fix: scope down revocation (#1060)

migmartri · web-flow · commit 679de800ffa0 · 2024-07-01T12:37:58.000+02:00
Signed-off-by: Miguel Martinez Trivino &lt;miguel@chainloop.dev&gt;
diff --git a/app/controlplane/pkg/biz/apitoken.go b/app/controlplane/pkg/biz/apitoken.go
@@ -52,7 +52,7 @@ type APITokenRepo interface {
 	List(ctx context.Context, orgID *uuid.UUID, includeRevoked bool) ([]*APIToken, error)
 	Revoke(ctx context.Context, orgID, ID uuid.UUID) error
 	FindByID(ctx context.Context, ID uuid.UUID) (*APIToken, error)
-	FindByName(ctx context.Context, name string) (*APIToken, error)
+	FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*APIToken, error)
 }
 
 type APITokenUseCase struct {
@@ -183,11 +183,9 @@ func (uc *APITokenUseCase) FindByNameInOrg(ctx context.Context, orgID, name stri
 		return nil, NewErrInvalidUUID(err)
 	}
 
-	t, err := uc.apiTokenRepo.FindByName(ctx, name)
+	t, err := uc.apiTokenRepo.FindByNameInOrg(ctx, orgUUID, name)
 	if err != nil {
 		return nil, fmt.Errorf("finding token: %w", err)
-	} else if t.OrganizationID != orgUUID {
-		return nil, NewErrNotFound("token")
 	}
 
 	return t, nil
diff --git a/app/controlplane/pkg/biz/mocks/APITokenRepo.go b/app/controlplane/pkg/biz/mocks/APITokenRepo.go
diff --git a/app/controlplane/pkg/data/apitoken.go b/app/controlplane/pkg/data/apitoken.go
@@ -23,6 +23,7 @@ import (
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/biz"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/data/ent"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/data/ent/apitoken"
+	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/data/ent/organization"
 	"github.com/go-kratos/kratos/v2/log"
 	"github.com/google/uuid"
 )
@@ -69,8 +70,8 @@ func (r *APITokenRepo) FindByID(ctx context.Context, id uuid.UUID) (*biz.APIToke
 	return entAPITokenToBiz(token), nil
 }
 
-func (r *APITokenRepo) FindByName(ctx context.Context, name string) (*biz.APIToken, error) {
-	token, err := r.data.DB.APIToken.Query().Where(apitoken.NameEQ(name)).Only(ctx)
+func (r *APITokenRepo) FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*biz.APIToken, error) {
+	token, err := r.data.DB.APIToken.Query().Where(apitoken.NameEQ(name), apitoken.HasOrganizationWith(organization.ID(orgID)), apitoken.RevokedAtIsNil()).Only(ctx)
 	if err != nil {
 		if ent.IsNotFound(err) {
 			return nil, biz.NewErrNotFound("API token")

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ type APITokenRepo interface {`
`52`	`52`	`List(ctx context.Context, orgID uuid.UUID, includeRevoked bool) ([]APIToken, error)`
`53`	`53`	`Revoke(ctx context.Context, orgID, ID uuid.UUID) error`
`54`	`54`	`FindByID(ctx context.Context, ID uuid.UUID) (*APIToken, error)`
`55`		`- FindByName(ctx context.Context, name string) (*APIToken, error)`
	`55`	`+ FindByNameInOrg(ctx context.Context, orgID uuid.UUID, name string) (*APIToken, error)`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`type APITokenUseCase struct {`
`@@ -183,11 +183,9 @@ func (uc *APITokenUseCase) FindByNameInOrg(ctx context.Context, orgID, name stri`
`183`	`183`	`return nil, NewErrInvalidUUID(err)`
`184`	`184`	`}`
`185`	`185`
`186`		`- t, err := uc.apiTokenRepo.FindByName(ctx, name)`
	`186`	`+ t, err := uc.apiTokenRepo.FindByNameInOrg(ctx, orgUUID, name)`
`187`	`187`	`if err != nil {`
`188`	`188`	`return nil, fmt.Errorf("finding token: %w", err)`
`189`		`- } else if t.OrganizationID != orgUUID {`
`190`		`- return nil, NewErrNotFound("token")`
`191`	`189`	`}`
`192`	`190`
`193`	`191`	`return t, nil`