diff --git a/internal/client-go/go.sum b/internal/client-go/go.sum index c966c8ddfd0d..6cc3f5911d11 100644 --- a/internal/client-go/go.sum +++ b/internal/client-go/go.sum @@ -4,6 +4,7 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/selfservice/strategy/code/strategy_verification.go b/selfservice/strategy/code/strategy_verification.go index 4a41991e2a68..9cfb6eb74535 100644 --- a/selfservice/strategy/code/strategy_verification.go +++ b/selfservice/strategy/code/strategy_verification.go @@ -146,7 +146,7 @@ func (s *Strategy) Verify(w http.ResponseWriter, r *http.Request, f *verificatio f.TransientPayload = body.TransientPayload - if err := flow.MethodEnabledAndAllowed(r.Context(), f.GetFlowName(), s.VerificationStrategyID(), string(body.getMethod()), s.deps); err != nil { + if err := flow.MethodEnabledAndAllowed(ctx, f.GetFlowName(), s.VerificationStrategyID(), string(body.getMethod()), s.deps); err != nil { return s.handleVerificationError(r, f, body, err) } @@ -158,15 +158,15 @@ func (s *Strategy) Verify(w http.ResponseWriter, r *http.Request, f *verificatio case flow.StateChooseMethod: fallthrough case flow.StateEmailSent: - return s.verificationHandleFormSubmission(w, r, f, body) + return s.verificationHandleFormSubmission(ctx, w, r, f, body) case flow.StatePassedChallenge: - return s.retryVerificationFlowWithMessage(w, r, f.Type, text.NewErrorValidationVerificationRetrySuccess()) + return s.retryVerificationFlowWithMessage(ctx, w, r, f.Type, text.NewErrorValidationVerificationRetrySuccess()) default: - return s.retryVerificationFlowWithMessage(w, r, f.Type, text.NewErrorValidationVerificationStateFailure()) + return s.retryVerificationFlowWithMessage(ctx, w, r, f.Type, text.NewErrorValidationVerificationStateFailure()) } } -func (s *Strategy) handleLinkClick(w http.ResponseWriter, r *http.Request, f *verification.Flow, code string) error { +func (s *Strategy) handleLinkClick(ctx context.Context, w http.ResponseWriter, r *http.Request, f *verification.Flow, code string) error { // Pre-fill the code if codeField := f.UI.Nodes.Find("code"); codeField != nil { codeField.Attributes.SetValue(code) @@ -178,41 +178,41 @@ func (s *Strategy) handleLinkClick(w http.ResponseWriter, r *http.Request, f *ve f.UI.SetCSRF(csrfToken) f.CSRFToken = csrfToken - if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(r.Context(), f); err != nil { + if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(ctx, f); err != nil { return err } // we always redirect to the browser UI here to allow API flows to complete aswell // TODO: In the future, we might want to redirect to a custom URI scheme here, to allow to open an app on the device of // the user to handle the flow directly. - http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(ctx)).String(), http.StatusSeeOther) return errors.WithStack(flow.ErrCompletedByStrategy) } -func (s *Strategy) verificationHandleFormSubmission(w http.ResponseWriter, r *http.Request, f *verification.Flow, body *updateVerificationFlowWithCodeMethod) error { +func (s *Strategy) verificationHandleFormSubmission(ctx context.Context, w http.ResponseWriter, r *http.Request, f *verification.Flow, body *updateVerificationFlowWithCodeMethod) error { if len(body.Code) > 0 { if r.Method == http.MethodGet { // Special case: in the code strategy we send out links as well, that contain the code - return s.handleLinkClick(w, r, f, body.Code) + return s.handleLinkClick(ctx, w, r, f, body.Code) } // If not GET: try to use the submitted code - return s.verificationUseCode(w, r, body.Code, f) + return s.verificationUseCode(ctx, w, r, body.Code, f) } else if len(body.Email) == 0 { // If no code and no email was provided, fail with a validation error return s.handleVerificationError(r, f, body, schema.NewRequiredError("#/email", "email")) } - if err := flow.EnsureCSRF(s.deps, r, f.Type, s.deps.Config().DisableAPIFlowEnforcement(r.Context()), s.deps.GenerateCSRFToken, body.CSRFToken); err != nil { + if err := flow.EnsureCSRF(s.deps, r, f.Type, s.deps.Config().DisableAPIFlowEnforcement(ctx), s.deps.GenerateCSRFToken, body.CSRFToken); err != nil { return s.handleVerificationError(r, f, body, err) } - if err := s.deps.VerificationCodePersister().DeleteVerificationCodesOfFlow(r.Context(), f.ID); err != nil { + if err := s.deps.VerificationCodePersister().DeleteVerificationCodesOfFlow(ctx, f.ID); err != nil { return s.handleVerificationError(r, f, body, err) } - if err := s.deps.CodeSender().SendVerificationCode(r.Context(), f, identity.VerifiableAddressTypeEmail, body.Email); err != nil { + if err := s.deps.CodeSender().SendVerificationCode(ctx, f, identity.VerifiableAddressTypeEmail, body.Email); err != nil { if !errors.Is(err, ErrUnknownAddress) { return s.handleVerificationError(r, f, body, err) } @@ -232,30 +232,30 @@ func (s *Strategy) verificationHandleFormSubmission(w http.ResponseWriter, r *ht ) } - if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(r.Context(), f); err != nil { + if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(ctx, f); err != nil { return s.handleVerificationError(r, f, body, err) } return nil } -func (s *Strategy) verificationUseCode(w http.ResponseWriter, r *http.Request, codeString string, f *verification.Flow) error { - code, err := s.deps.VerificationCodePersister().UseVerificationCode(r.Context(), f.ID, codeString) +func (s *Strategy) verificationUseCode(ctx context.Context, w http.ResponseWriter, r *http.Request, codeString string, f *verification.Flow) error { + code, err := s.deps.VerificationCodePersister().UseVerificationCode(ctx, f.ID, codeString) if errors.Is(err, ErrCodeNotFound) { f.UI.Messages.Clear() f.UI.Messages.Add(text.NewErrorValidationVerificationCodeInvalidOrAlreadyUsed()) - if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(r.Context(), f); err != nil { - return s.retryVerificationFlowWithError(w, r, f.Type, err) + if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(ctx, f); err != nil { + return s.retryVerificationFlowWithError(ctx, w, r, f.Type, err) } if x.IsBrowserRequest(r) { - http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(ctx)).String(), http.StatusSeeOther) } else { s.deps.Writer().Write(w, r, f) } return errors.WithStack(flow.ErrCompletedByStrategy) } else if err != nil { - return s.retryVerificationFlowWithError(w, r, f.Type, err) + return s.retryVerificationFlowWithError(ctx, w, r, f.Type, err) } address := code.VerifiableAddress @@ -263,16 +263,16 @@ func (s *Strategy) verificationUseCode(w http.ResponseWriter, r *http.Request, c verifiedAt := sqlxx.NullTime(time.Now().UTC()) address.VerifiedAt = &verifiedAt address.Status = identity.VerifiableAddressStatusCompleted - if err := s.deps.PrivilegedIdentityPool().UpdateVerifiableAddress(r.Context(), address); err != nil { - return s.retryVerificationFlowWithError(w, r, f.Type, err) + if err := s.deps.PrivilegedIdentityPool().UpdateVerifiableAddress(ctx, address); err != nil { + return s.retryVerificationFlowWithError(ctx, w, r, f.Type, err) } - i, err := s.deps.IdentityPool().GetIdentity(r.Context(), code.VerifiableAddress.IdentityID, identity.ExpandDefault) + i, err := s.deps.IdentityPool().GetIdentity(ctx, code.VerifiableAddress.IdentityID, identity.ExpandDefault) if err != nil { - return s.retryVerificationFlowWithError(w, r, f.Type, err) + return s.retryVerificationFlowWithError(ctx, w, r, f.Type, err) } - returnTo := f.ContinueURL(r.Context(), s.deps.Config()) + returnTo := f.ContinueURL(ctx, s.deps.Config()) f.UI = &container.Container{ Method: "GET", @@ -288,18 +288,18 @@ func (s *Strategy) verificationUseCode(w http.ResponseWriter, r *http.Request, c Append(node.NewAnchorField("continue", returnTo.String(), node.CodeGroup, text.NewInfoNodeLabelContinue()). WithMetaLabel(text.NewInfoNodeLabelContinue())) - if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(r.Context(), f); err != nil { - return s.retryVerificationFlowWithError(w, r, flow.TypeBrowser, err) + if err := s.deps.VerificationFlowPersister().UpdateVerificationFlow(ctx, f); err != nil { + return s.retryVerificationFlowWithError(ctx, w, r, flow.TypeBrowser, err) } if err := s.deps.VerificationExecutor().PostVerificationHook(w, r, f, i); err != nil { - return s.retryVerificationFlowWithError(w, r, f.Type, err) + return s.retryVerificationFlowWithError(ctx, w, r, f.Type, err) } return nil } -func (s *Strategy) retryVerificationFlowWithMessage(w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error { +func (s *Strategy) retryVerificationFlowWithMessage(ctx context.Context, w http.ResponseWriter, r *http.Request, ft flow.Type, message *text.Message) error { s.deps. Logger(). WithRequest(r). @@ -307,27 +307,27 @@ func (s *Strategy) retryVerificationFlowWithMessage(w http.ResponseWriter, r *ht Debug("A verification flow is being retried because a validation error occurred.") f, err := verification.NewFlow(s.deps.Config(), - s.deps.