rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-29 09:07:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(users): Send profile_id in JWT and user_info APIs (#5817)

Browse Source
This commit is contained in:
Mani Chandra
2024-09-05 19:01:24 +05:30
committed by GitHub
parent dfebc29c2b
commit 4d499038c0
9 changed files with 111 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/api_models/src/user.rs
View File

@ -1,6 +1,6 @@
use std::fmt::Debug; use std::fmt::Debug;
use common_enums::{PermissionGroup, RoleScope, TokenPurpose}; use common_enums::{EntityType, PermissionGroup, RoleScope, TokenPurpose};
use common_utils::{crypto::OptionalEncryptableName, id_type, pii}; use common_utils::{crypto::OptionalEncryptableName, id_type, pii};
use masking::Secret; use masking::Secret;
@ -158,6 +158,8 @@ pub struct GetUserDetailsResponse {
pub org_id: id_type::OrganizationId, pub org_id: id_type::OrganizationId,
pub is_two_factor_auth_setup: bool, pub is_two_factor_auth_setup: bool,
pub recovery_codes_left: Option<usize>, pub recovery_codes_left: Option<usize>,
pub profile_id: id_type::ProfileId,
pub entity_type: EntityType,
} }
#[derive(Debug, serde::Deserialize, serde::Serialize)] #[derive(Debug, serde::Deserialize, serde::Serialize)]
@ -185,7 +187,7 @@ pub struct GetUserRoleDetailsResponseV2 {
pub merchant: Option<NameIdUnit<OptionalEncryptableName, id_type::MerchantId>>, pub merchant: Option<NameIdUnit<OptionalEncryptableName, id_type::MerchantId>>,
pub profile: Option<NameIdUnit<String, id_type::ProfileId>>, pub profile: Option<NameIdUnit<String, id_type::ProfileId>>,
pub status: UserStatus, pub status: UserStatus,
pub entity_type: common_enums::EntityType, pub entity_type: EntityType,
} }
#[derive(Debug, Clone, serde::Deserialize, serde::Serialize)] #[derive(Debug, Clone, serde::Deserialize, serde::Serialize)]

2
crates/api_models/src/user_role/role.rs
View File

@ -63,5 +63,5 @@ pub enum RoleCheckType {
#[derive(Debug, serde::Serialize, Clone)] #[derive(Debug, serde::Serialize, Clone)]
pub struct MinimalRoleInfo { pub struct MinimalRoleInfo {
pub role_id: String, pub role_id: String,
pub role_name: String, pub role_name: Option<String>,
} }

