chore(auth): set organization in auth token flow (#858)

Signed-off-by: Jose I. Paris <[email protected]>

Author: jiparis

app/controlplane/cmd/wire_gen.go

@@ -50,15 +50,15 @@ import (
 
 type Opts struct {
 	// UseCases
-	UserUseCase          *biz.UserUseCase
-	RobotAccountUseCase  *biz.RobotAccountUseCase
-	CASBackendUseCase    *biz.CASBackendUseCase
-	CASClientUseCase     *biz.CASClientUseCase
-	IntegrationUseCase   *biz.IntegrationUseCase
-	ReferrerUseCase      *biz.ReferrerUseCase
-	APITokenUseCase      *biz.APITokenUseCase
-	OrganizationUserCase *biz.OrganizationUseCase
-	WorkflowUseCase      *biz.WorkflowUseCase
+	UserUseCase         *biz.UserUseCase
+	RobotAccountUseCase *biz.RobotAccountUseCase
+	CASBackendUseCase   *biz.CASBackendUseCase
+	CASClientUseCase    *biz.CASClientUseCase
+	IntegrationUseCase  *biz.IntegrationUseCase
+	ReferrerUseCase     *biz.ReferrerUseCase
+	APITokenUseCase     *biz.APITokenUseCase
+	OrganizationUseCase *biz.OrganizationUseCase
+	WorkflowUseCase     *biz.WorkflowUseCase
 	// Services
 	WorkflowSvc         *service.WorkflowService
 	AuthSvc             *service.AuthService
@@ -178,7 +178,7 @@ func craftMiddleware(opts *Opts) []middleware.Middleware {
 			// 2.a - Set its user and organization
 			usercontext.WithCurrentUserAndOrgMiddleware(opts.UserUseCase, logHelper),
 			// 2.b - Set its API token and organization as alternative to the user
-			usercontext.WithCurrentAPITokenAndOrgMiddleware(opts.APITokenUseCase, opts.OrganizationUserCase, logHelper),
+			usercontext.WithCurrentAPITokenAndOrgMiddleware(opts.APITokenUseCase, opts.OrganizationUseCase, logHelper),
 			// 3 - Check user/token authorization
 			authzMiddleware.WithAuthzMiddleware(opts.Enforcer, logHelper),
 			// 4 - Make sure the account is fully functional
@@ -201,7 +201,7 @@ func craftMiddleware(opts *Opts) []middleware.Middleware {
 				attjwtmiddleware.NewAPITokenProvider(opts.AuthConfig.GeneratedJwsHmacSecret),
 			),
 			// 2.a - Set its workflow and organization in the context
-			usercontext.WithAttestationContextFromRobotAccount(opts.RobotAccountUseCase, logHelper),
+			usercontext.WithAttestationContextFromRobotAccount(opts.RobotAccountUseCase, opts.OrganizationUseCase, logHelper),
 			// 2.b - Set its API token and Robot Account as alternative to the user
 			usercontext.WithAttestationContextFromAPIToken(opts.APITokenUseCase, logHelper),
 		).Match(requireRobotAccountMatcher()).Build(),

app/controlplane/internal/server/grpc.go

@@ -18,6 +18,7 @@ package usercontext
 import (
 	"context"
 	"errors"
+	"fmt"
 
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/biz"
 	"github.com/chainloop-dev/chainloop/app/controlplane/internal/jwt/robotaccount"
@@ -46,7 +47,7 @@ func CurrentRobotAccount(ctx context.Context) *RobotAccount {
 type currentRobotAccountCtxKey struct{}
 
 // WithAttestationContextFromRobotAccount Middleware that injects the current user to the context
-func WithAttestationContextFromRobotAccount(robotAccountUseCase *biz.RobotAccountUseCase, logger *log.Helper) middleware.Middleware {
+func WithAttestationContextFromRobotAccount(robotAccountUseCase *biz.RobotAccountUseCase, orgUseCase *biz.OrganizationUseCase, logger *log.Helper) middleware.Middleware {
 	return func(handler middleware.Handler) middleware.Handler {
 		return func(ctx context.Context, req interface{}) (interface{}, error) {
 			authInfo, ok := attjwtmiddleware.FromJWTAuthContext(ctx)
@@ -104,6 +105,13 @@ func WithAttestationContextFromRobotAccount(robotAccountUseCase *biz.RobotAccoun
 				return nil, errors.New("error retrieving the organization from the auth token")
 			}
 
+			org, err := orgUseCase.FindByID(ctx, orgID)
+			if err != nil {
+				return nil, fmt.Errorf("error retrieving the organization: %w", err)
+			}
+
+			ctx = WithCurrentOrg(ctx, &Org{Name: org.Name, ID: org.ID, CreatedAt: org.CreatedAt})
+
 			// Check that the encoded workflow ID is the one associated with the robot account
 			// NOTE: This in theory should not be necessary since currently we allow a robot account to be attached to ONLY ONE workflowID
 			if account.WorkflowID.String() != workflowID {