.Println("Error thrwon here 1") return errors.Wrap(errors.ErrAuthorization, err) } if !res.GetAuthorized() { + fmt.Println("Error thrwon here 2") return errors.ErrAuthorization } return nil diff --git a/pkg/messaging/message.pb.go b/pkg/messaging/message.pb.go index bdf2bb1231..a12cc4bf24 100644 --- a/pkg/messaging/message.pb.go +++ b/pkg/messaging/message.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.0 -// protoc v5.29.0 +// protoc-gen-go v1.34.2 +// protoc v5.27.1 // source: pkg/messaging/message.proto package messaging @@ -25,22 +25,25 @@ const ( // Message represents a message emitted by the SuperMQ adapters layer. type Message struct { - state protoimpl.MessageState `protogen:"open.v1"` - Channel string `protobuf:"bytes,1,opt,name=channel,proto3" json:"channel,omitempty"` - Subtopic string `protobuf:"bytes,2,opt,name=subtopic,proto3" json:"subtopic,omitempty"` - Publisher string `protobuf:"bytes,3,opt,name=publisher,proto3" json:"publisher,omitempty"` - Protocol string `protobuf:"bytes,4,opt,name=protocol,proto3" json:"protocol,omitempty"` - Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` - Created int64 `protobuf:"varint,6,opt,name=created,proto3" json:"created,omitempty"` // Unix timestamp in nanoseconds - unknownFields protoimpl.UnknownFields + state protoimpl.MessageState sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Channel string `protobuf:"bytes,1,opt,name=channel,proto3" json:"channel,omitempty"` + Subtopic string `protobuf:"bytes,2,opt,name=subtopic,proto3" json:"subtopic,omitempty"` + Publisher string `protobuf:"bytes,3,opt,name=publisher,proto3" json:"publisher,omitempty"` + Protocol string `protobuf:"bytes,4,opt,name=protocol,proto3" json:"protocol,omitempty"` + Payload []byte `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` + Created int64 `protobuf:"varint,6,opt,name=created,proto3" json:"created,omitempty"` // Unix timestamp in nanoseconds } func (x *Message) Reset() { *x = Message{} - mi := &file_pkg_messaging_message_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) + if protoimpl.UnsafeEnabled { + mi := &file_pkg_messaging_message_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } } func (x *Message) String() string { @@ -51,7 +54,7 @@ func (*Message) ProtoMessage() {} func (x *Message) ProtoReflect() protoreflect.Message { mi := &file_pkg_messaging_message_proto_msgTypes[0] - if x != nil { + if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -157,6 +160,20 @@ func file_pkg_messaging_message_proto_init() { if File_pkg_messaging_message_proto != nil { return } + if !protoimpl.UnsafeEnabled { + file_pkg_messaging_message_proto_msgTypes[0].Exporter = func(v any, i int) any { + switch v := v.(*Message); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/pkg/policies/service.go b/pkg/policies/service.go index 6a7c625576..dd8e4e4ec4 100644 --- a/pkg/policies/service.go +++ b/pkg/policies/service.go @@ -105,10 +105,3 @@ type Service interface { // ListPermissions lists permission betweeen given subject and object . ListPermissions(ctx context.Context, pr Policy, permissionsFilter []string) (Permissions, error) } - -func EncodeDomainUserID(domainID, userID string) string { - if domainID == "" || userID == "" { - return "" - } - return domainID + "_" + userID -} diff --git a/pkg/roles/provisionmanage.go b/pkg/roles/provisionmanage.go index 381dbd2489..5db671716f 100644 --- a/pkg/roles/provisionmanage.go +++ b/pkg/roles/provisionmanage.go @@ -111,7 +111,7 @@ func (r ProvisionManageService) RemoveEntitiesRoles(ctx context.Context, domainI } for _, emr := range emrs { deletePolicies = append(deletePolicies, policies.Policy{ - Subject: policies.EncodeDomainUserID(domainID, emr.MemberID), + Subject: emr.MemberID, SubjectType: policies.UserType, Relation: policies.MemberRelation, ObjectType: policies.RoleType, @@ -187,7 +187,7 @@ func (r ProvisionManageService) AddNewEntitiesRoles(ctx context.Context, domainI for _, member := range members { prs = append(prs, policies.Policy{ SubjectType: policies.UserType, - Subject: policies.EncodeDomainUserID(domainID, member), + Subject: member, Relation: policies.MemberRelation, Object: id, ObjectType: policies.RoleType, @@ -259,7 +259,7 @@ func (r ProvisionManageService) AddRole(ctx context.Context, session authn.Sessi for _, member := range optionalMembers { prs = append(prs, policies.Policy{ SubjectType: policies.UserType, - Subject: policies.EncodeDomainUserID(session.DomainID, member), + Subject: member, Relation: policies.MemberRelation, Object: id, ObjectType: policies.RoleType, @@ -498,7 +498,7 @@ func (r ProvisionManageService) RoleAddMembers(ctx context.Context, session auth for _, mem := range members { prs = append(prs, policies.Policy{ SubjectType: policies.UserType, - Subject: policies.EncodeDomainUserID(session.DomainID, mem), + Subject: mem, Relation: policies.MemberRelation, Object: ro.ID, ObjectType: policies.RoleType, @@ -567,7 +567,7 @@ func (r ProvisionManageService) RoleRemoveMembers(ctx context.Context, session a for _, mem := range