diff --git a/api/grpc/auth/v1/auth.pb.go b/api/grpc/auth/v1/auth.pb.go index 8578269ea..101e5f72d 100644 --- a/api/grpc/auth/v1/auth.pb.go +++ b/api/grpc/auth/v1/auth.pb.go @@ -10,11 +10,12 @@ package v1 import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( @@ -74,6 +75,7 @@ type AuthNRes struct { UserId string `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` UserRole uint32 `protobuf:"varint,3,opt,name=user_role,json=userRole,proto3" json:"user_role,omitempty"` Verified bool `protobuf:"varint,4,opt,name=verified,proto3" json:"verified,omitempty"` + TokenType uint32 `protobuf:"varint,5,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -136,6 +138,13 @@ func (x *AuthNRes) GetVerified() bool { return false } +func (x *AuthNRes) GetTokenType() uint32 { + if x != nil { + return x.TokenType + } + return 0 +} + type PolicyReq struct { state protoimpl.MessageState `protogen:"open.v1"` Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"` @@ -438,12 +447,14 @@ const file_auth_v1_auth_proto_rawDesc = "" + "\n" + "\x12auth/v1/auth.proto\x12\aauth.v1\" \n" + "\bAuthNReq\x12\x14\n" + - "\x05token\x18\x01 \x01(\tR\x05token\"l\n" + + "\x05token\x18\x01 \x01(\tR\x05token\"\x8b\x01\n" + "\bAuthNRes\x12\x0e\n" + "\x02id\x18\x01 \x01(\tR\x02id\x12\x17\n" + "\auser_id\x18\x02 \x01(\tR\x06userId\x12\x1b\n" + "\tuser_role\x18\x03 \x01(\rR\buserRole\x12\x1a\n" + - "\bverified\x18\x04 \x01(\bR\bverified\"\xa3\x02\n" + + "\bverified\x18\x04 \x01(\bR\bverified\x12\x1d\n" + + "\n" + + "token_type\x18\x05 \x01(\rR\ttokenType\"\xa3\x02\n" + "\tPolicyReq\x12\x16\n" + "\x06domain\x18\x01 \x01(\tR\x06domain\x12!\n" + "\fsubject_type\x18\x02 \x01(\tR\vsubjectType\x12!\n" + diff --git a/auth/api/grpc/auth/client.go b/auth/api/grpc/auth/client.go index 8dd6624bf..c03989280 100644 --- a/auth/api/grpc/auth/client.go +++ b/auth/api/grpc/auth/client.go @@ -57,7 +57,7 @@ func (client authGrpcClient) Authenticate(ctx context.Context, token *grpcAuthV1 return &grpcAuthV1.AuthNRes{}, grpcapi.DecodeError(err) } ir := res.(authenticateRes) - return &grpcAuthV1.AuthNRes{Id: ir.id, UserId: ir.userID, UserRole: uint32(ir.userRole), Verified: ir.verified}, nil + return &grpcAuthV1.AuthNRes{Id: ir.id, UserId: ir.userID, UserRole: uint32(ir.userRole), Verified: ir.verified, TokenType: uint32(ir.tokenType)}, nil } func encodeIdentifyRequest(_ context.Context, grpcReq any) (any, error) { @@ -67,7 +67,7 @@ func encodeIdentifyRequest(_ context.Context, grpcReq any) (any, error) { func decodeIdentifyResponse(_ context.Context, grpcRes any) (any, error) { res := grpcRes.(*grpcAuthV1.AuthNRes) - return authenticateRes{id: res.GetId(), userID: res.GetUserId(), userRole: auth.Role(res.UserRole), verified: res.GetVerified()}, nil + return authenticateRes{id: res.GetId(), userID: res.GetUserId(), userRole: auth.Role(res.UserRole), verified: res.GetVerified(), tokenType: auth.KeyType(res.GetTokenType())}, nil } func (client authGrpcClient) Authorize(ctx context.Context, req *grpcAuthV1.AuthZReq, _ ...grpc.CallOption) (r *grpcAuthV1.AuthZRes, err error) { diff --git a/auth/api/grpc/auth/endpoint.go b/auth/api/grpc/auth/endpoint.go index 8d47ae50f..6b669a99a 100644 --- a/auth/api/grpc/auth/endpoint.go +++ b/auth/api/grpc/auth/endpoint.go @@ -23,7 +23,7 @@ func authenticateEndpoint(svc auth.Service) endpoint.Endpoint { return authenticateRes{}, err } - return authenticateRes{id: key.ID, userID: key.Subject, userRole: key.Role, verified: key.Verified}, nil + return authenticateRes{id: key.ID, userID: key.Subject, userRole: key.Role, verified: key.Verified, tokenType: key.Type}, nil } } diff --git a/auth/api/grpc/auth/endpoint_test.go b/auth/api/grpc/auth/endpoint_test.go index 7f0cbffef..19233f48f 100644 --- a/auth/api/grpc/auth/endpoint_test.go +++ b/auth/api/grpc/auth/endpoint_test.go @@ -93,7 +93,7 @@ func TestIdentify(t *testing.T) { desc: "authenticate user with valid PAT token", token: "pat_" + validPATToken, key: auth.Key{ID: id, Type: auth.PersonalAccessToken, Subject: clientID, Role: auth.UserRole}, - idt: &grpcAuthV1.AuthNRes{Id: id, UserId: clientID, UserRole: uint32(auth.UserRole)}, + idt: &grpcAuthV1.AuthNRes{Id: id, UserId: clientID, UserRole: uint32(auth.UserRole), TokenType: uint32(auth.PersonalAccessToken)}, err: nil, }, { diff --git a/auth/api/grpc/auth/responses.go b/auth/api/grpc/auth/responses.go index fbfea2b8f..afeeb1b12 100644 --- a/auth/api/grpc/auth/responses.go +++ b/auth/api/grpc/auth/responses.go @@ -3,13 +3,14 @@ package auth -import smqauth "github.com/absmach/magistrala/auth" +import "github.com/absmach/magistrala/auth" type authenticateRes struct { - id string - userID string - userRole smqauth.Role - verified bool + id string + userID string + userRole auth.Role + verified bool + tokenType auth.KeyType } type authorizeRes struct { diff --git a/auth/api/grpc/auth/server.go b/auth/api/grpc/auth/server.go index c456a2a65..34a1eac5f 100644 --- a/auth/api/grpc/auth/server.go +++ b/auth/api/grpc/auth/server.go @@ -60,7 +60,7 @@ func decodeAuthenticateRequest(_ context.Context, grpcReq any) (any, error) { func encodeAuthenticateResponse(_ context.Context, grpcRes any) (any, error) { res := grpcRes.(authenticateRes) - return &grpcAuthV1.AuthNRes{Id: res.id, UserId: res.userID, UserRole: uint32(res.userRole), Verified: res.verified}, nil + return &grpcAuthV1.AuthNRes{Id: res.id, UserId: res.userID, UserRole: uint32(res.userRole), Verified: res.verified, TokenType: uint32(res.tokenType)}, nil } func decodeAuthorizeRequest(_ context.Context, grpcReq any) (any, error) { diff --git a/internal/proto/auth/v1/auth.proto b/internal/proto/auth/v1/auth.proto index 790eec4bf..b5d6f82c4 100644 --- a/internal/proto/auth/v1/auth.proto +++ b/internal/proto/auth/v1/auth.proto @@ -23,6 +23,7 @@ message AuthNRes { string user_id = 2; uint32 user_role = 3; bool verified = 4; + uint32 token_type = 5; } message PolicyReq { diff --git a/pkg/authn/authsvc/authn.go b/pkg/authn/authsvc/authn.go index 599f258d1..1a9536c4d 100644 --- a/pkg/authn/authsvc/authn.go +++ b/pkg/authn/authsvc/authn.go @@ -7,6 +7,7 @@ import ( "context" grpcAuthV1 "github.com/absmach/magistrala/api/grpc/auth/v1" + mgauth "github.com/absmach/magistrala/auth" "github.com/absmach/magistrala/auth/api/grpc/auth" "github.com/absmach/magistrala/pkg/authn" "github.com/absmach/magistrala/pkg/errors" @@ -43,7 +44,7 @@ func (a authentication) Authenticate(ctx context.Context, token string) (authn.S return authn.Session{}, errors.Wrap(errors.ErrAuthentication, err) } - if res.GetId() != "" { + if res.GetTokenType() == uint32(mgauth.PersonalAccessToken) { return authn.Session{Type: authn.PersonalAccessToken, PatID: res.GetId(), UserID: res.GetUserId(), Role: authn.Role(res.GetUserRole())}, nil }