3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-07-27 03:47:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve internal handling of external-session-id

Browse source
This commit is contained in:
Andrey Antukh 2024-06-19 16:13:39 +02:00
parent 8da153f604
commit 6a253871b0
6 changed files with 60 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

13
backend/src/app/auth/oidc.clj
View file

@ -32,6 +32,7 @@
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[cuerdas.core :as str] [cuerdas.core :as str]
[integrant.core :as ig] [integrant.core :as ig]
[ring.request :as rreq]
[ring.response :as-alias rres])) [ring.response :as-alias rres]))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -470,6 +471,9 @@
(some? (:invitation-token state)) (some? (:invitation-token state))
(assoc :invitation-token (:invitation-token state)) (assoc :invitation-token (:invitation-token state))
(some? (:external-session-id state))
(assoc :external-session-id (:external-session-id state))
;; If state token comes with props, merge them. The state token ;; If state token comes with props, merge them. The state token
;; props can contain pm_ and utm_ prefixed query params. ;; props can contain pm_ and utm_ prefixed query params.
(map? (:props state)) (map? (:props state))
@ -560,13 +564,16 @@
{:iss :auth {:iss :auth
:exp (dt/in-future "15m") :exp (dt/in-future "15m")
:props (:props info) :props (:props info)
:profile-id (:id profile)}))] :profile-id (:id profile)}))
props (audit/profile->props profile)
context (d/without-nils {:external-session-id (:external-session-id info)})]
(audit/submit! cfg {::audit/type "command" (audit/submit! cfg {::audit/type "command"
::audit/name "login-with-oidc" ::audit/name "login-with-oidc"
::audit/profile-id (:id profile) ::audit/profile-id (:id profile)
::audit/ip-addr (audit/parse-client-ip request) ::audit/ip-addr (audit/parse-client-ip request)
::audit/props (audit/profile->props profile)}) ::audit/props props
::audit/context context})
(->> (redirect-to-verify-token token) (->> (redirect-to-verify-token token)
(sxf request)))) (sxf request))))
@ -588,9 +595,11 @@
(defn- auth-handler (defn- auth-handler
[cfg {:keys [params] :as request}] [cfg {:keys [params] :as request}]
(let [props (audit/extract-utm-params params) (let [props (audit/extract-utm-params params)
esid (rreq/get-header request "x-external-session-id")
state (tokens/generate (::setup/props cfg) state (tokens/generate (::setup/props cfg)
{:iss :oauth {:iss :oauth
:invitation-token (:invitation-token params) :invitation-token (:invitation-token params)
:external-session-id esid
:props props :props props
:exp (dt/in-future "4h")}) :exp (dt/in-future "4h")})
uri (build-auth-uri cfg state)] uri (build-auth-uri cfg state)]

7
backend/src/app/loggers/audit.clj
View file

@ -86,6 +86,13 @@
(remove #(contains? reserved-props (key %)))) (remove #(contains? reserved-props (key %))))
props)) props))
(defn params->context
"Extract default context properties from RPC params object"
[params]
(d/without-nils
{:external-session-id (::rpc/external-session-id params)
:triggered-by (::rpc/handler-name params)}))
;; --- SPECS ;; --- SPECS

1
backend/src/app/rpc.clj
View file

@ -82,6 +82,7 @@
session-id (rreq/get-header request "x-external-session-id") session-id (rreq/get-header request "x-external-session-id")
data (-> params data (-> params
(assoc ::handler-name handler-name)
(assoc ::request-at (dt/now)) (assoc ::request-at (dt/now))
(assoc ::external-session-id session-id) (assoc ::external-session-id session-id)
(assoc ::session/id (::session/id request)) (assoc ::session/id (::session/id request))

7
backend/src/app/rpc/commands/management.clj
View file

@ -398,7 +398,7 @@
;; --- COMMAND: Clone Template ;; --- COMMAND: Clone Template
(defn- clone-template (defn- clone-template
[cfg {:keys [project-id ::rpc/profile-id ::rpc/external-session-id] :as params} template] [cfg {:keys [project-id ::rpc/profile-id] :as params} template]
(db/tx-run! cfg (fn [{:keys [::db/conn ::wrk/executor] :as cfg}] (db/tx-run! cfg (fn [{:keys [::db/conn ::wrk/executor] :as cfg}]
;; NOTE: the importation process performs some operations that ;; NOTE: the importation process performs some operations that
;; are not very friendly with virtual threads, and for avoid ;; are not very friendly with virtual threads, and for avoid
@ -413,9 +413,8 @@
{:modified-at (dt/now)} {:modified-at (dt/now)}
{:id project-id}) {:id project-id})
(let [props (-> (audit/clean-props params) (let [props (audit/clean-props params)
(assoc :triggered-by "clone-template")) context (audit/params->context params)]
context {:external-session-id external-session-id}]
(doseq [file-id result] (doseq [file-id result]
(audit/submit! cfg (audit/submit! cfg
{::audit/type "action" {::audit/type "action"

