From be49de5f345c952130b00c4a62b3fcd1aa67c5b7 Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Thu, 22 Feb 2024 17:09:33 +0530 Subject: [PATCH 1/2] fix(telemetry): added back email for telemetry when using service token --- backend/src/ee/routes/v1/scim-router.ts | 2 +- .../services/permission/permission-service.ts | 2 ++ .../server/plugins/auth/inject-identity.ts | 2 +- backend/src/server/routes/v3/secret-router.ts | 2 +- .../service-token/service-token-dal.ts | 28 +++++++++++++++++-- .../service-token/service-token-service.ts | 2 +- 6 files changed, 31 insertions(+), 7 deletions(-) diff --git a/backend/src/ee/routes/v1/scim-router.ts b/backend/src/ee/routes/v1/scim-router.ts index 095815212a..80eed5231e 100644 --- a/backend/src/ee/routes/v1/scim-router.ts +++ b/backend/src/ee/routes/v1/scim-router.ts @@ -5,7 +5,7 @@ import { verifyAuth } from "@app/server/plugins/auth/verify-auth"; import { AuthMode } from "@app/services/auth/auth-type"; export const registerScimRouter = async (server: FastifyZodProvider) => { - server.addContentTypeParser("application/scim+json", { parseAs: "string" }, function (req, body, done) { + server.addContentTypeParser("application/scim+json", { parseAs: "string" }, (_, body, done) => { try { const strBody = body instanceof Buffer ? body.toString() : body; diff --git a/backend/src/ee/services/permission/permission-service.ts b/backend/src/ee/services/permission/permission-service.ts index 4735312e40..67db2473cf 100644 --- a/backend/src/ee/services/permission/permission-service.ts +++ b/backend/src/ee/services/permission/permission-service.ts @@ -177,6 +177,8 @@ export const permissionServiceFactory = ({ const getServiceTokenProjectPermission = async (serviceTokenId: string, projectId: string) => { const serviceToken = await serviceTokenDAL.findById(serviceTokenId); + if (!serviceToken) throw new BadRequestError({ message: "Service token not found" }); + if (serviceToken.projectId !== projectId) throw new UnauthorizedError({ message: "Failed to find service authorization for given project" diff --git a/backend/src/server/plugins/auth/inject-identity.ts b/backend/src/server/plugins/auth/inject-identity.ts index cf8d9dea33..3a0a0ab39f 100644 --- a/backend/src/server/plugins/auth/inject-identity.ts +++ b/backend/src/server/plugins/auth/inject-identity.ts @@ -27,7 +27,7 @@ export type TAuthMode = } | { authMode: AuthMode.SERVICE_TOKEN; - serviceToken: TServiceTokens; + serviceToken: TServiceTokens & { createdByEmail: string }; actor: ActorType.SERVICE; serviceTokenId: string; } diff --git a/backend/src/server/routes/v3/secret-router.ts b/backend/src/server/routes/v3/secret-router.ts index 1aac862050..1ba5b4e082 100644 --- a/backend/src/server/routes/v3/secret-router.ts +++ b/backend/src/server/routes/v3/secret-router.ts @@ -28,7 +28,7 @@ const getDistinctId = (req: FastifyRequest) => { return `identity-${req.auth.identityId}`; } if (req.auth.actor === ActorType.SERVICE) { - return `service-token-${req.auth.serviceToken.id}`; + return req.auth.serviceToken.createdByEmail || `service-token-${req.auth.serviceTokenId}`; // when user gets removed from system } return "unknown-auth-data"; }; diff --git a/backend/src/services/service-token/service-token-dal.ts b/backend/src/services/service-token/service-token-dal.ts index b94c7ee352..5d3fcc5c80 100644 --- a/backend/src/services/service-token/service-token-dal.ts +++ b/backend/src/services/service-token/service-token-dal.ts @@ -1,10 +1,32 @@ +import { Knex } from "knex"; + import { TDbClient } from "@app/db"; -import { TableName } from "@app/db/schemas"; -import { ormify } from "@app/lib/knex"; +import { TableName, TUsers } from "@app/db/schemas"; +import { DatabaseError } from "@app/lib/errors"; +import { ormify, selectAllTableCols } from "@app/lib/knex"; export type TServiceTokenDALFactory = ReturnType; export const serviceTokenDALFactory = (db: TDbClient) => { const stOrm = ormify(db, TableName.ServiceToken); - return stOrm; + + const findById = async (id: string, tx?: Knex) => { + try { + const doc = await (tx || db)(TableName.ServiceToken) + .leftJoin( + TableName.Users, + `${TableName.Users}.id`, + db.raw(`${TableName.ServiceToken}."createdBy"::uuid`) + ) + .where(`${TableName.ServiceToken}.id`, id) + .select(selectAllTableCols(TableName.ServiceToken)) + .select(db.ref("email").withSchema(TableName.Users).as("createdByEmail")) + .first(); + return doc; + } catch (err) { + throw new DatabaseError({ error: err, name: "FindById" }); + } + }; + + return { ...stOrm, findById }; }; diff --git a/backend/src/services/service-token/service-token-service.ts b/backend/src/services/service-token/service-token-service.ts index 76d33bd6b4..cce0d3780f 100644 --- a/backend/src/services/service-token/service-token-service.ts +++ b/backend/src/services/service-token/service-token-service.ts @@ -142,7 +142,7 @@ export const serviceTokenServiceFactory = ({ const updatedToken = await serviceTokenDAL.updateById(serviceToken.id, { lastUsed: new Date() }); - return updatedToken; + return { ...serviceToken, lastUsed: updatedToken.lastUsed }; }; return { From 0b258e39189528e341894c66e5f754a8820efbdf Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Thu, 22 Feb 2024 15:06:00 -0500 Subject: [PATCH 2/2] make clear service token with null creator --- backend/src/server/routes/v3/secret-router.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/server/routes/v3/secret-router.ts b/backend/src/server/routes/v3/secret-router.ts index 1ba5b4e082..6bbb437adf 100644 --- a/backend/src/server/routes/v3/secret-router.ts +++ b/backend/src/server/routes/v3/secret-router.ts @@ -28,7 +28,7 @@ const getDistinctId = (req: FastifyRequest) => { return `identity-${req.auth.identityId}`; } if (req.auth.actor === ActorType.SERVICE) { - return req.auth.serviceToken.createdByEmail || `service-token-${req.auth.serviceTokenId}`; // when user gets removed from system + return req.auth.serviceToken.createdByEmail || `service-token-null-creator-${req.auth.serviceTokenId}`; // when user gets removed from system } return "unknown-auth-data"; };