phil/ezidam
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ezidam: oauth: redirect: get and check code, get user info, mark code as used, display html template

Browse source
This commit is contained in:
Philippe Loctaux 2023-03-18 00:40:11 +01:00
parent 719048e268
commit 827bba041a
15 changed files with 310 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

17
crates/authorization_codes/src/database.rs
View file

@ -1,11 +1,11 @@
use crate::error::Error; use crate::error::Error;
use crate::AuthorizationCodes; use crate::AuthorizationCode;
use chrono::{Duration, Utc}; use chrono::{Duration, Utc};
use database::sqlx::SqliteExecutor; use database::sqlx::SqliteExecutor;
use database::AuthorizationCodes as DatabaseAuthorizationCodes; use database::AuthorizationCodes as DatabaseAuthorizationCodes;
use id::{AppID, UserID}; use id::{AppID, UserID};
impl From<DatabaseAuthorizationCodes> for AuthorizationCodes { impl From<DatabaseAuthorizationCodes> for AuthorizationCode {
fn from(db: DatabaseAuthorizationCodes) -> Self { fn from(db: DatabaseAuthorizationCodes) -> Self {
Self { Self {
// Info // Info
@ -21,7 +21,7 @@ impl From<DatabaseAuthorizationCodes> for AuthorizationCodes {
} }
} }
impl AuthorizationCodes { impl AuthorizationCode {
pub async fn insert( pub async fn insert(
conn: impl SqliteExecutor<'_>, conn: impl SqliteExecutor<'_>,
code: &str, code: &str,
@ -39,4 +39,15 @@ impl AuthorizationCodes {
) )
.await?) .await?)
} }
pub async fn get_one(conn: impl SqliteExecutor<'_>, code: &str) -> Result<Option<Self>, Error> {
Ok(DatabaseAuthorizationCodes::get_one(conn, code)
.await?
.map(Self::from))
}
/// Consume AuthorizationCode, mark as used
pub async fn use_code(self, conn: impl SqliteExecutor<'_>) -> Result<Option<()>, Error> {
Ok(DatabaseAuthorizationCodes::use_code(conn, &self.code).await?)
}
} }

11
crates/authorization_codes/src/lib.rs
View file

@ -7,7 +7,7 @@ use id::{AppID, UserID};
pub use crate::error::Error; pub use crate::error::Error;
#[derive(Debug)] #[derive(Debug)]
pub struct AuthorizationCodes { pub struct AuthorizationCode {
// Info // Info
code: String, code: String,
app: AppID, app: AppID,
@ -18,3 +18,12 @@ pub struct AuthorizationCodes {
expires_at: DateTime<Utc>, expires_at: DateTime<Utc>,
used_at: Option<DateTime<Utc>>, used_at: Option<DateTime<Utc>>,
} }
impl AuthorizationCode {
pub fn has_been_used(&self) -> bool {
self.used_at.is_some()
}
pub fn has_expired(&self) -> bool {
self.expires_at < Utc::now()
}
}

9
crates/database/queries/authorization_codes/get_one.sql Normal file
View file

@ -0,0 +1,9 @@
select code,
app,
user,
created_at as "created_at: DateTime<Utc>",
expires_at as "expires_at: DateTime<Utc>",
used_at as "used_at: DateTime<Utc>"
from authorization_codes
where code is (?)

5
crates/database/queries/authorization_codes/use_code.sql Normal file
View file

@ -0,0 +1,5 @@
update authorization_codes
set used_at = CURRENT_TIMESTAMP
where code is ?

16
crates/database/queries/users/get_one_from_authorization_code.sql Normal file
View file

@ -0,0 +1,16 @@
select u.id,
u.created_at as "created_at: DateTime<Utc>",
u.updated_at as "updated_at: DateTime<Utc>",
u.is_admin as "is_admin: bool",
u.username,
u.name,
u.email,
u.password,
u.password_recover,
u.paper_key,
u.is_archived as "is_archived: bool"
from users u
inner join authorization_codes ac on u.id = ac.user
where ac.code is ?

136
crates/database/sqlx-data.json
View file

@ -292,6 +292,16 @@
}, },
"query": "select id,\n created_at as \"created_at: DateTime<Utc>\",\n revoked_at as \"revoked_at: DateTime<Utc>\",\n private_der,\n public_der\n\nfrom keys\nwhere revoked_at is null\norder by created_at desc\nlimit 1\n" "query": "select id,\n created_at as \"created_at: DateTime<Utc>\",\n revoked_at as \"revoked_at: DateTime<Utc>\",\n private_der,\n public_der\n\nfrom keys\nwhere revoked_at is null\norder by created_at desc\nlimit 1\n"
}, },
"7f26b73408318040f94fb6574d5cc25482cef1a57ba4c467fa0bc0fdf25bf39c": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Right": 1
}
},
"query": "update authorization_codes\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere code is ?"
},
"87906834faa6f185aee0e4d893b9754908b1c173e9dce383663d723891a89cd1": { "87906834faa6f185aee0e4d893b9754908b1c173e9dce383663d723891a89cd1": {
"describe": { "describe": {
"columns": [], "columns": [],
@ -478,6 +488,54 @@
}, },
"query": "select u.id,\n u.created_at as \"created_at: DateTime<Utc>\",\n u.updated_at as \"updated_at: DateTime<Utc>\",\n u.is_admin as \"is_admin: bool\",\n u.username,\n u.name,\n u.email,\n u.password,\n u.password_recover,\n u.paper_key,\n u.is_archived as \"is_archived: bool\"\nfrom users u\n\n inner join settings s on u.id = s.first_admin\n\nwhere u.is_admin is 1\n and u.is_archived is 0\n and u.id is s.first_admin\n\nlimit 1" "query": "select u.id,\n u.created_at as \"created_at: DateTime<Utc>\",\n u.updated_at as \"updated_at: DateTime<Utc>\",\n u.is_admin as \"is_admin: bool\",\n u.username,\n u.name,\n u.email,\n u.password,\n u.password_recover,\n u.paper_key,\n u.is_archived as \"is_archived: bool\"\nfrom users u\n\n inner join settings s on u.id = s.first_admin\n\nwhere u.is_admin is 1\n and u.is_archived is 0\n and u.id is s.first_admin\n\nlimit 1"
}, },
"cf624c4e122477228e3bab09f7cd0dedf4776f73e7a86f19e06772a0adf83406": {
"describe": {
"columns": [
{
"name": "code",
"ordinal": 0,
"type_info": "Text"
},
{
"name": "app",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "user",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "created_at: DateTime<Utc>",
"ordinal": 3,
"type_info": "Text"
},
{
"name": "expires_at: DateTime<Utc>",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "used_at: DateTime<Utc>",
"ordinal": 5,
"type_info": "Text"
}
],
"nullable": [
false,
false,
false,
false,
false,
true
],
"parameters": {
"Right": 1
}
},
"query": "select code,\n app,\n user,\n created_at as \"created_at: DateTime<Utc>\",\n expires_at as \"expires_at: DateTime<Utc>\",\n used_at as \"used_at: DateTime<Utc>\"\nfrom authorization_codes\n\nwhere code is (?)\n"
},
"d166553746afb2d3eaa1ddcb9986b7b9723258f4051bce8287038e3dd1ac928a": { "d166553746afb2d3eaa1ddcb9986b7b9723258f4051bce8287038e3dd1ac928a": {
"describe": { "describe": {
"columns": [ "columns": [
@ -737,5 +795,83 @@
} }
}, },
"query": "insert into keys (id, private_der, public_der)\nvalues (?, ?, ?)\n" "query": "insert into keys (id, private_der, public_der)\nvalues (?, ?, ?)\n"
},
"f745e4df7b92e295f31f95b17563fd67684736b61adb37289fdcd34114b12d12": {
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Text"
},
{
"name": "created_at: DateTime<Utc>",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "updated_at: DateTime<Utc>",
"ordinal": 2,
"type_info": "Text"
},
{
"name": "is_admin: bool",
"ordinal": 3,
"type_info": "Int64"
},
{
"name": "username",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "name",
"ordinal": 5,
"type_info": "Text"
},
{
"name": "email",
"ordinal": 6,
"type_info": "Text"
},
{
"name": "password",
"ordinal": 7,
"type_info": "Text"
},
{
"name": "password_recover",
"ordinal": 8,
"type_info": "Text"
},
{
"name": "paper_key",
"ordinal": 9,
"type_info": "Text"
},
{
"name": "is_archived: bool",
"ordinal": 10,
"type_info": "Int64"
}
],
"nullable": [
false,
false,
false,
false,
false,
true,
true,
true,
true,
true,
false
],
"parameters": {
"Right": 1
}
},
"query": "select u.id,\n u.created_at as \"created_at: DateTime<Utc>\",\n u.updated_at as \"updated_at: DateTime<Utc>\",\n u.is_admin as \"is_admin: bool\",\n u.username,\n u.name,\n u.email,\n u.password,\n u.password_recover,\n u.paper_key,\n u.is_archived as \"is_archived: bool\"\nfrom users u\n\n inner join authorization_codes ac on u.id = ac.user\n\nwhere ac.code is ?"
} }
} }