36
backend/src/app/rpc/commands/teams.clj
View file

@ -763,6 +763,7 @@
{:id (:id member)})) {:id (:id member)}))
nil) nil)
(let [id (uuid/next) (let [id (uuid/next)
expire (dt/in-future "168h") ;; 7 days expire (dt/in-future "168h") ;; 7 days
invitation (db/exec-one! conn [sql:upsert-team-invitation id invitation (db/exec-one! conn [sql:upsert-team-invitation id
@ -783,14 +784,19 @@
(when (contains? cf/flags :log-invitation-tokens) (when (contains? cf/flags :log-invitation-tokens)
(l/info :hint "invitation token" :token itoken)) (l/info :hint "invitation token" :token itoken))
(let [props (-> (dissoc tprops :profile-id)
(audit/clean-props))
context (audit/params->context params)]
(audit/submit! cfg (audit/submit! cfg
{::audit/type "action" {::audit/type "action"
::audit/name (if updated? ::audit/name (if updated?
"update-team-invitation" "update-team-invitation"
"create-team-invitation") "create-team-invitation")
::audit/profile-id (:id profile) ::audit/profile-id (:id profile)
::audit/props (-> (dissoc tprops :profile-id) ::audit/props props
(d/without-nils))}) ::audit/context context}))
(eml/send! {::eml/conn conn (eml/send! {::eml/conn conn
::eml/factory eml/invite-to-team ::eml/factory eml/invite-to-team
@ -850,10 +856,11 @@
;; We don't re-send inviation to already existing members ;; We don't re-send inviation to already existing members
(remove (partial contains? members)) (remove (partial contains? members))
(map (fn [email] (map (fn [email]
{:email email (-> params
:team team (assoc :email email)
:profile profile (assoc :team team)
:role role})) (assoc :profile profile)
(assoc :role role))))
(keep (partial create-invitation cfg))) (keep (partial create-invitation cfg)))
emails)] emails)]
(with-meta {:total (count invitations) (with-meta {:total (count invitations)
@ -879,9 +886,11 @@
(let [features (-> (cfeat/get-enabled-features cf/flags) (let [features (-> (cfeat/get-enabled-features cf/flags)
(cfeat/check-client-features! (:features params))) (cfeat/check-client-features! (:features params)))
params (assoc params
:profile-id profile-id params (-> params
:features features) (assoc :profile-id profile-id)
(assoc :features features))
cfg (assoc cfg ::db/conn conn) cfg (assoc cfg ::db/conn conn)
team (create-team cfg params) team (create-team cfg params)
profile (db/get-by-id conn :profile profile-id) profile (db/get-by-id conn :profile profile-id)
@ -890,10 +899,11 @@
;; Create invitations for all provided emails. ;; Create invitations for all provided emails.
(->> emails (->> emails
(map (fn [email] (map (fn [email]
{:team team (-> params
:profile profile (assoc :team team)
:email email (assoc :profile profile)
:role role})) (assoc :email email)
(assoc :role role))))
(run! (partial create-invitation cfg))) (run! (partial create-invitation cfg)))
(run! (partial quotes/check-quote! conn) (run! (partial quotes/check-quote! conn)

3
frontend/src/app/main/repo.cljs
View file

@ -137,6 +137,7 @@
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri uri :uri uri
:credentials "include" :credentials "include"
:headers {"x-external-session-id" (cf/external-session-id)}
:query params}) :query params})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response)))) (rx/mapcat handle-response))))
@ -146,6 +147,7 @@
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join cf/public-uri "api/export") :uri (u/join cf/public-uri "api/export")
:body (http/transit-data (dissoc params :blob?)) :body (http/transit-data (dissoc params :blob?))
:headers {"x-external-session-id" (cf/external-session-id)}
:credentials "include" :credentials "include"
:response-type (if blob? :blob :text)}) :response-type (if blob? :blob :text)})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
@ -165,6 +167,7 @@
(->> (http/send! {:method :post (->> (http/send! {:method :post
:uri (u/join cf/public-uri "api/rpc/command/" (name id)) :uri (u/join cf/public-uri "api/rpc/command/" (name id))
:credentials "include" :credentials "include"
:headers {"x-external-session-id" (cf/external-session-id)}
:body (http/form-data params)}) :body (http/form-data params)})
(rx/map http/conditional-decode-transit) (rx/map http/conditional-decode-transit)
(rx/mapcat handle-response))) (rx/mapcat handle-response)))