feat: adding device information to the session (#2715)

Closes #2091
See https://github.com/ory-corp/cloud/issues/3011

Co-authored-by: hackerman <[email protected]>
Co-authored-by: Patrik <[email protected]>

Author: 3 people

corpx/faker.go

@@ -6,6 +6,9 @@ import (
 	"reflect"
 	"time"
 
+	"github.com/ory/kratos/session"
+	"github.com/ory/x/stringsx"
+
 	"github.com/bxcodec/faker/v3"
 
 	"github.com/ory/kratos/identity"
@@ -25,6 +28,18 @@ func RegisterFakes() {
 
 	_ = faker.SetRandomMapAndSliceSize(4)
 
+	if err := faker.AddProvider("ptr_geo_location", func(v reflect.Value) (interface{}, error) {
+		return stringsx.GetPointer("Munich, Germany"), nil
+	}); err != nil {
+		panic(err)
+	}
+
+	if err := faker.AddProvider("ptr_ipv4", func(v reflect.Value) (interface{}, error) {
+		return stringsx.GetPointer(faker.IPv4()), nil
+	}); err != nil {
+		panic(err)
+	}
+
 	if err := faker.AddProvider("birthdate", func(v reflect.Value) (interface{}, error) {
 		return time.Now().Add(time.Duration(rand.Int())).Round(time.Second).UTC(), nil
 	}); err != nil {
@@ -124,4 +139,11 @@ func RegisterFakes() {
 	}); err != nil {
 		panic(err)
 	}
+
+	if err := faker.AddProvider("session_device", func(v reflect.Value) (interface{}, error) {
+		var d session.Device
+		return &d, faker.FakeData(&d)
+	}); err != nil {
+		panic(err)
+	}
 }

internal/testhelpers/handler_mock.go

@@ -39,7 +39,7 @@ func MockSetSession(t *testing.T, reg mockDeps, conf *config.Config) httprouter.
 
 func MockSetSessionWithIdentity(t *testing.T, reg mockDeps, conf *config.Config, i *identity.Identity) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-		activeSession, _ := session.NewActiveSession(r.Context(), i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+		activeSession, _ := session.NewActiveSession(r, i, conf, time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 		if aal := r.URL.Query().Get("set_aal"); len(aal) > 0 {
 			activeSession.AuthenticatorAssuranceLevel = identity.AuthenticatorAssuranceLevel(aal)
 		}

internal/testhelpers/identity.go

@@ -1,10 +1,11 @@
 package testhelpers
 
 import (
-	"context"
 	"testing"
 	"time"
 
+	"github.com/ory/kratos/x"
+
 	"github.com/stretchr/testify/require"
 
 	"github.com/ory/kratos/driver"
@@ -14,11 +15,11 @@ import (
 )
 
 func CreateSession(t *testing.T, reg driver.Registry) *session.Session {
-	ctx := context.Background()
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 	i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)
-	require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(ctx, i))
-	sess, err := session.NewActiveSession(ctx, i, reg.Config(), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
+	require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(req.Context(), i))
+	sess, err := session.NewActiveSession(req, i, reg.Config(), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
 	require.NoError(t, err)
-	require.NoError(t, reg.SessionPersister().UpsertSession(ctx, sess))
+	require.NoError(t, reg.SessionPersister().UpsertSession(req.Context(), sess))
 	return sess
 }

internal/testhelpers/session.go

@@ -137,8 +137,8 @@ func NewHTTPClientWithSessionToken(t *testing.T, reg *driver.RegistryDefault, se
 }
 
 func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDefault) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
 		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
@@ -151,8 +151,8 @@ func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDe
 }
 
 func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
 		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
@@ -165,8 +165,8 @@ func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryD
 }
 
 func NewNoRedirectHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
 		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
@@ -179,8 +179,9 @@ func NewNoRedirectHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver
 }
 
