MCPcopy Index your code
hub / github.com/rilldata/rill / IssueRepresentativeAuthToken

Method IssueRepresentativeAuthToken

admin/server/users.go:403–439  ·  view source on GitHub ↗

IssueRepresentativeAuthToken returns the temporary auth token for representing email

(ctx context.Context, req *adminv1.IssueRepresentativeAuthTokenRequest)

Source from the content-addressed store, hash-verified

401
402// IssueRepresentativeAuthToken returns the temporary auth token for representing email
403func (s *Server) IssueRepresentativeAuthToken(ctx context.Context, req *adminv1.IssueRepresentativeAuthTokenRequest) (*adminv1.IssueRepresentativeAuthTokenResponse, error) {
404 observability.AddRequestAttributes(ctx,
405 attribute.Int64("args.ttl_minutes", req.TtlMinutes),
406 )
407
408 claims := auth.GetClaims(ctx)
409
410 if !claims.Superuser(ctx) {
411 return nil, status.Error(codes.PermissionDenied, "only superusers can search users by email")
412 }
413
414 // Error if authenticated as anything other than a user
415 if claims.OwnerType() != auth.OwnerTypeUser {
416 return nil, status.Error(codes.Unauthenticated, "not authenticated as a user")
417 }
418
419 u, err := s.admin.DB.FindUserByEmail(ctx, req.Email)
420 if err != nil {
421 return nil, err
422 }
423
424 observability.AddRequestAttributes(ctx,
425 attribute.String("args.user_id", u.ID),
426 )
427
428 ttl := time.Duration(req.TtlMinutes) * time.Minute
429 displayName := fmt.Sprintf("Support for %s", u.Email)
430
431 token, err := s.admin.IssueUserAuthToken(ctx, claims.OwnerID(), database.AuthClientIDRillSupport, displayName, &u.ID, &ttl, false)
432 if err != nil {
433 return nil, err
434 }
435
436 return &adminv1.IssueRepresentativeAuthTokenResponse{
437 Token: token.Token().String(),
438 }, nil
439}
440
441// RevokeCurrentAuthToken revokes the current auth token
442func (s *Server) RevokeCurrentAuthToken(ctx context.Context, req *adminv1.RevokeCurrentAuthTokenRequest) (*adminv1.RevokeCurrentAuthTokenResponse, error) {

Callers

nothing calls this directly

Calls 10

AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
SuperuserMethod · 0.65
OwnerTypeMethod · 0.65
FindUserByEmailMethod · 0.65
StringMethod · 0.65
IssueUserAuthTokenMethod · 0.65
OwnerIDMethod · 0.65
TokenMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected