From 6c1e13b6e5e5a6c8b6c80914d9e281969eb3e303 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Thu, 20 May 2021 10:46:45 +0200 Subject: [PATCH] :sparkles: Improve profile props handling and audit log integration. --- backend/src/app/http/oauth.clj | 27 +++++++------- backend/src/app/rpc.clj | 3 +- backend/src/app/rpc/mutations/profile.clj | 43 ++++++++++++----------- 3 files changed, 38 insertions(+), 35 deletions(-) diff --git a/backend/src/app/http/oauth.clj b/backend/src/app/http/oauth.clj index 63b9f481d..41a40ab18 100644 --- a/backend/src/app/http/oauth.clj +++ b/backend/src/app/http/oauth.clj @@ -6,7 +6,6 @@ (ns app.http.oauth (:require - [app.common.data :as d] [app.common.exceptions :as ex] [app.common.spec :as us] [app.common.uri :as u] @@ -99,10 +98,11 @@ res (http/send! req)] (when (= 200 (:status res)) - (let [{:keys [name] :as data} (json/read-str (:body res) :key-fn keyword)] - (-> data - (assoc :backend (:name provider)) - (assoc :fullname name))))) + (let [info (json/read-str (:body res) :key-fn keyword)] + {:backend (:name provider) + :email (:email info) + :fullname (:name info) + :props (dissoc info :name :email)}))) (catch Exception e (l/error :hint "unexpected exception on retrieve-user-info" @@ -118,7 +118,8 @@ (retrieve-user-info cfg))] (when-not info (ex/raise :type :internal - :code :unable-to-auth)) + :code :unable-to-auth + :hint "no user info")) ;; If the provider is OIDC, we can proceed to check ;; roles if they are defined. @@ -141,8 +142,10 @@ (some? (:invitation-token state)) (assoc :invitation-token (:invitation-token state)) + ;; If state token comes with props, merge them. The state token + ;; props can contain pm_ and utm_ prefixed query params. (map? (:props state)) - (d/merge (:props state))))) + (update :props merge (:props state))))) ;; --- HTTP HANDLERS @@ -152,7 +155,8 @@ (let [sk (name k)] (cond-> params (or (str/starts-with? sk "pm_") - (str/starts-with? sk "pm-")) + (str/starts-with? sk "pm-") + (str/starts-with? sk "utm_")) (assoc (-> sk str/kebab keyword) v)))) {} params)) @@ -254,9 +258,7 @@ [cfg] (let [opts {:client-id (cf/get :google-client-id) :client-secret (cf/get :google-client-secret) - :scopes #{"email" "profile" "openid" - "https://www.googleapis.com/auth/userinfo.email" - "https://www.googleapis.com/auth/userinfo.profile"} + :scopes #{"openid" "email" "profile"} :auth-uri "https://accounts.google.com/o/oauth2/v2/auth" :token-uri "https://oauth2.googleapis.com/token" :user-uri "https://openidconnect.googleapis.com/v1/userinfo" @@ -272,8 +274,7 @@ [cfg] (let [opts {:client-id (cf/get :github-client-id) :client-secret (cf/get :github-client-secret) - :scopes #{"read:user" - "user:email"} + :scopes #{"read:user" "user:email"} :auth-uri "https://github.com/login/oauth/authorize" :token-uri "https://github.com/login/oauth/access_token" :user-uri "https://api.github.com/user" diff --git a/backend/src/app/rpc.clj b/backend/src/app/rpc.clj index 0ecb9722e..45598854d 100644 --- a/backend/src/app/rpc.clj +++ b/backend/src/app/rpc.clj @@ -108,7 +108,8 @@ (::audit/profile-id resultm)) props (d/merge params (::audit/props resultm))] (audit :submit {:type (::type cfg) - :name (::sv/name mdata) + :name (or (::audit/name resultm) + (::sv/name mdata)) :profile-id profile-id :props props}))) result)))) diff --git a/backend/src/app/rpc/mutations/profile.clj b/backend/src/app/rpc/mutations/profile.clj index f9b680fc9..738c3f550 100644 --- a/backend/src/app/rpc/mutations/profile.clj +++ b/backend/src/app/rpc/mutations/profile.clj @@ -6,7 +6,6 @@ (ns app.rpc.mutations.profile (:require - [app.common.data :as d] [app.common.exceptions :as ex] [app.common.spec :as us] [app.common.uuid :as uuid] @@ -307,37 +306,39 @@ [{:keys [pool metrics] :as cfg} params] (db/with-atomic [conn pool] (let [profile (-> (assoc cfg :conn conn) - (login-or-register params))] + (login-or-register params)) + props (merge + (select-keys profile [:backend :fullname :email]) + (:props profile))] (with-meta profile {:before-complete (annotate-profile-register metrics profile) - ::audit/props (:props profile) + ::audit/name (if (::created profile) "register" "login") + ::audit/props props ::audit/profile-id (:id profile)})))) (defn login-or-register - [{:keys [conn] :as cfg} {:keys [email backend] :as params}] - (letfn [(info->props [info] - (dissoc info :name :fullname :email :backend)) - - (info->lang [{:keys [locale] :as info}] + [{:keys [conn] :as cfg} {:keys [email] :as params}] + (letfn [(info->lang [{:keys [locale] :as info}] (when (and (string? locale) (not (str/blank? locale))) locale)) - (create-profile [conn {:keys [email] :as info}] - (db/insert! conn :profile - {:id (uuid/next) - :fullname (:fullname info) - :email (str/lower email) - :lang (info->lang info) - :auth-backend backend - :is-active true - :password "!" - :props (db/tjson (info->props info)) - :is-demo false})) + (create-profile [conn {:keys [fullname backend email props] :as info}] + (let [params {:id (uuid/next) + :fullname fullname + :email (str/lower email) + :lang (info->lang props) + :auth-backend backend + :is-active true + :password "!" + :props (db/tjson props) + :is-demo false}] + (-> (db/insert! conn :profile params) + (update :props db/decode-transit-pgobject)))) (update-profile [conn info profile] - (let [props (d/merge (:props profile) - (info->props info))] + (let [props (merge (:props profile) + (:props info))] (db/update! conn :profile {:props (db/tjson props) :modified-at (dt/now)}