56
crates/router/src/core/user.rs
View File

@ -100,6 +100,14 @@ pub async fn get_user_details(
) -> UserResponse<user_api::GetUserDetailsResponse> { ) -> UserResponse<user_api::GetUserDetailsResponse> {
let user = user_from_token.get_user_from_db(&state).await?; let user = user_from_token.get_user_from_db(&state).await?;
let verification_days_left = utils::user::get_verification_days_left(&state, &user)?; let verification_days_left = utils::user::get_verification_days_left(&state, &user)?;
let role_info = roles::RoleInfo::from_role_id(
&state,
&user_from_token.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
.change_context(UserErrors::InternalServerError)?;
Ok(ApplicationResponse::Json( Ok(ApplicationResponse::Json(
user_api::GetUserDetailsResponse { user_api::GetUserDetailsResponse {
@ -112,6 +120,10 @@ pub async fn get_user_details(
org_id: user_from_token.org_id, org_id: user_from_token.org_id,
is_two_factor_auth_setup: user.get_totp_status() == TotpStatus::Set, is_two_factor_auth_setup: user.get_totp_status() == TotpStatus::Set,
recovery_codes_left: user.get_recovery_codes().map(|codes| codes.len()), recovery_codes_left: user.get_recovery_codes().map(|codes| codes.len()),
profile_id: user_from_token
.profile_id
.ok_or(UserErrors::JwtProfileIdMissing)?,
entity_type: role_info.get_entity_type(),
}, },
)) ))
} }
@ -1185,13 +1197,12 @@ pub async fn switch_merchant_id(
})? })?
.organization_id; .organization_id;
let token = utils::user::generate_jwt_auth_token_with_attributes( let token = utils::user::generate_jwt_auth_token_with_attributes_without_profile(
&state, &state,
user_from_token.user_id, user_from_token.user_id,
request.merchant_id.clone(), request.merchant_id.clone(),
org_id.clone(), org_id.clone(),
user_from_token.role_id.clone(), user_from_token.role_id.clone(),
None,
) )
.await?; .await?;
@ -2792,7 +2803,6 @@ pub async fn switch_org_for_user(
.into()); .into());
} }
let key_manager_state = &(&state).into();
let role_info = roles::RoleInfo::from_role_id( let role_info = roles::RoleInfo::from_role_id(
&state, &state,
&user_from_token.role_id, &user_from_token.role_id,
@ -2830,38 +2840,8 @@ pub async fn switch_org_for_user(
"No user role found for the requested org_id".to_string(), "No user role found for the requested org_id".to_string(),
))?; ))?;
let merchant_id = utils::user_role::get_single_merchant_id(&state, &user_role).await?; let (merchant_id, profile_id) =
utils::user_role::get_single_merchant_id_and_profile_id(&state, &user_role).await?;
let profile_id = if let Some(profile_id) = &user_role.profile_id {
profile_id.clone()
} else {
let merchant_key_store = state
.store
.get_merchant_key_store_by_merchant_id(
key_manager_state,
&merchant_id,
&state.store.get_master_key().to_vec().into(),
)
.await
.change_context(UserErrors::InternalServerError)
.attach_printable("Failed to retrieve merchant key store by merchant_id")?;
state
.store
.list_business_profile_by_merchant_id(
key_manager_state,
&merchant_key_store,
&merchant_id,
)
.await
.change_context(UserErrors::InternalServerError)
.attach_printable("Failed to list business profiles by merchant_id")?
.pop()
.ok_or(UserErrors::InternalServerError)
.attach_printable("No business profile found for the merchant_id")?
.get_id()
.to_owned()
};
let token = utils::user::generate_jwt_auth_token_with_attributes( let token = utils::user::generate_jwt_auth_token_with_attributes(
&state, &state,
@ -2869,7 +2849,7 @@ pub async fn switch_org_for_user(
merchant_id.clone(), merchant_id.clone(),
request.org_id.clone(), request.org_id.clone(),
user_role.role_id.clone(), user_role.role_id.clone(),
Some(profile_id.clone()), profile_id.clone(),
) )
.await?; .await?;
@ -3078,7 +3058,7 @@ pub async fn switch_merchant_for_user_in_org(
merchant_id.clone(), merchant_id.clone(),
org_id.clone(), org_id.clone(),
role_id.clone(), role_id.clone(),
Some(profile_id), profile_id,
) )
.await?; .await?;
@ -3183,7 +3163,7 @@ pub async fn switch_profile_for_user_in_org_and_merchant(
user_from_token.merchant_id.clone(), user_from_token.merchant_id.clone(),
user_from_token.org_id.clone(), user_from_token.org_id.clone(),
role_id.clone(), role_id.clone(),
Some(profile_id), profile_id,
) )
.await?; .await?;

34
crates/router/src/core/user_role.rs
View File

@ -744,30 +744,6 @@ pub async fn list_users_in_lineage(
.map(|user| (user.user_id.clone(), user.email)) .map(|user| (user.user_id.clone(), user.email))
.collect::<HashMap<_, _>>(); .collect::<HashMap<_, _>>();
let role_info_map =
futures::future::try_join_all(user_roles_set.iter().map(|user_role| async {
roles::RoleInfo::from_role_id(
&state,
&user_role.role_id,
&user_from_token.merchant_id,
&user_from_token.org_id,
)
.await
.map(|role_info| {
(
user_role.role_id.clone(),
user_role_api::role::MinimalRoleInfo {
role_id: user_role.role_id.clone(),
role_name: role_info.get_role_name().to_string(),
},
)
})
}))
.await
.change_context(UserErrors::InternalServerError)?
.into_iter()
.collect::<HashMap<_, _>>();
let user_role_map = user_roles_set let user_role_map = user_roles_set
.into_iter() .into_iter()
.fold(HashMap::new(), |mut map, user_role| { .fold(HashMap::new(), |mut map, user_role| {
@ -787,13 +763,11 @@ pub async fn list_users_in_lineage(
.ok_or(UserErrors::InternalServerError)?, .ok_or(UserErrors::InternalServerError)?,
roles: role_id_vec roles: role_id_vec
.into_iter() .into_iter()
.map(|role_id| { .map(|role_id| user_role_api::role::MinimalRoleInfo {
role_info_map role_id,
.get(&role_id) role_name: None,
.cloned()
.ok_or(UserErrors::InternalServerError)
}) })
.collect::<Result<Vec<_>, _>>()?, .collect(),
}) })
}) })
.collect::<Result<Vec<_>, _>>()?, .collect::<Result<Vec<_>, _>>()?,