members { prs = append(prs, policies.Policy{ SubjectType: policies.UserType, - Subject: policies.EncodeDomainUserID(session.DomainID, mem), + Subject: mem, Relation: policies.MemberRelation, Object: ro.ID, ObjectType: policies.RoleType, diff --git a/pkg/roles/rolemanager/middleware/authoirzation.go b/pkg/roles/rolemanager/middleware/authoirzation.go index 02df36d3a4..2364dddacb 100644 --- a/pkg/roles/rolemanager/middleware/authoirzation.go +++ b/pkg/roles/rolemanager/middleware/authoirzation.go @@ -55,7 +55,7 @@ func (ram RoleManagerAuthorizationMiddleware) validate() error { func (ram RoleManagerAuthorizationMiddleware) AddRole(ctx context.Context, session authn.Session, entityID, roleName string, optionalActions []string, optionalMembers []string) (roles.RoleProvision, error) { if err := ram.authorize(ctx, roles.OpAddRole, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -69,7 +69,7 @@ func (ram RoleManagerAuthorizationMiddleware) AddRole(ctx context.Context, sessi func (ram RoleManagerAuthorizationMiddleware) RemoveRole(ctx context.Context, session authn.Session, entityID, roleID string) error { if err := ram.authorize(ctx, roles.OpRemoveRole, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -83,7 +83,7 @@ func (ram RoleManagerAuthorizationMiddleware) RemoveRole(ctx context.Context, se func (ram RoleManagerAuthorizationMiddleware) UpdateRoleName(ctx context.Context, session authn.Session, entityID, roleID, newRoleName string) (roles.Role, error) { if err := ram.authorize(ctx, roles.OpUpdateRoleName, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -97,7 +97,7 @@ func (ram RoleManagerAuthorizationMiddleware) UpdateRoleName(ctx context.Context func (ram RoleManagerAuthorizationMiddleware) RetrieveRole(ctx context.Context, session authn.Session, entityID, roleID string) (roles.Role, error) { if err := ram.authorize(ctx, roles.OpRetrieveRole, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -111,7 +111,7 @@ func (ram RoleManagerAuthorizationMiddleware) RetrieveRole(ctx context.Context, func (ram RoleManagerAuthorizationMiddleware) RetrieveAllRoles(ctx context.Context, session authn.Session, entityID string, limit, offset uint64) (roles.RolePage, error) { if err := ram.authorize(ctx, roles.OpRetrieveAllRoles, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -129,7 +129,7 @@ func (ram RoleManagerAuthorizationMiddleware) ListAvailableActions(ctx context.C func (ram RoleManagerAuthorizationMiddleware) RoleAddActions(ctx context.Context, session authn.Session, entityID, roleID string, actions []string) (ops []string, err error) { if err := ram.authorize(ctx, roles.OpRoleAddActions, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -144,7 +144,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleAddActions(ctx context.Context func (ram RoleManagerAuthorizationMiddleware) RoleListActions(ctx context.Context, session authn.Session, entityID, roleID string) ([]string, error) { if err := ram.authorize(ctx, roles.OpRoleListActions, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -159,7 +159,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleListActions(ctx context.Contex func (ram RoleManagerAuthorizationMiddleware) RoleCheckActionsExists(ctx context.Context, session authn.Session, entityID, roleID string, actions []string) (bool, error) { if err := ram.authorize(ctx, roles.OpRoleCheckActionsExists, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -173,7 +173,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleCheckActionsExists(ctx context func (ram RoleManagerAuthorizationMiddleware) RoleRemoveActions(ctx context.Context, session authn.Session, entityID, roleID string, actions []string) (err error) { if err := ram.authorize(ctx, roles.OpRoleRemoveActions, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -187,7 +187,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveActions(ctx context.Cont func (ram RoleManagerAuthorizationMiddleware) RoleRemoveAllActions(ctx context.Context, session authn.Session, entityID, roleID string) error { if err := ram.authorize(ctx, roles.OpRoleRemoveAllActions, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -201,7 +201,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveAllActions(ctx context.C func (ram RoleManagerAuthorizationMiddleware) RoleAddMembers(ctx context.Context, session authn.Session, entityID, roleID string, members []string) ([]string, error) { if err := ram.authorize(ctx, roles.OpRoleAddMembers, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -215,7 +215,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleAddMembers(ctx context.Context func (ram RoleManagerAuthorizationMiddleware) RoleListMembers(ctx context.Context, session authn.Session, entityID, roleID string, limit, offset uint64) (roles.MembersPage, error) { if err := ram.authorize(ctx, roles.OpRoleListMembers, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -229,7 +229,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleListMembers(ctx context.Contex func (ram RoleManagerAuthorizationMiddleware) RoleCheckMembersExists(ctx