17
crates/database/src/tables/authorization_codes.rs
View file

@ -37,4 +37,21 @@ impl AuthorizationCodes {
Ok((query.rows_affected() == 1).then_some(())) Ok((query.rows_affected() == 1).then_some(()))
} }
pub async fn get_one(conn: impl SqliteExecutor<'_>, code: &str) -> Result<Option<Self>, Error> {
sqlx::query_file_as!(Self, "queries/authorization_codes/get_one.sql", code)
.fetch_optional(conn)
.await
.map_err(handle_error)
}
pub async fn use_code(conn: impl SqliteExecutor<'_>, code: &str) -> Result<Option<()>, Error> {
let query: SqliteQueryResult =
sqlx::query_file!("queries/authorization_codes/use_code.sql", code)
.execute(conn)
.await
.map_err(handle_error)?;
Ok((query.rows_affected() == 1).then_some(()))
}
} }

14
crates/database/src/tables/users.rs
View file

@ -71,4 +71,18 @@ impl Users {
.await .await
.map_err(handle_error) .map_err(handle_error)
} }
pub async fn get_one_from_authorization_code(
conn: impl SqliteExecutor<'_>,
code: &str,
) -> Result<Option<Self>, Error> {
sqlx::query_file_as!(
Self,
"queries/users/get_one_from_authorization_code.sql",
code
)
.fetch_optional(conn)
.await
.map_err(handle_error)
}
} }

10
crates/ezidam/src/page.rs
View file

@ -14,7 +14,7 @@ pub enum Page {
Setup, Setup,
Homepage(Homepage), Homepage(Homepage),
Authorize(Authorize), Authorize(Authorize),
Redirect, Redirect(Redirect),
} }
impl Page { impl Page {
@ -25,7 +25,7 @@ impl Page {
Page::Setup => "pages/setup", Page::Setup => "pages/setup",
Page::Homepage(_) => "pages/homepage", Page::Homepage(_) => "pages/homepage",
Page::Authorize(_) => "pages/oauth/authorize", Page::Authorize(_) => "pages/oauth/authorize",
Page::Redirect => "pages/oauth/redirect", Page::Redirect(_) => "pages/oauth/redirect",
} }
} }
@ -36,7 +36,7 @@ impl Page {
Page::Setup => "Setup", Page::Setup => "Setup",
Page::Homepage(_) => "Home", Page::Homepage(_) => "Home",
Page::Authorize(_) => "Authorize app", Page::Authorize(_) => "Authorize app",
Page::Redirect => "Redirecting", Page::Redirect(_) => "Redirecting",
} }
} }
@ -47,7 +47,7 @@ impl Page {
Page::Setup => None, Page::Setup => None,
Page::Homepage(_) => Some(Item::Home.into()), Page::Homepage(_) => Some(Item::Home.into()),
Page::Authorize(_) => None, Page::Authorize(_) => None,
Page::Redirect => None, Page::Redirect(_) => None,
} }
} }
@ -58,7 +58,7 @@ impl Page {
Page::Setup => Box::new(()), Page::Setup => Box::new(()),
Page::Homepage(homepage) => Box::new(homepage), Page::Homepage(homepage) => Box::new(homepage),
Page::Authorize(authorize) => Box::new(authorize), Page::Authorize(authorize) => Box::new(authorize),
Page::Redirect => Box::new(()), Page::Redirect(redirect) => Box::new(redirect),
} }
} }
} }

9
crates/ezidam/src/routes/oauth.rs
View file

@ -24,4 +24,13 @@ pub mod content {
pub app_name: String, pub app_name: String,
pub business_name: String, pub business_name: String,
} }
#[derive(Serialize)]
#[serde(crate = "rocket::serde")]
#[derive(Clone)]
pub struct Redirect {
pub user_id: String,
pub name: Option<String>,
pub username: String,
}
} }