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft) + s.deps.Config().SelfServiceFlowVerificationRequestLifespan(ctx), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft) if err != nil { return s.handleVerificationError(r, f, nil, err) } f.UI.Messages.Add(message) - if err := s.deps.VerificationFlowPersister().CreateVerificationFlow(r.Context(), f); err != nil { + if err := s.deps.VerificationFlowPersister().CreateVerificationFlow(ctx, f); err != nil { return s.handleVerificationError(r, f, nil, err) } if x.IsJSONRequest(r) { s.deps.Writer().WriteError(w, r, flow.NewFlowReplacedError(text.NewErrorSystemGeneric("An error occured, please use the new flow.")).WithFlow(f)) } else { - http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(ctx)).String(), http.StatusSeeOther) } return errors.WithStack(flow.ErrCompletedByStrategy) } -func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http.Request, ft flow.Type, verErr error) error { +func (s *Strategy) retryVerificationFlowWithError(ctx context.Context, w http.ResponseWriter, r *http.Request, ft flow.Type, verErr error) error { s.deps. Logger(). WithRequest(r). @@ -335,7 +335,7 @@ func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http Debug("A verification flow is being retried because an error occurred.") f, err := verification.NewFlow(s.deps.Config(), - s.deps.Config().SelfServiceFlowVerificationRequestLifespan(r.Context()), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft) + s.deps.Config().SelfServiceFlowVerificationRequestLifespan(ctx), s.deps.CSRFHandler().RegenerateToken(w, r), r, s, ft) if err != nil { return s.handleVerificationError(r, f, nil, err) } @@ -349,7 +349,7 @@ func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http return err } - if err := s.deps.VerificationFlowPersister().CreateVerificationFlow(r.Context(), f); err != nil { + if err := s.deps.VerificationFlowPersister().CreateVerificationFlow(ctx, f); err != nil { return s.handleVerificationError(r, f, nil, err) } @@ -360,7 +360,7 @@ func (s *Strategy) retryVerificationFlowWithError(w http.ResponseWriter, r *http } s.deps.Writer().WriteError(w, r, toReturn) } else { - http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(r.Context())).String(), http.StatusSeeOther) + http.Redirect(w, r, f.AppendTo(s.deps.Config().SelfServiceFlowVerificationUI(ctx)).String(), http.StatusSeeOther) } return errors.WithStack(flow.ErrCompletedByStrategy) diff --git a/selfservice/strategy/link/strategy_verification.go b/selfservice/strategy/link/strategy_verification.go index 2ab187c7b0d5..7dee3f85a8a8 100644 --- a/selfservice/strategy/link/strategy_verification.go +++ b/selfservice/strategy/link/strategy_verification.go @@ -195,7 +195,7 @@ func (s *Strategy) verificationHandleFormSubmission(ctx context.Context, r *http f.Active = sqlxx.NullString(s.NodeGroup()) f.State = flow.StateEmailSent f.UI.Messages.Set(text.NewVerificationEmailSent()) - if err := s.d.VerificationFlowPersister().UpdateVerificationFlow(r.Context(), f); err != nil { + if err := s.d.VerificationFlowPersister().UpdateVerificationFlow(ctx, f); err != nil { return s.handleVerificationError(r, f, body, err) } @@ -221,16 +221,16 @@ func (s *Strategy) verificationUseToken(ctx context.Context, w http.ResponseWrit verifiedAt := sqlxx.NullTime(time.Now().UTC()) address.VerifiedAt = &verifiedAt address.Status = identity.VerifiableAddressStatusCompleted - if err := s.d.PrivilegedIdentityPool().UpdateVerifiableAddress(r.Context(), address); err != nil { + if err := s.d.PrivilegedIdentityPool().UpdateVerifiableAddress(ctx, address); err != nil { return s.retryVerificationFlowWithError(ctx, w, r, flow.TypeBrowser, err) } - i, err := s.d.IdentityPool().GetIdentity(r.Context(), token.VerifiableAddress.IdentityID, identity.ExpandDefault) + i, err := s.d.IdentityPool().GetIdentity(ctx, token.VerifiableAddress.IdentityID, identity.ExpandDefault) if err != nil { return s.retryVerificationFlowWithError(ctx, w, r, flow.TypeBrowser, err) } - returnTo := f.ContinueURL(r.Context(), s.d.Config()) + returnTo := f.ContinueURL(ctx, s.d.Config()) f.UI. Nodes. @@ -251,7 +251,7 @@ func (s *Strategy) verificationUseToken(ctx context.Context, w http.ResponseWrit Append(node.NewAnchorField("continue", returnTo.String(), node.LinkGroup, text.NewInfoNodeLabelContinue()). WithMetaLabel(text.NewInfoNodeLabelContinue())) - if err := s.d.VerificationFlowPersister().UpdateVerificationFlow(r.Context(), f); err != nil { + if err := s.d.VerificationFlowPersister().UpdateVerificationFlow(ctx, f); err != nil { return s.retryVerificationFlowWithError(ctx, w, r, flow.TypeBrowser, err) }