fix redirect loop, remove user/session services, remove duplicate deleted_at fields (#1162)

* fix redirect loop, remove user/session services, remove duplicate deleted_at fields * change loop * reuse err variable * wrap errors, use cookie timeout * wrap error, duplicate if
2025-05-12 00:27:35 +02:00 · 2020-07-30 09:41:57 -06:00 · 2020-07-30 09:41:57 -06:00 · 97f85481f8
commit 97f85481f8
parent 714363fb07
16 changed files with 288 additions and 918 deletions
--- a/authenticate/authenticate.go
+++ b/authenticate/authenticate.go
@ -30,8 +30,6 @@ import (
 	"github.com/pomerium/pomerium/pkg/cryptutil"
 	"github.com/pomerium/pomerium/pkg/grpc"
 	"github.com/pomerium/pomerium/pkg/grpc/databroker"
-	"github.com/pomerium/pomerium/pkg/grpc/session"
-	"github.com/pomerium/pomerium/pkg/grpc/user"
 )

 // ValidateOptions checks that configuration are complete and valid.
@ -101,12 +99,6 @@ type Authenticate struct {
 	// dataBrokerClient is used to retrieve sessions
 	dataBrokerClient databroker.DataBrokerServiceClient

-	// sessionClient is used to create sessions
-	sessionClient session.SessionServiceClient
-
-	// userClient is used to update users
-	userClient user.UserServiceClient
-
 	// guard administrator below.
 	administratorMu sync.Mutex
 	// administrators keeps track of administrator users.
@ -164,8 +156,6 @@ func New(opts *config.Options) (*Authenticate, error) {
 	}

 	dataBrokerClient := databroker.NewDataBrokerServiceClient(dataBrokerConn)
-	sessionClient := session.NewSessionServiceClient(dataBrokerConn)
-	userClient := user.NewUserServiceClient(dataBrokerConn)

 	qpStore := queryparam.NewStore(encryptedEncoder, urlutil.QueryProgrammaticToken)
 	headerStore := header.NewStore(encryptedEncoder, httputil.AuthorizationTypePomerium)
@ -207,8 +197,6 @@ func New(opts *config.Options) (*Authenticate, error) {
 		providerName: opts.Provider,
 		// grpc client for cache
 		dataBrokerClient: dataBrokerClient,
-		sessionClient:    sessionClient,
-		userClient:       userClient,
 		jwk:              &jose.JSONWebKeySet{},
 		templates:        template.Must(frontend.NewTemplates()),
 	}
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@ -444,16 +444,10 @@ func (a *Authenticate) getSessionFromCtx(ctx context.Context) (*sessions.State,
 }

 func (a *Authenticate) deleteSession(ctx context.Context, sessionID string) error {
-	if a.sessionClient == nil {
+	if a.dataBrokerClient == nil {
 		return nil
 	}
-
-	_, err := a.sessionClient.Add(ctx, &session.AddRequest{
-		Session: &session.Session{
-			Id:        sessionID,
-			DeletedAt: ptypes.TimestampNow(),
-		},
-	})
+	err := session.Delete(ctx, a.dataBrokerClient, sessionID)
 	return err
 }

@ -534,11 +528,11 @@ func (a *Authenticate) Dashboard(w http.ResponseWriter, r *http.Request) error {
 }

 func (a *Authenticate) saveSessionToDataBroker(ctx context.Context, sessionState *sessions.State, accessToken *oauth2.Token) error {
-	if a.sessionClient == nil || a.userClient == nil {
+	if a.dataBrokerClient == nil {
 		return nil
 	}

-	sessionExpiry, _ := ptypes.TimestampProto(time.Now().Add(time.Hour))
+	sessionExpiry, _ := ptypes.TimestampProto(time.Now().Add(a.cookieOptions.Expire))
 	var idTokenExpiry *timestamppb.Timestamp
 	if sessionState.Expiry != nil {
 		idTokenExpiry, _ = ptypes.TimestampProto(sessionState.Expiry.Time())
@ -570,17 +564,13 @@ func (a *Authenticate) saveSessionToDataBroker(ctx context.Context, sessionState
 		if err != nil {
 			return fmt.Errorf("authenticate: error retrieving user info: %w", err)
 		}
-		_, err = a.userClient.Add(ctx, &user.AddRequest{
-			User: mu.User,
-		})
+		_, err = user.Set(ctx, a.dataBrokerClient, mu.User)
 		if err != nil {
 			return fmt.Errorf("authenticate: error saving user: %w", err)
 		}
 	}

-	res, err := a.sessionClient.Add(ctx, &session.AddRequest{
-		Session: s,
-	})
+	res, err := session.Set(ctx, a.dataBrokerClient, s)
 	if err != nil {
 		return fmt.Errorf("authenticate: error saving session: %w", err)
 	}
--- a/authenticate/handlers_test.go
+++ b/authenticate/handlers_test.go
@ -14,6 +14,7 @@ import (
 	"time"

 	"google.golang.org/grpc"
+	"google.golang.org/protobuf/types/known/emptypb"

 	"github.com/pomerium/pomerium/internal/encoding"
 	"github.com/pomerium/pomerium/internal/encoding/jws"
@ -238,6 +239,9 @@ func TestAuthenticate_SignOut(t *testing.T) {
 				templates:        template.Must(frontend.NewTemplates()),
 				sharedEncoder:    mock.Encoder{},
 				dataBrokerClient: mockDataBrokerServiceClient{
+					delete: func(ctx context.Context, in *databroker.DeleteRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+						return nil, nil
+					},
 					get: func(ctx context.Context, in *databroker.GetRequest, opts ...grpc.CallOption) (*databroker.GetResponse, error) {
 						data, err := ptypes.MarshalAny(&session.Session{
 							Id: "SESSION_ID",
@ -626,7 +630,12 @@ func TestAuthenticate_Dashboard(t *testing.T) {
 type mockDataBrokerServiceClient struct {
 	databroker.DataBrokerServiceClient

-	get func(ctx context.Context, in *databroker.GetRequest, opts ...grpc.CallOption) (*databroker.GetResponse, error)
+	delete func(ctx context.Context, in *databroker.DeleteRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
+	get    func(ctx context.Context, in *databroker.GetRequest, opts ...grpc.CallOption) (*databroker.GetResponse, error)
+}
+
+func (m mockDataBrokerServiceClient) Delete(ctx context.Context, in *databroker.DeleteRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+	return m.delete(ctx, in, opts...)
 }

 func (m mockDataBrokerServiceClient) Get(ctx context.Context, in *databroker.GetRequest, opts ...grpc.CallOption) (*databroker.GetResponse, error) {