 func NewHTTPClientWithIdentitySessionCookie(t *testing.T, reg *driver.RegistryDefault, id *identity.Identity) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx, id,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
+		id,
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
 		identity.CredentialsTypePassword,
@@ -192,8 +193,9 @@ func NewHTTPClientWithIdentitySessionCookie(t *testing.T, reg *driver.RegistryDe
 }
 
 func NewHTTPClientWithIdentitySessionToken(t *testing.T, reg *driver.RegistryDefault, id *identity.Identity) *http.Client {
-	ctx := context.Background()
-	s, err := session.NewActiveSession(ctx, id,
+	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
+	s, err := session.NewActiveSession(req,
+		id,
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
 		identity.CredentialsTypePassword,

persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f78b.json

@@ -39,5 +39,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }

persistence/sql/migratest/fixtures/session/7458af86-c1d8-401c-978a-8da89133f98b.json

@@ -0,0 +1,51 @@
+{
+  "id": "7458af86-c1d8-401c-978a-8da89133f98b",
+  "active": true,
+  "expires_at": "2013-10-07T08:23:19Z",
+  "authenticated_at": "2013-10-07T08:23:19Z",
+  "authenticator_assurance_level": "aal2",
+  "authentication_methods": [
+    {
+      "method": "password",
+      "aal": "",
+      "completed_at": "0001-01-01T00:00:00Z"
+    },
+    {
+      "method": "totp",
+      "aal": "",
+      "completed_at": "0001-01-01T00:00:00Z"
+    }
+  ],
+  "issued_at": "2013-10-07T08:23:19Z",
+  "identity": {
+    "id": "5ff66179-c240-4703-b0d8-494592cefff5",
+    "schema_id": "default",
+    "schema_url": "https://www.ory.sh/schemas/ZGVmYXVsdA",
+    "state": "active",
+    "traits": {
+      "email": "[email protected]"
+    },
+    "verifiable_addresses": [
+      {
+        "id": "45e867e9-2745-4f16-8dd4-84334a252b61",
+        "value": "[email protected]",
+        "verified": false,
+        "via": "email",
+        "status": "pending",
+        "created_at": "2013-10-07T08:23:19Z",
+        "updated_at": "2013-10-07T08:23:19Z"
+      }
+    ],
+    "metadata_public": null,
+    "created_at": "2013-10-07T08:23:19Z",
+    "updated_at": "2013-10-07T08:23:19Z"
+  },
+  "devices": [
+    {
+      "id": "884f556e-eb3a-4b9f-bee3-11763642c6c0",
+      "ip_address": "54.155.246.232",
+      "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
+      "location": "Munich, Germany"
+    }
+  ]
+}

persistence/sql/migratest/fixtures/session/8571e374-38f2-4f46-8ad3-b9d914e174d3.json

@@ -34,5 +34,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }

persistence/sql/migratest/fixtures/session/dcde5aaa-f789-4d3d-ae1f-76da8d57e67c.json

@@ -34,5 +34,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }

persistence/sql/migratest/fixtures/session/f38cdebe-e567-42c9-a562-1bd4dee40998.json

@@ -34,5 +34,6 @@
     "metadata_public": null,
     "created_at": "2013-10-07T08:23:19Z",
     "updated_at": "2013-10-07T08:23:19Z"
-  }
+  },
+  "devices": []
 }

persistence/sql/migratest/migration_test.go

@@ -191,7 +191,7 @@ func TestMigrations(t *testing.T) {
 					var found []string
 					for _, id := range ids {
 						found = append(found, id.ID.String())
-						actual, err := d.SessionPersister().GetSession(context.Background(), id.ID)
+						actual, err := d.SessionPersister().GetSession(context.Background(), id.ID, session.ExpandEverything)
 						require.NoErrorf(t, err, "Trying to get session: %s", id.ID)
 						require.NotEmpty(t, actual.LogoutToken, "check if migrations have generated a logout token for existing sessions")
 						CompareWithFixture(t, actual, "session", id.ID.String())