4
crates/ezidam/src/routes/oauth/authorize.rs
View file

@ -1,6 +1,6 @@
use crate::routes::prelude::*; use crate::routes::prelude::*;
use apps::App; use apps::App;
use authorization_codes::AuthorizationCodes; use authorization_codes::AuthorizationCode;
use hash::SecretString; use hash::SecretString;
use rocket::{get, post}; use rocket::{get, post};
use settings::Settings; use settings::Settings;
@ -142,7 +142,7 @@ pub async fn authorize_form(
// Save authorization code // Save authorization code
let mut transaction = db.begin().await?; let mut transaction = db.begin().await?;
AuthorizationCodes::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?; AuthorizationCode::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?;
transaction.commit().await?; transaction.commit().await?;
// Construct uri to redirect to // Construct uri to redirect to

56
crates/ezidam/src/routes/oauth/redirect.rs
View file

@ -1,9 +1,53 @@
use crate::routes::prelude::*; use crate::routes::prelude::*;
use rocket::get; use authorization_codes::AuthorizationCode;
use rocket::{get, UriDisplayQuery};
use users::User;
#[get("/oauth/redirect")] #[derive(Debug, FromForm, UriDisplayQuery)]
pub async fn redirect_page(mut db: Connection<Database>) -> Result<Page> { pub struct RedirectRequest<'r> {
// TODO: make request to oauth token pub code: &'r str,
pub state: &'r str,
Ok(Page::Redirect) }
#[get("/oauth/redirect?<redirect_request..>")]
pub async fn redirect_page(
mut db: Connection<Database>,
redirect_request: RedirectRequest<'_>,
) -> Result<Page> {
let mut transaction = db.begin().await?;
// Get authorization code
let code = AuthorizationCode::get_one(&mut transaction, redirect_request.code)
.await?
.ok_or_else(|| Error::not_found("Could not find authorization code"))?;
// Make sure code has not been used
if code.has_been_used() {
// TODO: revoke all codes and refresh tokens for user
return Err(Error::bad_request(
"Authorization code has already been used",
));
}
// Make sure it has not expired
if code.has_expired() {
return Err(Error::bad_request("Authorization code has expired"));
}
// Get user info
let user = User::get_one_from_authorization_code(&mut transaction, redirect_request.code)
.await?
.ok_or_else(|| Error::not_found("Could not find user"))?;
// Mark code as used
code.use_code(&mut transaction).await?;
transaction.commit().await?;
// HTTP Response
Ok(Page::Redirect(super::content::Redirect {
user_id: user.id().to_string(),
name: user.name().map(String::from),
username: user.username().to_string(),
}))
} }

10
crates/ezidam/templates/pages/oauth/redirect.html.tera
View file

@ -18,8 +18,14 @@
</div> </div>
<div class="mb-4"> <div class="mb-4">
<span class="avatar avatar-xl mb-3" <span class="avatar avatar-xl mb-3"
style="background-image: url(/avatar/6NcYrAM3J9EKLiE?size=250)"></span> style="background-image: url(/avatar/{{ user_id }}?size=250)"></span>
<h3>Fullname or username</h3> <h3>
{% if name %}
{{ name }}
{% else %}
{{ username }}
{% endif %}
</h3>
</div> </div>
<div class="mb-4 container-slim progress progress-sm"> <div class="mb-4 container-slim progress progress-sm">
<div class="progress-bar progress-bar-indeterminate"></div> <div class="progress-bar progress-bar-indeterminate"></div>

9
crates/users/src/database.rs
View file

@ -87,4 +87,13 @@ impl User {
// Get user from username // Get user from username
Self::get_by_username(conn, login).await Self::get_by_username(conn, login).await
} }
pub async fn get_one_from_authorization_code(
conn: impl SqliteExecutor<'_>,
code: &str,
) -> Result<Option<Self>, Error> {
Ok(DatabaseUsers::get_one_from_authorization_code(conn, code)
.await?
.map(Self::from))
}
} }

6
crates/users/src/lib.rs
View file

@ -31,4 +31,10 @@ impl User {
pub fn password_hashed(&self) -> Option<&str> { pub fn password_hashed(&self) -> Option<&str> {
self.password.as_deref() self.password.as_deref()
} }
pub fn username(&self) -> &str {
&self.username
}
pub fn name(&self) -> Option<&str> {
self.name.as_deref()
}
} }