2
crates/router/src/core/user_role/role.rs
View File

@ -348,7 +348,7 @@ pub async fn list_roles_at_entity_level(
if check_type && role_info.get_entity_type() == req.entity_type { if check_type && role_info.get_entity_type() == req.entity_type {
Some(role_api::MinimalRoleInfo { Some(role_api::MinimalRoleInfo {
role_id: role_info.get_role_id().to_string(), role_id: role_info.get_role_id().to_string(),
role_name: role_info.get_role_name().to_string(), role_name: Some(role_info.get_role_name().to_string()),
}) })
} else { } else {
None None

46
crates/router/src/types/domain/user.rs
View File

@ -5,7 +5,7 @@ use api_models::{
}; };
use common_enums::EntityType; use common_enums::EntityType;
use common_utils::{ use common_utils::{
crypto::Encryptable, errors::CustomResult, id_type, new_type::MerchantName, pii, type_name, crypto::Encryptable, id_type, new_type::MerchantName, pii, type_name,
types::keymanager::Identifier, types::keymanager::Identifier,
}; };
use diesel_models::{ use diesel_models::{
@ -28,7 +28,7 @@ use crate::{
consts, consts,
core::{ core::{
admin, admin,
errors::{self, UserErrors, UserResult}, errors::{UserErrors, UserResult},
}, },
db::{user_role::InsertUserRolePayload, GlobalStorageInterface}, db::{user_role::InsertUserRolePayload, GlobalStorageInterface},
routes::SessionState, routes::SessionState,
@ -867,22 +867,6 @@ impl UserFromStorage {
self.0.email.clone() self.0.email.clone()
} }
pub async fn get_role_from_db(&self, state: SessionState) -> UserResult<UserRole> {
state
.store
.find_user_role_by_user_id(&self.0.user_id, UserRoleVersion::V1)
.await
.change_context(UserErrors::InternalServerError)
}
pub async fn get_roles_from_db(&self, state: &SessionState) -> UserResult<Vec<UserRole>> {
state
.store
.list_user_roles_by_user_id_and_version(&self.0.user_id, UserRoleVersion::V1)
.await
.change_context(UserErrors::InternalServerError)
}
#[cfg(feature = "email")] #[cfg(feature = "email")]
pub fn get_verification_days_left(&self, state: &SessionState) -> UserResult<Option<i64>> { pub fn get_verification_days_left(&self, state: &SessionState) -> UserResult<Option<i64>> {
if self.0.is_verified { if self.0.is_verified {
@ -930,21 +914,6 @@ impl UserFromStorage {
Ok(days_left_for_password_rotate.whole_days() < 0) Ok(days_left_for_password_rotate.whole_days() < 0)
} }
pub async fn get_role_from_db_by_merchant_id(
&self,
state: &SessionState,
merchant_id: &id_type::MerchantId,
) -> CustomResult<UserRole, errors::StorageError> {
state
.store
.find_user_role_by_user_id_merchant_id(
self.get_user_id(),
merchant_id,
UserRoleVersion::V1,
)
.await
}
pub async fn get_or_create_key_store(&self, state: &SessionState) -> UserResult<UserKeyStore> { pub async fn get_or_create_key_store(&self, state: &SessionState) -> UserResult<UserKeyStore> {
let master_key = state.store.get_master_key(); let master_key = state.store.get_master_key();
let key_manager_state = &state.into(); let key_manager_state = &state.into();
@ -1253,7 +1222,7 @@ where
} }
} }
async fn insert_v1_and_v2_in_db_and_get_v1( async fn insert_v1_and_v2_in_db_and_get_v2(
state: &SessionState, state: &SessionState,
v1_role: UserRoleNew, v1_role: UserRoleNew,
v2_role: UserRoleNew, v2_role: UserRoleNew,
@ -1264,10 +1233,9 @@ where
.await .await
.change_context(UserErrors::InternalServerError)?; .change_context(UserErrors::InternalServerError)?;
// Returning v1 role so other code which was not migrated doesn't break
inserted_roles inserted_roles
.into_iter() .into_iter()
.find(|role| role.version == UserRoleVersion::V1) .find(|role| role.version == UserRoleVersion::V2)
.ok_or(report!(UserErrors::InternalServerError)) .ok_or(report!(UserErrors::InternalServerError))
} }
} }
@ -1323,7 +1291,7 @@ impl NewUserRole<OrganizationLevel> {
entity_type: EntityType::Organization, entity_type: EntityType::Organization,
}); });
Self::insert_v1_and_v2_in_db_and_get_v1(state, new_v1_role, new_v2_role).await Self::insert_v1_and_v2_in_db_and_get_v2(state, new_v1_role, new_v2_role).await
} }
} }
@ -1343,7 +1311,7 @@ impl NewUserRole<MerchantLevel> {
entity_type: EntityType::Merchant, entity_type: EntityType::Merchant,
}); });
Self::insert_v1_and_v2_in_db_and_get_v1(state, new_v1_role, new_v2_role).await Self::insert_v1_and_v2_in_db_and_get_v2(state, new_v1_role, new_v2_role).await
} }
} }
@ -1366,7 +1334,7 @@ impl NewUserRole<InternalLevel> {
entity_type: EntityType::Internal, entity_type: EntityType::Internal,
}); });
Self::insert_v1_and_v2_in_db_and_get_v1(state, new_v1_role, new_v2_role).await Self::insert_v1_and_v2_in_db_and_get_v2(state, new_v1_role, new_v2_role).await
} }
} }

