fix: do not double-commit webhooks on registration

aeneasr · aeneasr · commit 4983e52a7133 · 2022-11-14T10:30:40.000+01:00
Closes ory-corp/cloud#3360
diff --git a/selfservice/hook/web_hook.go b/selfservice/hook/web_hook.go
@@ -32,11 +32,16 @@ import (
 	"github.com/ory/x/otelx"
 )
 
-var _ registration.PostHookPostPersistExecutor = new(WebHook)
-var _ registration.PostHookPrePersistExecutor = new(WebHook)
-var _ verification.PostHookExecutor = new(WebHook)
-var _ recovery.PostHookExecutor = new(WebHook)
-var _ settings.PostHookPostPersistExecutor = new(WebHook)
+var (
+	_ registration.PostHookPostPersistExecutor = new(WebHook)
+	_ registration.PostHookPrePersistExecutor  = new(WebHook)
+
+	_ verification.PostHookExecutor = new(WebHook)
+
+	_ recovery.PostHookExecutor = new(WebHook)
+
+	_ settings.PostHookPostPersistExecutor = new(WebHook)
+)
 
 type (
 	webHookDependencies interface {
@@ -155,6 +160,10 @@ func (e *WebHook) ExecuteRegistrationPreHook(_ http.ResponseWriter, req *http.Re
 
 func (e *WebHook) ExecutePostRegistrationPrePersistHook(_ http.ResponseWriter, req *http.Request, flow *registration.Flow, id *identity.Identity) error {
 	ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRegistrationPrePersistHook")
+	if !gjson.GetBytes(e.conf, "can_interrupt").Bool() {
+		return nil
+	}
+
 	return e.execute(ctx, &templateContext{
 		Flow:           flow,
 		RequestHeaders: req.Header,
@@ -166,6 +175,10 @@ func (e *WebHook) ExecutePostRegistrationPrePersistHook(_ http.ResponseWriter, r
 
 func (e *WebHook) ExecutePostRegistrationPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *registration.Flow, session *session.Session) error {
 	ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecutePostRegistrationPostPersistHook")
+	if gjson.GetBytes(e.conf, "can_interrupt").Bool() {
+		return nil
+	}
+
 	return e.execute(ctx, &templateContext{
 		Flow:           flow,
 		RequestHeaders: req.Header,
@@ -187,6 +200,10 @@ func (e *WebHook) ExecuteSettingsPreHook(_ http.ResponseWriter, req *http.Reques
 
 func (e *WebHook) ExecuteSettingsPostPersistHook(_ http.ResponseWriter, req *http.Request, flow *settings.Flow, id *identity.Identity) error {
 	ctx, _ := e.deps.Tracer(req.Context()).Tracer().Start(req.Context(), "selfservice.hook.ExecuteSettingsPostPersistHook")
+	if gjson.GetBytes(e.conf, "can_interrupt").Bool() {
+		return nil
+	}
+
 	return e.execute(ctx, &templateContext{
 		Flow:           flow,
 		RequestHeaders: req.Header,
diff --git a/selfservice/hook/web_hook_integration_test.go b/selfservice/hook/web_hook_integration_test.go
@@ -457,6 +457,18 @@ func TestWebHooks(t *testing.T) {
 			},
 			expectedError: webhookError,
 		},
+		{
+			uc:         "Post Registration Post Persist Hook - ignored because block",
+			createFlow: func() flow.Flow { return &registration.Flow{ID: x.NewUUID()} },
+			callWebHook: func(wh *hook.WebHook, req *http.Request, f flow.Flow, s *session.Session) error {
+				return wh.ExecutePostRegistrationPostPersistHook(nil, req, f.(*registration.Flow), s)
+			},
+			// This would usually error, but post persist does not execute blocking web hooks, so we expect no error.
+			webHookResponse: func() (int, []byte) {
+				return http.StatusBadRequest, webHookResponse
+			},
+			expectedError: nil,
+		},
 		{
 			uc:         "Post Recovery Hook - no block",
 			createFlow: func() flow.Flow { return &recovery.Flow{ID: x.NewUUID()} },
