extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-01 15:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add account locks to getAccountWithAuthorizationClaims method (#1847)

Browse Source
This commit is contained in:
pascal-fischer 2024-04-23 19:09:58 +02:00 committed by GitHub
parent f51dc13f8c
commit 1e6addaa65
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 26 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
management/server/account.go
View File

@ -1439,29 +1439,14 @@ func (am *DefaultAccountManager) updateAccountDomainAttributes(account *Account,
} }
// handleExistingUserAccount handles existing User accounts and update its domain attributes. // handleExistingUserAccount handles existing User accounts and update its domain attributes.
//
// If there is no primary domain account yet, we set the account as primary for the domain. Otherwise,
// we compare the account's ID with the domain account ID, and if they don't match, we set the account as
// non-primary account for the domain. We don't merge accounts at this stage, because of cases when a domain
// was previously unclassified or classified as public so N users that logged int that time, has they own account
// and peers that shouldn't be lost.
func (am *DefaultAccountManager) handleExistingUserAccount( func (am *DefaultAccountManager) handleExistingUserAccount(
existingAcc *Account, existingAcc *Account,
domainAcc *Account, primaryDomain bool,
claims jwtclaims.AuthorizationClaims, claims jwtclaims.AuthorizationClaims,
) error { ) error {
var err error err := am.updateAccountDomainAttributes(existingAcc, claims, primaryDomain)
if err != nil {
if domainAcc != nil && existingAcc.Id != domainAcc.Id { return err
err = am.updateAccountDomainAttributes(existingAcc, claims, false)
if err != nil {
return err
}
} else {
err = am.updateAccountDomainAttributes(existingAcc, claims, true)
if err != nil {
return err
}
} }
// we should register the account ID to this user's metadata in our IDP manager // we should register the account ID to this user's metadata in our IDP manager
@ -1795,12 +1780,33 @@ func (am *DefaultAccountManager) getAccountWithAuthorizationClaims(claims jwtcla
account, err := am.Store.GetAccountByUser(claims.UserId) account, err := am.Store.GetAccountByUser(claims.UserId)
if err == nil { if err == nil {
err = am.handleExistingUserAccount(account, domainAccount, claims) unlockAccount := am.Store.AcquireAccountLock(account.Id)
defer unlockAccount()
account, err = am.Store.GetAccountByUser(claims.UserId)
if err != nil {
return nil, err
}
// If there is no primary domain account yet, we set the account as primary for the domain. Otherwise,
// we compare the account's ID with the domain account ID, and if they don't match, we set the account as
// non-primary account for the domain. We don't merge accounts at this stage, because of cases when a domain
// was previously unclassified or classified as public so N users that logged int that time, has they own account
// and peers that shouldn't be lost.
primaryDomain := domainAccount == nil || account.Id == domainAccount.Id
err = am.handleExistingUserAccount(account, primaryDomain, claims)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return account, nil return account, nil
} else if s, ok := status.FromError(err); ok && s.Type() == status.NotFound { } else if s, ok := status.FromError(err); ok && s.Type() == status.NotFound {
if domainAccount != nil {
unlockAccount := am.Store.AcquireAccountLock(domainAccount.Id)
defer unlockAccount()
domainAccount, err = am.Store.GetAccountByPrivateDomain(claims.Domain)
if err != nil {
return nil, err
}
}
return am.handleNewUserAccount(domainAccount, claims) return am.handleNewUserAccount(domainAccount, claims)
} else { } else {
// other error // other error