persistence/sql/migratest/testdata/20220907132836_testdata.sql

@@ -0,0 +1,12 @@
+INSERT INTO sessions (id, nid, issued_at, expires_at, authenticated_at, created_at, updated_at, token, identity_id,
+                      active, logout_token, aal, authentication_methods)
+VALUES ('7458af86-c1d8-401c-978a-8da89133f98b', '884f556e-eb3a-4b9f-bee3-11345642c6c0', '2013-10-07 08:23:19',
+        '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19', '2013-10-07 08:23:19',
+        'eVwBt7UAAAAVwBt7XAMw', '5ff66179-c240-4703-b0d8-494592cefff5', true, '123eVwBt7UAAAeVwBt7XAMw', 'aal2',
+        '[{"method":"password"},{"method":"totp"}]');
+
+INSERT INTO session_devices (id, nid, session_id, ip_address, user_agent, location, created_at, updated_at)
+VALUES ('884f556e-eb3a-4b9f-bee3-11763642c6c0', '884f556e-eb3a-4b9f-bee3-11345642c6c0',
+        '7458af86-c1d8-401c-978a-8da89133f98b', '54.155.246.232',
+        'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36',
+        'Munich, Germany', '2022-08-07 08:23:19', '2022-08-09 08:35:19');

persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.down.sql

@@ -0,0 +1 @@
+DROP TABLE "session_devices";

persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.down.sql

@@ -0,0 +1 @@
+DROP TABLE session_devices;

persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.mysql.up.sql

@@ -0,0 +1,17 @@
+CREATE TABLE `session_devices`
+(
+  `id`         char(36) NOT NULL,
+  PRIMARY KEY (`id`),
+  `ip_address` VARCHAR(50)  DEFAULT '',
+  `user_agent` VARCHAR(512) DEFAULT '',
+  `location`   VARCHAR(512) DEFAULT '',
+  `session_id` char(36) NOT NULL,
+  `nid`        char(36) NOT NULL,
+  `created_at` DATETIME NOT NULL,
+  `updated_at` DATETIME NOT NULL,
+  FOREIGN KEY (`session_id`) REFERENCES `sessions` (`id`) ON DELETE cascade,
+  FOREIGN KEY (`nid`) REFERENCES `networks` (`id`) ON DELETE cascade,
+  CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)
+) ENGINE = InnoDB;
+CREATE INDEX `session_devices_id_nid_idx` ON `session_devices` (`id`, `nid`);
+CREATE INDEX `session_devices_session_id_nid_idx` ON `session_devices` (`session_id`, `nid`);

persistence/sql/migrations/sql/20220907132836000000_add_session_devices_table.up.sql

@@ -0,0 +1,16 @@
+CREATE TABLE "session_devices"
+(
+  "id"         UUID PRIMARY KEY NOT NULL,
+  "ip_address" VARCHAR(50)  DEFAULT '',
+  "user_agent" VARCHAR(512) DEFAULT '',
+  "location"   VARCHAR(512) DEFAULT '',
+  "nid"        UUID             NOT NULL,
+  "session_id" UUID             NOT NULL,
+  "created_at" timestamp        NOT NULL,
+  "updated_at" timestamp        NOT NULL,
+  CONSTRAINT "session_metadata_sessions_id_fk" FOREIGN KEY ("session_id") REFERENCES "sessions" ("id") ON DELETE cascade,
+  CONSTRAINT "session_metadata_nid_fk" FOREIGN KEY ("nid") REFERENCES "networks" ("id") ON DELETE cascade,
+  CONSTRAINT unique_session_device UNIQUE (nid, session_id, ip_address, user_agent)
+);
+CREATE INDEX "session_devices_id_nid_idx" ON "session_devices" (id, nid);
+CREATE INDEX "session_devices_session_id_nid_idx" ON "session_devices" (session_id, nid);