40
crates/router/src/types/domain/user/decision_manager.rs
View File

@ -1,8 +1,5 @@
use common_enums::TokenPurpose; use common_enums::TokenPurpose;
use diesel_models::{ use diesel_models::{enums::UserStatus, user_role::UserRole};
enums::{UserRoleVersion, UserStatus},
user_role::UserRole,
};
use error_stack::{report, ResultExt}; use error_stack::{report, ResultExt};
use masking::Secret; use masking::Secret;
@ -67,10 +64,21 @@ impl SPTFlow {
Self::ForceSetPassword => user Self::ForceSetPassword => user
.is_password_rotate_required(state) .is_password_rotate_required(state)
.map(|rotate_required| rotate_required && !path.contains(&TokenPurpose::SSO)), .map(|rotate_required| rotate_required && !path.contains(&TokenPurpose::SSO)),
Self::MerchantSelect => user Self::MerchantSelect => Ok(state
.get_roles_from_db(state) .store
.list_user_roles_by_user_id(ListUserRolesByUserIdPayload {
user_id: user.get_user_id(),
org_id: None,
merchant_id: None,
profile_id: None,
entity_id: None,
version: None,
status: Some(UserStatus::Active),
limit: Some(1),
})
.await .await
.map(|roles| !roles.iter().any(|role| role.status == UserStatus::Active)), .change_context(UserErrors::InternalServerError)?
.is_empty()),
} }
} }
@ -105,15 +113,17 @@ impl JWTFlow {
Ok(true) Ok(true)
} }
pub async fn generate_jwt_without_profile( pub async fn generate_jwt(
self, self,
state: &SessionState, state: &SessionState,
next_flow: &NextFlow, next_flow: &NextFlow,
user_role: &UserRole, user_role: &UserRole,
) -> UserResult<Secret<String>> { ) -> UserResult<Secret<String>> {
let (merchant_id, profile_id) =
utils::user_role::get_single_merchant_id_and_profile_id(state, user_role).await?;
auth::AuthToken::new_token( auth::AuthToken::new_token(
next_flow.user.get_user_id().to_string(), next_flow.user.get_user_id().to_string(),
utils::user_role::get_single_merchant_id(state, user_role).await?, merchant_id,
user_role.role_id.clone(), user_role.role_id.clone(),
&state.conf, &state.conf,
user_role user_role
@ -121,7 +131,7 @@ impl JWTFlow {
.clone() .clone()
.ok_or(report!(UserErrors::InternalServerError)) .ok_or(report!(UserErrors::InternalServerError))
.attach_printable("org_id not found")?, .attach_printable("org_id not found")?,
None, Some(profile_id),
) )
.await .await
.map(|token| token.into()) .map(|token| token.into())
@ -296,7 +306,7 @@ impl NextFlow {
merchant_id: None, merchant_id: None,
profile_id: None, profile_id: None,
entity_id: None, entity_id: None,
version: Some(UserRoleVersion::V1), version: None,
status: Some(UserStatus::Active), status: Some(UserStatus::Active),
limit: Some(1), limit: Some(1),
}) })
@ -307,9 +317,7 @@ impl NextFlow {
utils::user_role::set_role_permissions_in_cache_by_user_role(state, &user_role) utils::user_role::set_role_permissions_in_cache_by_user_role(state, &user_role)
.await; .await;
jwt_flow jwt_flow.generate_jwt(state, self, &user_role).await
.generate_jwt_without_profile(state, self, &user_role)
.await
} }
} }
} }
@ -329,9 +337,7 @@ impl NextFlow {
utils::user_role::set_role_permissions_in_cache_by_user_role(state, user_role) utils::user_role::set_role_permissions_in_cache_by_user_role(state, user_role)
.await; .await;
jwt_flow jwt_flow.generate_jwt(state, self, user_role).await
.generate_jwt_without_profile(state, self, user_role)
.await
} }
} }
} }