context.Context, session authn.Session, entityID, roleID string, members []string) (bool, error) { if err := ram.authorize(ctx, roles.OpRoleCheckMembersExists, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -243,7 +243,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleCheckMembersExists(ctx context func (ram RoleManagerAuthorizationMiddleware) RoleRemoveAllMembers(ctx context.Context, session authn.Session, entityID, roleID string) (err error) { if err := ram.authorize(ctx, roles.OpRoleRemoveAllMembers, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -257,7 +257,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveAllMembers(ctx context.C func (ram RoleManagerAuthorizationMiddleware) ListEntityMembers(ctx context.Context, session authn.Session, entityID string, pageQuery roles.MembersRolePageQuery) (roles.MembersRolePage, error) { if err := ram.authorize(ctx, roles.OpRoleListMembers, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -271,7 +271,7 @@ func (ram RoleManagerAuthorizationMiddleware) ListEntityMembers(ctx context.Cont func (ram RoleManagerAuthorizationMiddleware) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { if err := ram.authorize(ctx, roles.OpRoleRemoveAllMembers, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, @@ -285,7 +285,7 @@ func (ram RoleManagerAuthorizationMiddleware) RemoveEntityMembers(ctx context.Co func (ram RoleManagerAuthorizationMiddleware) RoleRemoveMembers(ctx context.Context, session authn.Session, entityID, roleID string, members []string) (err error) { if err := ram.authorize(ctx, roles.OpRoleRemoveMembers, smqauthz.PolicyReq{ Domain: session.DomainID, - Subject: session.DomainUserID, + Subject: session.UserID, SubjectType: policies.UserType, SubjectKind: policies.UsersKind, Object: entityID, diff --git a/pkg/sdk/certs_test.go b/pkg/sdk/certs_test.go index 8b1cde5fd7..87bad3f0b1 100644 --- a/pkg/sdk/certs_test.go +++ b/pkg/sdk/certs_test.go @@ -178,7 +178,7 @@ func TestIssueCert(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("IssueCert", mock.Anything, tc.domainID, tc.token, tc.clientID, tc.duration).Return(tc.svcRes, tc.svcErr) @@ -262,7 +262,7 @@ func TestViewCert(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ViewCert", mock.Anything, tc.certID).Return(tc.svcRes, tc.svcErr) @@ -356,7 +356,7 @@ func TestViewCertByClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ListSerials", mock.Anything, tc.clientID, certs.PageMetadata{Revoked: defRevoke, Offset: defOffset, Limit: defLimit}).Return(tc.svcRes, tc.svcErr) @@ -445,7 +445,7 @@ func TestRevokeCert(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("RevokeCert", mock.Anything, tc.domainID, tc.token, tc.clientID).Return(tc.svcResp, tc.svcErr) diff --git a/pkg/sdk/channels_test.go b/pkg/sdk/channels_test.go index a30fd97f17..fcf3cb7342 100644 --- a/pkg/sdk/channels_test.go +++ b/pkg/sdk/channels_test.go @@ -208,7 +208,7 @@ func TestCreateChannel(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("CreateChannels", mock.Anything, tc.session, tc.createChannelReq).Return(tc.svcRes, []roles.RoleProvision{}, tc.svcErr) @@ -332,7 +332,7 @@ func TestCreateChannels(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("CreateChannels", mock.Anything, tc.session, tc.createChannelsReq[0], tc.createChannelsReq[1], tc.createChannelsReq[2]).Return(tc.svcRes, []roles.RoleProvision{}, tc.svcErr) @@ -607,7 +607,7 @@ func TestListChannels(t *testing.T) { Metadata: tc.metadata, } if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("ListChannels", mock.Anything, tc.session, tc.channelsPageMeta).Return(tc.svcRes, tc.svcErr) @@ -716,7 +716,7 @@ func TestViewChannel(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("ViewChannel", mock.Anything, tc.session, tc.channelID).Return(tc.svcRes, tc.svcErr) @@ -987,7 +987,7 @@ func TestUpdateChannel(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("UpdateChannel", mock.Anything, tc.session, tc.updateChannelReq).Return(tc.svcRes, tc.svcErr) @@ -1138,7 +1138,7 @@ func TestUpdateChannelTags(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("UpdateChannelTags", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -1245,7 +1245,7 @@ func TestEnableChannel(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("EnableChannel", mock.Anything, tc.session, tc.channelID).Return(tc.svcRes, tc.svcErr) @@ -1355,7 +1355,7 @@ func TestDisableChannel(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("DisableChannel", mock.Anything, tc.session, tc.channelID).Return(tc.svcRes, tc.svcErr) @@ -1435,7 +1435,7 @@ func TestDeleteChannel(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("RemoveChannel", mock.Anything, tc.session, tc.channelID).Return(tc.svcErr) @@ -1548,7 +1548,7 @@ func TestConnect(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } connTypes := []connections.ConnType{} for _, ct := range tc.connection.Types { @@ -1667,7 +1667,7 @@ func TestDisconnect(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } connTypes := []connections.ConnType{} for _, ct := range tc.disconnect.Types { @@ -1776,7 +1776,7 @@ func TestConnectClients(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } connType, err := connections.ParseConnType(tc.connType) assert.Nil(t, err, fmt.Sprintf("error parsing connection type %s", tc.connType)) @@ -1879,7 +1879,7 @@ func TestDisconnectClients(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } connType, err := connections.ParseConnType(tc.connType) assert.Nil(t, err, fmt.Sprintf("error parsing connection type %s", tc.connType)) @@ -1976,7 +1976,7 @@ func TestSetChannelParent(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("SetParentGroup", mock.Anything, tc.session, tc.parentID, tc.channelID).Return(tc.svcErr) @@ -2062,7 +2062,7 @@ func TestRemoveChannelParent(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("RemoveParentGroup", mock.Anything, tc.session, tc.channelID).Return(tc.svcErr) diff --git a/pkg/sdk/clients_test.go b/pkg/sdk/clients_test.go index e702444222..48adce7645 100644 --- a/pkg/sdk/clients_test.go +++ b/pkg/sdk/clients_test.go @@ -188,7 +188,7 @@ func TestCreateClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("CreateClients", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, []roles.RoleProvision{}, tc.svcErr) @@ -299,7 +299,7 @@ func TestCreateClients(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("CreateClients", mock.Anything, tc.session, tc.svcReq[0], tc.svcReq[1], tc.svcReq[2]).Return(tc.svcRes, []roles.RoleProvision{}, tc.svcErr) @@ -566,7 +566,7 @@ func TestListClients(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("ListClients", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -676,7 +676,7 @@ func TestViewClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("View", mock.Anything, tc.session, tc.clientID).Return(tc.svcRes, tc.svcErr) @@ -834,7 +834,7 @@ func TestUpdateClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("Update", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -986,7 +986,7 @@ func TestUpdateClientTags(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("UpdateTags", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -1118,7 +1118,7 @@ func TestUpdateClientSecret(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("UpdateSecret", mock.Anything, tc.session, tc.clientID, tc.newSecret).Return(tc.svcRes, tc.svcErr) @@ -1221,7 +1221,7 @@ func TestEnableClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("Enable", mock.Anything, tc.session, tc.clientID).Return(tc.svcRes, tc.svcErr) @@ -1324,7 +1324,7 @@ func TestDisableClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("Disable", mock.Anything, tc.session, tc.clientID).Return(tc.svcRes, tc.svcErr) @@ -1406,7 +1406,7 @@ func TestDeleteClient(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authenticateErr) svcCall := tsvc.On("Delete", mock.Anything, tc.session, tc.clientID).Return(tc.svcErr) @@ -1501,7 +1501,7 @@ func TestSetClientParent(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("SetParentGroup", mock.Anything, tc.session, tc.parentID, tc.clientID).Return(tc.svcErr) @@ -1587,7 +1587,7 @@ func TestRemoveClientParent(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveParentGroup", mock.Anything, tc.session, tc.clientID).Return(tc.svcErr) @@ -1721,7 +1721,7 @@ func TestCreateClientRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("AddRole", mock.Anything, tc.session, tc.clientID, tc.roleReq.RoleName, tc.roleReq.OptionalActions, tc.roleReq.OptionalMembers).Return(tc.svcRes, tc.svcErr) @@ -1852,7 +1852,7 @@ func TestListClientRoles(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RetrieveAllRoles", mock.Anything, tc.session, tc.clientID, tc.pageMeta.Limit, tc.pageMeta.Offset).Return(tc.svcRes, tc.svcErr) @@ -1969,7 +1969,7 @@ func TestViewClientRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RetrieveRole", mock.Anything, tc.session, tc.clientID, tc.roleID).Return(tc.svcRes, tc.svcErr) @@ -2087,7 +2087,7 @@ func TestUpdateClientRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("UpdateRoleName", mock.Anything, tc.session, tc.clientID, tc.roleID, tc.newRoleName).Return(tc.svcRes, tc.svcErr) @@ -2183,7 +2183,7 @@ func TestDeleteClientRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveRole", mock.Anything, tc.session, tc.clientID, tc.roleID).Return(tc.svcErr) @@ -2306,7 +2306,7 @@ func TestAddClientRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleAddActions", mock.Anything, tc.session, tc.clientID, tc.roleID, tc.actions).Return(tc.svcRes, tc.svcErr) @@ -2416,7 +2416,7 @@ func TestListClientRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleListActions", mock.Anything, tc.session, tc.clientID, tc.roleID).Return(tc.svcRes, tc.svcErr) @@ -2530,7 +2530,7 @@ func TestRemoveClientRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveActions", mock.Anything, tc.session, tc.clientID, tc.roleID, tc.actions).Return(tc.svcErr) @@ -2634,7 +2634,7 @@ func TestRemoveAllClientRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveAllActions", mock.Anything, tc.session, tc.clientID, tc.roleID).Return(tc.svcErr) @@ -2757,7 +2757,7 @@ func TestAddClientRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleAddMembers", mock.Anything, tc.session, tc.clientID, tc.roleID, tc.members).Return(tc.svcRes, tc.svcErr) @@ -2906,7 +2906,7 @@ func TestListClientRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleListMembers", mock.Anything, tc.session, tc.clientID, tc.roleID, tc.pageMeta.Limit, tc.pageMeta.Offset).Return(tc.svcRes, tc.svcErr) @@ -3020,7 +3020,7 @@ func TestRemoveClientRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveMembers", mock.Anything, tc.session, tc.clientID, tc.roleID, tc.members).Return(tc.svcErr) @@ -3124,7 +3124,7 @@ func TestRemoveAllClientRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveAllMembers", mock.Anything, tc.session, tc.clientID, tc.roleID).Return(tc.svcErr) @@ -3194,7 +3194,7 @@ func TestListAvailableClientRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("ListAvailableActions", mock.Anything, tc.session).Return(tc.svcRes, tc.svcErr) diff --git a/pkg/sdk/domains_test.go b/pkg/sdk/domains_test.go index 667d4cdfa5..ac2796e175 100644 --- a/pkg/sdk/domains_test.go +++ b/pkg/sdk/domains_test.go @@ -158,7 +158,7 @@ func TestCreateDomain(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("CreateDomain", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, []roles.RoleProvision{}, tc.svcErr) @@ -306,7 +306,7 @@ func TestUpdateDomain(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("UpdateDomain", mock.Anything, tc.session, tc.domainID, mock.Anything).Return(tc.svcRes, tc.svcErr) @@ -409,7 +409,7 @@ func TestViewDomain(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("RetrieveDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -550,7 +550,7 @@ func TestListDomians(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("ListDomains", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -624,7 +624,7 @@ func TestEnableDomain(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("EnableDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -697,7 +697,7 @@ func TestDisableDomain(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("DisableDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -770,7 +770,7 @@ func TestFreezeDomain(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("FreezeDomain", mock.Anything, tc.session, tc.domainID).Return(tc.svcRes, tc.svcErr) @@ -897,7 +897,7 @@ func TestCreateDomainRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("AddRole", mock.Anything, tc.session, tc.domainID, tc.roleReq.RoleName, tc.roleReq.OptionalActions, tc.roleReq.OptionalMembers).Return(tc.svcRes, tc.svcErr) @@ -1022,7 +1022,7 @@ func TestListDomainRoles(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RetrieveAllRoles", mock.Anything, tc.session, tc.domainID, tc.pageMeta.Limit, tc.pageMeta.Offset).Return(tc.svcRes, tc.svcErr) @@ -1131,7 +1131,7 @@ func TestViewClietRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RetrieveRole", mock.Anything, tc.session, tc.domainID, tc.roleID).Return(tc.svcRes, tc.svcErr) @@ -1243,7 +1243,7 @@ func TestUpdateDomainRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("UpdateRoleName", mock.Anything, tc.session, tc.domainID, tc.roleID, tc.newRoleName).Return(tc.svcRes, tc.svcErr) @@ -1331,7 +1331,7 @@ func TestDeleteDomainRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveRole", mock.Anything, tc.session, tc.domainID, tc.roleID).Return(tc.svcErr) @@ -1446,7 +1446,7 @@ func TestAddDomainRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleAddActions", mock.Anything, tc.session, tc.domainID, tc.roleID, tc.actions).Return(tc.svcRes, tc.svcErr) @@ -1548,7 +1548,7 @@ func TestListDomainRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleListActions", mock.Anything, tc.session, tc.domainID, tc.roleID).Return(tc.svcRes, tc.svcErr) @@ -1654,7 +1654,7 @@ func TestRemoveDomainRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveActions", mock.Anything, tc.session, tc.domainID, tc.roleID, tc.actions).Return(tc.svcErr) @@ -1750,7 +1750,7 @@ func TestRemoveAllDomainRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveAllActions", mock.Anything, tc.session, tc.domainID, tc.roleID).Return(tc.svcErr) @@ -1865,7 +1865,7 @@ func TestAddDomainRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleAddMembers", mock.Anything, tc.session, tc.domainID, tc.roleID, tc.members).Return(tc.svcRes, tc.svcErr) @@ -2006,7 +2006,7 @@ func TestListDomainRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleListMembers", mock.Anything, tc.session, tc.domainID, tc.roleID, tc.pageMeta.Limit, tc.pageMeta.Offset).Return(tc.svcRes, tc.svcErr) @@ -2112,7 +2112,7 @@ func TestRemoveDomainRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveMembers", mock.Anything, tc.session, tc.domainID, tc.roleID, tc.members).Return(tc.svcErr) @@ -2208,7 +2208,7 @@ func TestRemoveAllDomainRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: tc.domainID + "_" + validID, UserID: validID, DomainID: tc.domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: tc.domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveAllMembers", mock.Anything, tc.session, tc.domainID, tc.roleID).Return(tc.svcErr) @@ -2269,7 +2269,7 @@ func TestListAvailableDomainRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("ListAvailableActions", mock.Anything, tc.session).Return(tc.svcRes, tc.svcErr) diff --git a/pkg/sdk/groups_test.go b/pkg/sdk/groups_test.go index d42cdf95d9..82185dbcb4 100644 --- a/pkg/sdk/groups_test.go +++ b/pkg/sdk/groups_test.go @@ -260,7 +260,7 @@ func TestCreateGroup(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("CreateGroup", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, []roles.RoleProvision{}, tc.svcErr) @@ -495,7 +495,7 @@ func TestListGroups(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("ListGroups", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -604,7 +604,7 @@ func TestViewGroup(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("ViewGroup", mock.Anything, tc.session, tc.groupID).Return(tc.svcRes, tc.svcErr) @@ -793,7 +793,7 @@ func TestUpdateGroup(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("UpdateGroup", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -904,7 +904,7 @@ func TestEnableGroup(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("EnableGroup", mock.Anything, tc.session, tc.groupID).Return(tc.svcRes, tc.svcErr) @@ -1015,7 +1015,7 @@ func TestDisableGroup(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("DisableGroup", mock.Anything, tc.session, tc.groupID).Return(tc.svcRes, tc.svcErr) @@ -1095,7 +1095,7 @@ func TestDeleteGroup(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("DeleteGroup", mock.Anything, tc.session, tc.groupID).Return(tc.svcErr) @@ -1191,7 +1191,7 @@ func TestSetGroupParent(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("AddParentGroup", mock.Anything, tc.session, tc.groupID, tc.parentID).Return(tc.svcErr) @@ -1278,7 +1278,7 @@ func TestRemoveGroupParent(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveParentGroup", mock.Anything, tc.session, tc.groupID).Return(tc.svcErr) @@ -1374,7 +1374,7 @@ func TestAddChildrenGroups(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("AddChildrenGroups", mock.Anything, tc.session, tc.groupID, tc.childrenIDs).Return(tc.svcErr) @@ -1470,7 +1470,7 @@ func TestRemoveChildrenGroups(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveChildrenGroups", mock.Anything, tc.session, tc.groupID, tc.childrenIDs).Return(tc.svcErr) @@ -1550,7 +1550,7 @@ func TestRemoveAllChildrenGroups(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveAllChildrenGroups", mock.Anything, tc.session, tc.groupID).Return(tc.svcErr) @@ -1803,7 +1803,7 @@ func TestListChildrenGroups(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("ListChildrenGroups", mock.Anything, tc.session, tc.childID, int64(1), int64(0), mock.Anything).Return(tc.svcRes, tc.svcErr) @@ -1979,7 +1979,7 @@ func TestHierarchy(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := gsvc.On("RetrieveGroupHierarchy", mock.Anything, tc.session, tc.groupID, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -2115,7 +2115,7 @@ func TestCreateGroupRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("AddRole", mock.Anything, tc.session, tc.groupID, tc.roleReq.RoleName, tc.roleReq.OptionalActions, tc.roleReq.OptionalMembers).Return(tc.svcRes, tc.svcErr) @@ -2247,7 +2247,7 @@ func TestListGroupRoles(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RetrieveAllRoles", mock.Anything, tc.session, tc.groupID, tc.pageMeta.Limit, tc.pageMeta.Offset).Return(tc.svcRes, tc.svcErr) @@ -2364,7 +2364,7 @@ func TestViewGroupRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RetrieveRole", mock.Anything, tc.session, tc.groupID, tc.roleID).Return(tc.svcRes, tc.svcErr) @@ -2483,7 +2483,7 @@ func TestUpdateGroupRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("UpdateRoleName", mock.Anything, tc.session, tc.groupID, tc.roleID, tc.newRoleName).Return(tc.svcRes, tc.svcErr) @@ -2580,7 +2580,7 @@ func TestDeleteGroupRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RemoveRole", mock.Anything, tc.session, tc.groupID, tc.roleID).Return(tc.svcErr) @@ -2704,7 +2704,7 @@ func TestAddGroupRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleAddActions", mock.Anything, tc.session, tc.groupID, tc.roleID, tc.actions).Return(tc.svcRes, tc.svcErr) @@ -2815,7 +2815,7 @@ func TestListGroupRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleListActions", mock.Anything, tc.session, tc.groupID, tc.roleID).Return(tc.svcRes, tc.svcErr) @@ -2930,7 +2930,7 @@ func TestRemoveGroupRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveActions", mock.Anything, tc.session, tc.groupID, tc.roleID, tc.actions).Return(tc.svcErr) @@ -3035,7 +3035,7 @@ func TestRemoveAllGroupRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveAllActions", mock.Anything, tc.session, tc.groupID, tc.roleID).Return(tc.svcErr) @@ -3159,7 +3159,7 @@ func TestAddGroupRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleAddMembers", mock.Anything, tc.session, tc.groupID, tc.roleID, tc.members).Return(tc.svcRes, tc.svcErr) @@ -3309,7 +3309,7 @@ func TestListGroupRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleListMembers", mock.Anything, tc.session, tc.groupID, tc.roleID, tc.pageMeta.Limit, tc.pageMeta.Offset).Return(tc.svcRes, tc.svcErr) @@ -3424,7 +3424,7 @@ func TestRemoveGroupRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveMembers", mock.Anything, tc.session, tc.groupID, tc.roleID, tc.members).Return(tc.svcErr) @@ -3529,7 +3529,7 @@ func TestRemoveAllGroupRoleMembers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("RoleRemoveAllMembers", mock.Anything, tc.session, tc.groupID, tc.roleID).Return(tc.svcErr) @@ -3599,7 +3599,7 @@ func TestListAvailableGroupRoleActions(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := csvc.On("ListAvailableActions", mock.Anything, tc.session).Return(tc.svcRes, tc.svcErr) diff --git a/pkg/sdk/invitations_test.go b/pkg/sdk/invitations_test.go index 4d3413e69e..0d3559c384 100644 --- a/pkg/sdk/invitations_test.go +++ b/pkg/sdk/invitations_test.go @@ -331,7 +331,7 @@ func TestListInvitation(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID} + tc.session = smqauthn.Session{UserID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ListInvitations", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -398,7 +398,7 @@ func TestAcceptInvitation(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("AcceptInvitation", mock.Anything, tc.session, tc.domainID).Return(tc.svcErr) @@ -464,7 +464,7 @@ func TestRejectInvitation(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == valid { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID} + tc.session = smqauthn.Session{UserID: validID, DomainID: validID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("RejectInvitation", mock.Anything, tc.session, tc.domainID).Return(tc.svcErr) diff --git a/pkg/sdk/journal_test.go b/pkg/sdk/journal_test.go index 8a91e6479e..e09855e7c3 100644 --- a/pkg/sdk/journal_test.go +++ b/pkg/sdk/journal_test.go @@ -329,7 +329,7 @@ func TestRetrieveJournal(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: domainID + "_" + validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := authn.On("Authenticate", mock.Anything, mock.Anything).Return(tc.session, tc.authnErr) svcCall := svc.On("RetrieveAll", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) diff --git a/pkg/sdk/tokens_test.go b/pkg/sdk/tokens_test.go index 25c743a951..ddb1fd251b 100644 --- a/pkg/sdk/tokens_test.go +++ b/pkg/sdk/tokens_test.go @@ -161,13 +161,13 @@ func TestRefreshToken(t *testing.T) { } for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, tc.identifyErr) - svcCall := svc.On("RefreshToken", mock.Anything, smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, tc.token).Return(tc.svcRes, tc.svcErr) + authCall := auth.On("Authenticate", mock.Anything, mock.Anything).Return(smqauthn.Session{UserID: validID, DomainID: validID}, tc.identifyErr) + svcCall := svc.On("RefreshToken", mock.Anything, smqauthn.Session{UserID: validID, DomainID: validID}, tc.token).Return(tc.svcRes, tc.svcErr) resp, err := mgsdk.RefreshToken(tc.token) assert.Equal(t, tc.err, err) assert.Equal(t, tc.response, resp) if tc.err == nil { - ok := svcCall.Parent.AssertCalled(t, "RefreshToken", mock.Anything, smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, tc.token) + ok := svcCall.Parent.AssertCalled(t, "RefreshToken", mock.Anything, smqauthn.Session{UserID: validID, DomainID: validID}, tc.token) assert.True(t, ok) } svcCall.Unset() diff --git a/pkg/sdk/users_test.go b/pkg/sdk/users_test.go index 4bb6267728..5ba103cd34 100644 --- a/pkg/sdk/users_test.go +++ b/pkg/sdk/users_test.go @@ -557,7 +557,7 @@ func TestListUsers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ListUsers", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -690,7 +690,7 @@ func TestSearchUsers(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { - authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID}, tc.authenticateErr) + authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(smqauthn.Session{UserID: validID, DomainID: domainID}, tc.authenticateErr) svcCall := svc.On("SearchUsers", mock.Anything, mock.Anything).Return(tc.searchreturn, tc.err) page, err := mgsdk.SearchUsers(tc.page, tc.token) assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected error %v, got %v", tc.desc, tc.err, err)) @@ -787,7 +787,7 @@ func TestViewUser(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("View", mock.Anything, tc.session, tc.userID).Return(tc.svcRes, tc.svcErr) @@ -866,7 +866,7 @@ func TestUserProfile(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("ViewProfile", mock.Anything, tc.session).Return(tc.svcRes, tc.svcErr) @@ -1030,7 +1030,7 @@ func TestUpdateUser(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("Update", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -1188,7 +1188,7 @@ func TestUpdateUserTags(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("UpdateTags", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -1336,7 +1336,7 @@ func TestUpdateUserEmail(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("UpdateEmail", mock.Anything, tc.session, tc.updateUserReq.ID, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -1634,7 +1634,7 @@ func TestUpdatePassword(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("UpdateSecret", mock.Anything, tc.session, tc.oldPassword, tc.newPassword).Return(tc.svcRes, tc.svcErr) @@ -1792,7 +1792,7 @@ func TestUpdateUserRole(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("UpdateRole", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -1956,7 +1956,7 @@ func TestUpdateUsername(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("UpdateUsername", mock.Anything, tc.session, tc.svcReq.ID, tc.svcReq.Credentials.Username).Return(tc.svcRes, tc.svcErr) @@ -2118,7 +2118,7 @@ func TestUpdateProfilePicture(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("UpdateProfilePicture", mock.Anything, tc.session, tc.svcReq).Return(tc.svcRes, tc.svcErr) @@ -2190,7 +2190,7 @@ func TestEnableUser(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("Enable", mock.Anything, tc.session, tc.userID).Return(tc.svcRes, tc.svcErr) @@ -2296,7 +2296,7 @@ func TestDisableUser(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("Disable", mock.Anything, tc.session, tc.userID).Return(tc.svcRes, tc.svcErr) @@ -2370,7 +2370,7 @@ func TestDeleteUser(t *testing.T) { for _, tc := range cases { t.Run(tc.desc, func(t *testing.T) { if tc.token == validToken { - tc.session = smqauthn.Session{DomainUserID: validID, UserID: validID, DomainID: domainID} + tc.session = smqauthn.Session{UserID: validID, DomainID: domainID} } authCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authenticateErr) svcCall := svc.On("Delete", mock.Anything, tc.session, tc.userID).Return(tc.svcErr) diff --git a/users/service_test.go b/users/service_test.go index fee974fd1a..7e9f35432b 100644 --- a/users/service_test.go +++ b/users/service_test.go @@ -940,7 +940,7 @@ func TestUpdateEmail(t *testing.T) { for _, tc := range cases { repoCall := cRepo.On("CheckSuperAdmin", context.Background(), mock.Anything).Return(tc.checkSuperAdminErr) repoCall1 := cRepo.On("Update", context.Background(), mock.Anything).Return(tc.updateEmailResponse, tc.updateEmailErr) - updatedUser, err := svc.UpdateEmail(context.Background(), authn.Session{DomainUserID: tc.reqUserID, UserID: validID, DomainID: validID}, tc.id, tc.email) + updatedUser, err := svc.UpdateEmail(context.Background(), authn.Session{UserID: validID, DomainID: validID}, tc.id, tc.email) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) assert.Equal(t, tc.updateEmailResponse, updatedUser, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.updateEmailResponse, updatedUser)) if tc.err == nil { @@ -1428,7 +1428,7 @@ func TestRefreshToken(t *testing.T) { }{ { desc: "refresh token with refresh token for an existing user", - session: authn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + session: authn.Session{UserID: validID, DomainID: validID}, refreshResp: &grpcTokenV1.Token{AccessToken: validToken, RefreshToken: &validToken, AccessType: "3"}, repoResp: rUser, err: nil, @@ -1442,7 +1442,7 @@ func TestRefreshToken(t *testing.T) { }, { desc: "refresh token with access token for an existing user", - session: authn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + session: authn.Session{UserID: validID, DomainID: validID}, refreshResp: &grpcTokenV1.Token{}, refresErr: svcerr.ErrAuthentication, repoResp: rUser, @@ -1450,19 +1450,19 @@ func TestRefreshToken(t *testing.T) { }, { desc: "refresh token with refresh token for a non-existing client", - session: authn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + session: authn.Session{UserID: validID, DomainID: validID}, repoErr: repoerr.ErrNotFound, err: repoerr.ErrNotFound, }, { desc: "refresh token with refresh token for a disable user", - session: authn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + session: authn.Session{UserID: validID, DomainID: validID}, repoResp: users.User{Status: users.DisabledStatus}, err: svcerr.ErrAuthentication, }, { desc: "refresh token with empty domain id", - session: authn.Session{DomainUserID: validID, UserID: validID, DomainID: validID}, + session: authn.Session{UserID: validID, DomainID: validID}, refreshResp: &grpcTokenV1.Token{}, refresErr: svcerr.ErrAuthentication, repoResp: rUser, diff --git a/ws/handler.go b/ws/handler.go index 238011b28d..f0a241c478 100644 --- a/ws/handler.go +++ b/ws/handler.go @@ -180,7 +180,7 @@ func (h *handler) Publish(ctx context.Context, topic *string, payload *[]byte) e return err } clientType = policies.UserType - clientID = authnSession.DomainUserID + clientID = authnSession.UserID } ar := &grpcChannelsV1.AuthzReq{ @@ -262,7 +262,7 @@ func (h *handler) authAccess(ctx context.Context, token, topic string, msgType c return err } clientType = policies.UserType - clientID = authnSession.DomainUserID + clientID = authnSession.UserID } // Topics are in the format: