openziti · andrewpmartinez · Jul 18, 2024 · Jul 16, 2024 · Jul 16, 2024
@@ -74,6 +74,7 @@ func (entity *ExternalJwtSigner) GetEntityType() string {
 var _ ExternalJwtSignerStore = (*externalJwtSignerStoreImpl)(nil)
 
 type ExternalJwtSignerStore interface {
+	NameIndexed
 	Store[*ExternalJwtSigner]
 }
 
@@ -96,6 +97,10 @@ type externalJwtSignerStoreImpl struct {
 	issuerIndex        boltz.ReadIndex
 }
 
+func (store *externalJwtSignerStoreImpl) GetNameIndex() boltz.ReadIndex {
+	return store.indexName
+}
+
 func (store *externalJwtSignerStoreImpl) initializeLocal() {
 	store.AddExtEntitySymbols()
 	store.indexName = store.addUniqueNameField()

@@ -573,6 +573,11 @@ func (ae *AppEnv) ProcessJwt(rc *response.RequestContext, token *jwt.Token) erro
 }
 
 func (ae *AppEnv) FillRequestContext(rc *response.RequestContext) error {
+	// do no process auth headers on authenticate request
+	if strings.HasSuffix(rc.Request.URL.Path, "/v1/authenticate") && !strings.HasSuffix(rc.Request.URL.Path, "/authenticate/mfa") {
+		return nil
+	}
+
 	ztSession := ae.getZtSessionFromRequest(rc.Request)
 
 	if ztSession != "" {

@@ -24,14 +24,11 @@ import (
 )
 
 type AuthResult interface {
-	IdentityId() string
-	ExternalId() string
 	AuthenticatorId() string
 	SessionCerts() []*x509.Certificate
 	Identity() *Identity
 	Authenticator() *Authenticator
 	AuthPolicy() *AuthPolicy
-	AuthPolicyId() string
 	IsSuccessful() bool
 }
 
@@ -121,25 +118,14 @@ func (context *AuthContextHttp) GetChangeContext() *change.Context {
 var _ AuthResult = &AuthResultBase{}
 
 type AuthResultBase struct {
-	identityId      string
-	externalId      string
 	identity        *Identity
 	authenticatorId string
 	authenticator   *Authenticator
 	sessionCerts    []*x509.Certificate
-	authPolicyId    string
 	authPolicy      *AuthPolicy
 	env             Env
 }
 
-func (a *AuthResultBase) IdentityId() string {
-	return a.identityId
-}
-
-func (a *AuthResultBase) ExternalId() string {
-	return a.externalId
-}
-
 func (a *AuthResultBase) AuthenticatorId() string {
 	return a.authenticatorId
 }
@@ -149,14 +135,6 @@ func (a *AuthResultBase) SessionCerts() []*x509.Certificate {
 }
 
 func (a *AuthResultBase) Identity() *Identity {
-	if a.identity == nil {
-		if a.identityId != "" {
-			a.identity, _ = a.env.GetManagers().Identity.Read(a.identityId)
-		} else if a.externalId != "" {
-			a.identity, _ = a.env.GetManagers().Identity.ReadByExternalId(a.externalId)
-		}
-
-	}
 	return a.identity
 }
 
@@ -168,17 +146,9 @@ func (a *AuthResultBase) Authenticator() *Authenticator {
 }
 
 func (a *AuthResultBase) AuthPolicy() *AuthPolicy {
-	if a.authPolicy == nil {
-		a.authPolicy, _ = a.env.GetManagers().AuthPolicy.Read(a.authPolicyId)
-	}
-
 	return a.authPolicy
 }
 
-func (a *AuthResultBase) AuthPolicyId() string {
-	return a.authPolicyId
-}
-
 func (a *AuthResultBase) IsSuccessful() bool {
-	return a.identityId != ""
+	return a.identity != nil
 }
@@ -23,7 +23,6 @@ import (
 	"github.com/michaelquigley/pfxlog"
 	"github.com/openziti/foundation/v2/errorz"
 	nfpem "github.com/openziti/foundation/v2/pem"
-	"github.com/openziti/foundation/v2/stringz"
 	"github.com/openziti/ziti/common/cert"
 	"github.com/openziti/ziti/controller/apierror"
 	"github.com/openziti/ziti/controller/change"
@@ -225,13 +224,10 @@ func (module *AuthModuleCert) Process(context AuthContext) (AuthResult, error) {
 	}
 
 	return &AuthResultBase{
-		identityId:      identity.Id,
-		externalId:      stringz.OrEmpty(identity.ExternalId),
 		identity:        identity,
 		authenticatorId: authenticator.Id,
 		authenticator:   authenticator,
 		sessionCerts:    []*x509.Certificate{clientCert},
-		authPolicyId:    authPolicy.Id,
 		authPolicy:      authPolicy,
 		env:             module.env,
 	}, nil