never publish pointer payloads on message bus (#411)

internal/app/users/user_manager.go

@@ -82,7 +82,7 @@ func (m Manager) RegisterUser(ctx context.Context, user *domain.User) error {
 		return err
 	}
 
-	m.bus.Publish(app.TopicUserRegistered, createdUser)
+	m.bus.Publish(app.TopicUserRegistered, *createdUser)
 
 	return nil
 }
@@ -294,8 +294,8 @@ func (m Manager) ActivateApi(ctx context.Context, id domain.UserIdentifier) (*do
 		return nil, fmt.Errorf("update failure: %w", err)
 	}
 
-	m.bus.Publish(app.TopicUserUpdated, user)
+	m.bus.Publish(app.TopicUserUpdated, *user)
-	m.bus.Publish(app.TopicUserApiEnabled, user)
+	m.bus.Publish(app.TopicUserApiEnabled, *user)
 
 	return user, nil
 }
@@ -322,8 +322,8 @@ func (m Manager) DeactivateApi(ctx context.Context, id domain.UserIdentifier) (*
 		return nil, fmt.Errorf("update failure: %w", err)
 	}
 
-	m.bus.Publish(app.TopicUserUpdated, user)
+	m.bus.Publish(app.TopicUserUpdated, *user)
-	m.bus.Publish(app.TopicUserApiDisabled, user)
+	m.bus.Publish(app.TopicUserApiDisabled, *user)
 
 	return user, nil
 }
@@ -389,12 +389,14 @@ func (m Manager) validateCreation(ctx context.Context, new *domain.User) error {
 		return fmt.Errorf("reserved user identifier: %w", domain.ErrInvalidData)
 	}
 
-	if new.Source != domain.UserSourceDatabase {
+	// Admins are allowed to create users for arbitrary sources.
+	if new.Source != domain.UserSourceDatabase && !currentUser.IsAdmin {
 		return fmt.Errorf("invalid user source: %s, only %s is allowed: %w",
 			new.Source, domain.UserSourceDatabase, domain.ErrInvalidData)
 	}
 
-	if string(new.Password) == "" {
+	// database users must have a password
+	if new.Source == domain.UserSourceDatabase && string(new.Password) == "" {
 		return fmt.Errorf("invalid password: %w", domain.ErrInvalidData)
 	}
 
@@ -430,6 +432,8 @@ func (m Manager) validateApiChange(ctx context.Context, user *domain.User) error
 }
 
 func (m Manager) runLdapSynchronizationService(ctx context.Context) {
+	ctx = domain.SetUserInfo(ctx, domain.LdapSyncContextUserInfo()) // switch to service context for LDAP sync
+
 	for _, ldapCfg := range m.cfg.Auth.Ldap { // LDAP Auth providers
 		go func(cfg config.LdapProvider) {
 			syncInterval := cfg.SyncInterval

internal/app/wireguard/wireguard.go

@@ -112,7 +112,7 @@ func (m Manager) connectToMessageBus() {
 	_ = m.bus.Subscribe(app.TopicUserDeleted, m.handleUserDeletedEvent)
 }
 
-func (m Manager) handleUserCreationEvent(user *domain.User) {
+func (m Manager) handleUserCreationEvent(user domain.User) {
 	if !m.cfg.Core.CreateDefaultPeerOnCreation {
 		return
 	}

internal/domain/context.go

@@ -45,6 +45,14 @@ func SystemAdminContextUserInfo() *ContextUserInfo {
 	}
 }
 
+// LdapSyncContextUserInfo returns a context user info for the LDAP syncer.
+func LdapSyncContextUserInfo() *ContextUserInfo {
+	return &ContextUserInfo{
+		Id:      CtxSystemLdapSyncer,
+		IsAdmin: true,
+	}
+}
+
 // SetUserInfo sets the user info in the context.
 func SetUserInfo(ctx context.Context, info *ContextUserInfo) context.Context {
 	ctx = context.WithValue(ctx, CtxUserInfo, info)