fix: use session / access_token for profile related queries or mutation
This commit is contained in:
Lakhan Samani
@@ -21,7 +21,6 @@ func UserInfoHandler() gin.HandlerFunc {
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||
if err != nil {
|
||||
log.Debug("Error validating access token: ", err)
|
||||
@@ -30,7 +29,6 @@ func UserInfoHandler() gin.HandlerFunc {
|
||||
})
|
||||
return
|
||||
}
|
||||
|
||||
userID := claims["sub"].(string)
|
||||
user, err := db.Provider.GetUserByID(gc, userID)
|
||||
if err != nil {
|
||||
|
||||
@@ -21,17 +21,11 @@ func DeactivateAccountResolver(ctx context.Context) (*model.Response, error) {
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
accessToken, err := token.GetAccessToken(gc)
|
||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get access token: ", err)
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return res, err
|
||||
}
|
||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
userID := claims["sub"].(string)
|
||||
log := log.WithFields(log.Fields{
|
||||
"user_id": userID,
|
||||
})
|
||||
|
||||
@@ -20,21 +20,11 @@ func ProfileResolver(ctx context.Context) (*model.User, error) {
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
accessToken, err := token.GetAccessToken(gc)
|
||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get access token: ", err)
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
userID := claims["sub"].(string)
|
||||
|
||||
log := log.WithFields(log.Fields{
|
||||
"user_id": userID,
|
||||
})
|
||||
|
||||
@@ -35,15 +35,9 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
accessToken, err := token.GetAccessToken(gc)
|
||||
userID, err := token.GetUserIDFromSessionOrAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate access token: ", err)
|
||||
log.Debug("Failed GetUserIDFromSessionOrAccessToken: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
@@ -52,8 +46,6 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||
log.Debug("All params are empty")
|
||||
return res, fmt.Errorf("please enter at least one param to update")
|
||||
}
|
||||
|
||||
userID := claims["sub"].(string)
|
||||
log := log.WithFields(log.Fields{
|
||||
"user_id": userID,
|
||||
})
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
"github.com/robertkrimen/otto"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
@@ -480,3 +481,34 @@ func GetIDToken(gc *gin.Context) (string, error) {
|
||||
token := strings.TrimPrefix(auth, "Bearer ")
|
||||
return token, nil
|
||||
}
|
||||
|
||||
// GetUserIDFromSessionOrAccessToken returns the user id from the session or access token
|
||||
func GetUserIDFromSessionOrAccessToken(gc *gin.Context) (string, error) {
|
||||
// First try to get the user id from the session
|
||||
isSession := true
|
||||
token, err := cookie.GetSession(gc)
|
||||
if err != nil || token == "" {
|
||||
log.Debug("Failed to get session token: ", err)
|
||||
isSession = false
|
||||
token, err = GetAccessToken(gc)
|
||||
if err != nil || token == "" {
|
||||
log.Debug("Failed to get access token: ", err)
|
||||
return "", fmt.Errorf(`unauthorized`)
|
||||
}
|
||||
}
|
||||
if isSession {
|
||||
claims, err := ValidateBrowserSession(gc, token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate session token: ", err)
|
||||
return "", fmt.Errorf(`unauthorized`)
|
||||
}
|
||||
return claims.Subject, nil
|
||||
}
|
||||
// If not session, then validate the access token
|
||||
claims, err := ValidateAccessToken(gc, token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate access token: ", err)
|
||||
return "", fmt.Errorf(`unauthorized`)
|
||||
}
|
||||
return claims["sub"].(string), nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user