phil/ezidam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ezidam: oauth: authorize for ezidam: fill ezidam app info from database, show app label on template

Browse source
This commit is contained in:
Philippe Loctaux 2023-03-15 22:01:53 +01:00
parent 95173b1a09
commit 396856eee5
2 changed files with 43 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

51
crates/ezidam/src/routes/oauth.rs
View file

@ -1,4 +1,5 @@
use super::prelude::*;
use apps::App;
use rocket::{get, post};
use settings::Settings;
use users::User;
@ -14,6 +15,7 @@ pub mod content {
#[serde(crate = "rocket::serde")]
#[derive(Clone)]
pub struct Authorize {
pub app_name: String,
pub business_name: String,
}
}
@ -27,13 +29,25 @@ async fn authorize_page(
auth_request: AuthenticationRequest<'_>,
) -> Result<Template> {
// TODO: parse "scope" and "response_type" -> from openid local crate
// TODO: check if app is valid
// TODO: check if redirect uri is a valid uri
// TODO: wrap checking in function
let mut transaction = db.begin().await?;
// TODO: wrap checking in function?
let app = App::get_one(
&mut transaction,
auth_request.client_id,
auth_request.redirect_uri,
)
.await?
.ok_or_else(|| Error::not_found(auth_request.client_id))?;
let settings = Settings::get(&mut transaction).await?;
transaction.commit().await?;
// Define content
let content = content::Authorize {
business_name: Settings::get(&mut *db).await?.business_name().into(),
app_name: app.label().into(),
business_name: settings.business_name().into(),
};
Ok(flash
@ -42,17 +56,26 @@ async fn authorize_page(
}
#[get("/oauth/authorize", rank = 3)]
async fn authorize_ezidam(mut db: Connection<Database>) -> Redirect {
// TODO: get ezidam app info from db
async fn authorize_ezidam(mut db: Connection<Database>) -> Result<Redirect> {
let mut transaction = db.begin().await?;
// Get ezidam app info
let app_id = "ezidam";
let app = App::get_one_by_id(&mut transaction, app_id)
.await?
.ok_or_else(|| Error::not_found(app_id))?;
transaction.commit().await?;
let request = AuthenticationRequest {
response_type: openid::CoreResponseType::Code.as_ref(),
response_mode: ResponseMode::Query,
scope: &openid::SupportedScopes::url_format(),
client_id: "ezidam TODO HERE",
redirect_uri: "put URI HERE",
client_id: app.id().as_ref(),
redirect_uri: app.redirect_uri(),
state: "TODO",
};
Redirect::to(uri!(authorize_page(auth_request = request)))
Ok(Redirect::to(uri!(authorize_page(auth_request = request))))
}
#[derive(Debug, FromForm)]
@ -69,6 +92,10 @@ fn flash(message: String, request: AuthenticationRequest) -> Flash<Redirect> {
)
}
fn invalid_form(request: AuthenticationRequest) -> Flash<Redirect> {
flash("Please fill out the form".to_string(), request)
}
fn invalid_credentials(login: &str, request: AuthenticationRequest) -> Flash<Redirect> {
flash(format!("Invalid credentials for {login}"), request)
}
@ -83,8 +110,12 @@ async fn authorize(
mut db: Connection<Database>,
auth_request: AuthenticationRequest<'_>,
) -> Result<Either<Redirect, Flash<Redirect>>> {
// TODO: check app and stuff AGAIN, this is important
// TODO: check app and stuff before doing anything AGAIN, this is important
// TODO: check if request uri matches
if form.login.is_empty() {
return Ok(Either::Right(invalid_form(auth_request)));
}
let form = form.into_inner();
let mut transaction = db.begin().await?;

4
crates/ezidam/templates/pages/oauth/authorize.html.tera
View file

@ -20,10 +20,10 @@
<div class="card card-md">
<div class="card-body">
<div class="text-center mb-2">
<h2 class="h2">Sign in</h2>
<h2 class="h2">Access {{ app_name }}</h2>
<p class="text-muted">With your {{ business_name }} account</p>
</div>
<form action="" method="post" autocomplete="off" novalidate>
<form action="" method="post" autocomplete="off" novalidate class="mt-4">
<div class="mb-3">
<label class="form-label">Login</label>
<input name="login" type="text" class="form-control" placeholder="Email or username"