16
crates/router/src/utils/user.rs
View File

@ -108,13 +108,25 @@ pub async fn generate_jwt_auth_token_without_profile(
Ok(Secret::new(token)) Ok(Secret::new(token))
} }
pub async fn generate_jwt_auth_token_with_attributes_without_profile(
state: &SessionState,
user_id: String,
merchant_id: id_type::MerchantId,
org_id: id_type::OrganizationId,
role_id: String,
) -> UserResult<Secret<String>> {
let token =
AuthToken::new_token(user_id, merchant_id, role_id, &state.conf, org_id, None).await?;
Ok(Secret::new(token))
}
pub async fn generate_jwt_auth_token_with_attributes( pub async fn generate_jwt_auth_token_with_attributes(
state: &SessionState, state: &SessionState,
user_id: String, user_id: String,
merchant_id: id_type::MerchantId, merchant_id: id_type::MerchantId,
org_id: id_type::OrganizationId, org_id: id_type::OrganizationId,
role_id: String, role_id: String,
profile_id: Option<id_type::ProfileId>, profile_id: id_type::ProfileId,
) -> UserResult<Secret<String>> { ) -> UserResult<Secret<String>> {
let token = AuthToken::new_token( let token = AuthToken::new_token(
user_id, user_id,
@ -122,7 +134,7 @@ pub async fn generate_jwt_auth_token_with_attributes(
role_id, role_id,
&state.conf, &state.conf,
org_id, org_id,
profile_id, Some(profile_id),
) )
.await?; .await?;
Ok(Secret::new(token)) Ok(Secret::new(token))

39
crates/router/src/utils/user_role.rs
View File

@ -358,3 +358,42 @@ pub async fn get_lineage_for_user_id_and_entity_for_accepting_invite(
} }
} }
} }
pub async fn get_single_merchant_id_and_profile_id(
state: &SessionState,
user_role: &UserRole,
) -> UserResult<(id_type::MerchantId, id_type::ProfileId)> {
let merchant_id = get_single_merchant_id(state, user_role).await?;
let (_, entity_type) = user_role
.get_entity_id_and_type()
.ok_or(UserErrors::InternalServerError)?;
let profile_id = match entity_type {
EntityType::Organization | EntityType::Merchant | EntityType::Internal => {
let key_store = state
.store
.get_merchant_key_store_by_merchant_id(
&state.into(),
&merchant_id,
&state.store.get_master_key().to_vec().into(),
)
.await
.change_context(UserErrors::InternalServerError)?;
state
.store
.list_business_profile_by_merchant_id(&state.into(), &key_store, &merchant_id)
.await
.change_context(UserErrors::InternalServerError)?
.pop()
.ok_or(UserErrors::InternalServerError)?
.get_id()
.to_owned()
}
EntityType::Profile => user_role
.profile_id
.clone()
.ok_or(UserErrors::InternalServerError)?,
};
Ok((merchant_id, profile_id))
}