ezidam: redirect: dont generate jwt + refresh token if already signed in

2023-03-19 22:52:53 +01:00 · 2023-03-19 22:52:53 +01:00 · bad54cece3
commit bad54cece3
parent 1dec56ed14
1 changed files with 54 additions and 51 deletions
--- a/crates/ezidam/src/routes/oauth/redirect.rs
+++ b/crates/ezidam/src/routes/oauth/redirect.rs
@ -21,6 +21,7 @@ pub struct RedirectRequest<'r> {
 #[get("/oauth/redirect?<redirect_request..>")]
 pub async fn redirect_page(
    mut db: Connection<Database>,
+    jwt_user: Option<JwtUser>,
    redirect_request: RedirectRequest<'_>,
    ip_address: &ClientRealAddr,
    cookie_jar: &CookieJar<'_>,
@ -75,65 +76,67 @@ pub async fn redirect_page(
        .map(String::from)
        .ok_or_else(|| Error::bad_request("Server url is not set"))?;

-    // TODO: refactor for "code" route
+    if jwt_user.is_none() {
+        // TODO: refactor for "code" route

-    // Generate refresh token
-    let refresh_token = task::spawn_blocking(|| SecretString::new(64)).await?;
+        // Generate refresh token
+        let refresh_token = task::spawn_blocking(|| SecretString::new(64)).await?;

-    // Refresh token duration in days
-    let refresh_token_duration = 21;
+        // Refresh token duration in days
+        let refresh_token_duration = 21;

-    // Insert refresh token in database
-    RefreshToken::insert(
-        &mut transaction,
-        refresh_token.as_ref(),
-        ip_address.get_ipv6_string().as_str(),
-        user.id(),
-        refresh_token_duration,
-    )
-    .await?;
+        // Insert refresh token in database
+        RefreshToken::insert(
+            &mut transaction,
+            refresh_token.as_ref(),
+            ip_address.get_ipv6_string().as_str(),
+            user.id(),
+            refresh_token_duration,
+        )
+        .await?;

-    // Add refresh token as a cookie
-    let mut cookie = Cookie::new("refresh_token", refresh_token.as_ref().to_string());
-    cookie.set_secure(true);
-    cookie.set_http_only(true);
-    cookie.set_same_site(SameSite::Strict);
-    cookie.set_max_age(Duration::days(refresh_token_duration));
-    cookie_jar.add(cookie);
+        // Add refresh token as a cookie
+        let mut cookie = Cookie::new("refresh_token", refresh_token.as_ref().to_string());
+        cookie.set_secure(true);
+        cookie.set_http_only(true);
+        cookie.set_same_site(SameSite::Strict);
+        cookie.set_max_age(Duration::days(refresh_token_duration));
+        cookie_jar.add(cookie);

-    // Get latest key from database
-    let key = Key::get_most_recent(&mut transaction)
-        .await?
-        .ok_or_else(|| Error::internal_server_error("Failed to get key to sign JWT"))?;
+        // Get latest key from database
+        let key = Key::get_most_recent(&mut transaction)
+            .await?
+            .ok_or_else(|| Error::internal_server_error("Failed to get key to sign JWT"))?;

-    // Make sure key has not been revoked
-    if key.is_revoked() {
-        return Err(Error::forbidden("Signing key has been revoked"));
+        // Make sure key has not been revoked
+        if key.is_revoked() {
+            return Err(Error::forbidden("Signing key has been revoked"));
+        }
+
+        // Import private key
+        let private_key =
+            task::spawn_blocking(move || PrivateKey::from_der(key.private_der(), key.key_id()))
+                .await??;
+
+        // TODO: get user roles
+        let roles = vec![];
+
+        // Access token duration in minutes
+        let access_token_duration = 15;
+
+        // Create jwt, sign and serialize
+        let jwt = JwtClaims::new(home_page.clone(), app.id().as_ref(), &user, roles)
+            .sign_serialize(&private_key, access_token_duration)?;
+
+        // Add jwt as a cookie
+        let mut cookie = Cookie::new("access_token", jwt);
+        cookie.set_secure(true);
+        cookie.set_http_only(true);
+        cookie.set_same_site(SameSite::Strict);
+        cookie.set_max_age(Duration::minutes(access_token_duration));
+        cookie_jar.add(cookie);
    }

-    // Import private key
-    let private_key =
-        task::spawn_blocking(move || PrivateKey::from_der(key.private_der(), key.key_id()))
-            .await??;
-
-    // TODO: get user roles
-    let roles = vec![];
-
-    // Access token duration in minutes
-    let access_token_duration = 15;
-
-    // Create jwt, sign and serialize
-    let jwt = JwtClaims::new(home_page.clone(), app.id().as_ref(), &user, roles)
-        .sign_serialize(&private_key, access_token_duration)?;
-
-    // Add jwt as a cookie
-    let mut cookie = Cookie::new("access_token", jwt);
-    cookie.set_secure(true);
-    cookie.set_http_only(true);
-    cookie.set_same_site(SameSite::Strict);
-    cookie.set_max_age(Duration::minutes(access_token_duration));
-    cookie_jar.add(cookie);
-
    transaction.commit().await?;

    // HTTP Response