From f64f03ed46a75f04a50db999d8f2b2c109246540 Mon Sep 17 00:00:00 2001 From: Timothy Messier Date: Wed, 31 May 2023 11:25:03 -0400 Subject: [PATCH] fix(targets): Support authorize session request with target name (#3252) For requests to the target authorize session endpoint we support passing a target name instead of an id. This means that `req.GetId()` might not be the target's public id. Since the first thing authorize session does includes retrieving the target as part of the authorization checks, this subtype check can leverage the public id of the target instead of using the request. Fixes: 6178dd516e81e84c732cb700a2c7ecc6ccc167af --- internal/daemon/controller/handlers/targets/target_service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/daemon/controller/handlers/targets/target_service.go b/internal/daemon/controller/handlers/targets/target_service.go index 813edee18a..686df5782a 100644 --- a/internal/daemon/controller/handlers/targets/target_service.go +++ b/internal/daemon/controller/handlers/targets/target_service.go @@ -970,7 +970,7 @@ func (s Service) AuthorizeSession(ctx context.Context, req *pbs.AuthorizeSession } }() - subtype := target.SubtypeFromId(req.GetId()) + subtype := target.SubtypeFromId(t.GetPublicId()) subtypeEntry, err := subtypeRegistry.get(subtype) if err != nil { return nil, errors.Wrap(ctx, err, op)