MCPcopy Index your code
hub / github.com/rilldata/rill / IssueUserAuthToken

Method IssueUserAuthToken

admin/server/users.go:256–308  ·  view source on GitHub ↗
(ctx context.Context, req *adminv1.IssueUserAuthTokenRequest)

Source from the content-addressed store, hash-verified

254}
255
256func (s *Server) IssueUserAuthToken(ctx context.Context, req *adminv1.IssueUserAuthTokenRequest) (*adminv1.IssueUserAuthTokenResponse, error) {
257 observability.AddRequestAttributes(ctx,
258 attribute.String("args.user_id", req.UserId),
259 attribute.String("args.client_id", req.ClientId),
260 attribute.String("args.display_name", req.DisplayName),
261 attribute.Int64("args.ttl_minutes", req.TtlMinutes),
262 attribute.Bool("args.has_represent_email", req.RepresentEmail != ""),
263 )
264
265 claims := auth.GetClaims(ctx)
266 forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess
267
268 userID := req.UserId
269 if userID == "current" { // Special alias for the current user
270 if claims.OwnerType() != auth.OwnerTypeUser {
271 return nil, status.Error(codes.Unauthenticated, "not authenticated as a user")
272 }
273 userID = claims.OwnerID()
274 }
275 if userID != claims.OwnerID() && !forceAccess {
276 return nil, status.Error(codes.PermissionDenied, "not authorized to issue auth tokens for other users")
277 }
278
279 var ttl *time.Duration
280 if req.TtlMinutes > 0 {
281 ttl = new(time.Duration)
282 *ttl = time.Duration(req.TtlMinutes) * time.Minute
283 }
284
285 var representingUserID *string
286 if req.RepresentEmail != "" {
287 if !forceAccess {
288 return nil, status.Error(codes.PermissionDenied, "not authorized to represent other users")
289 }
290 u, err := s.admin.DB.FindUserByEmail(ctx, req.RepresentEmail)
291 if err != nil {
292 return nil, err
293 }
294 if u.ID == userID {
295 return nil, status.Error(codes.InvalidArgument, "cannot represent yourself")
296 }
297 representingUserID = &u.ID
298 }
299
300 authToken, err := s.admin.IssueUserAuthToken(ctx, userID, req.ClientId, req.DisplayName, representingUserID, ttl, false)
301 if err != nil {
302 return nil, err
303 }
304
305 return &adminv1.IssueUserAuthTokenResponse{
306 Token: authToken.Token().String(),
307 }, nil
308}
309
310func (s *Server) RevokeUserAuthToken(ctx context.Context, req *adminv1.RevokeUserAuthTokenRequest) (*adminv1.RevokeUserAuthTokenResponse, error) {
311 observability.AddRequestAttributes(ctx,

Callers

nothing calls this directly

Calls 10

AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
StringMethod · 0.65
SuperuserMethod · 0.65
OwnerTypeMethod · 0.65
OwnerIDMethod · 0.65
FindUserByEmailMethod · 0.65
IssueUserAuthTokenMethod · 0.65
TokenMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected