From bb4ff8a9f80669b59ef0d30e88d93a377fc4d7ac Mon Sep 17 00:00:00 2001 From: Philippe Loctaux Date: Thu, 16 Mar 2023 23:20:27 +0100 Subject: [PATCH] ezidam: oauth: authorize: generate and save authorization code --- Cargo.lock | 1 + crates/ezidam/Cargo.toml | 1 + crates/ezidam/src/error/conversion.rs | 6 ++++++ crates/ezidam/src/routes/oauth.rs | 21 +++++++++++++++++---- crates/hash/src/secret.rs | 5 +++++ crates/users/src/lib.rs | 3 +++ 6 files changed, 33 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 554495a..5fa1c30 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -793,6 +793,7 @@ name = "ezidam" version = "0.1.0" dependencies = [ "apps", + "authorization_codes", "database_pool", "erased-serde", "futures", diff --git a/crates/ezidam/Cargo.toml b/crates/ezidam/Cargo.toml index b8ebbd6..5c3f596 100644 --- a/crates/ezidam/Cargo.toml +++ b/crates/ezidam/Cargo.toml @@ -22,3 +22,4 @@ hash = { path = "../hash" } openid = { path = "../openid" } jwt = { path = "../jwt" } apps = { path = "../apps" } +authorization_codes = { path = "../authorization_codes" } diff --git a/crates/ezidam/src/error/conversion.rs b/crates/ezidam/src/error/conversion.rs index 2ccb611..7b671b3 100644 --- a/crates/ezidam/src/error/conversion.rs +++ b/crates/ezidam/src/error/conversion.rs @@ -68,3 +68,9 @@ impl From for Error { } } } + +impl From for Error { + fn from(e: authorization_codes::Error) -> Self { + Error::internal_server_error(e) + } +} diff --git a/crates/ezidam/src/routes/oauth.rs b/crates/ezidam/src/routes/oauth.rs index 3372bfc..799c165 100644 --- a/crates/ezidam/src/routes/oauth.rs +++ b/crates/ezidam/src/routes/oauth.rs @@ -1,5 +1,7 @@ use super::prelude::*; use apps::App; +use authorization_codes::AuthorizationCodes; +use hash::SecretString; use rocket::{get, post}; use settings::Settings; use users::User; @@ -132,6 +134,8 @@ async fn authorize( return Ok(Either::Right(invalid_credentials(form.login, auth_request))); }; + transaction.commit().await?; + // Check if user is archived if user.is_archived() { return Ok(Either::Right(user_archived(form.login, auth_request))); @@ -149,11 +153,20 @@ async fn authorize( return Ok(Either::Right(invalid_credentials(form.login, auth_request))); } - // TODO: get ip - // TODO: refresh token + jwt + // Generate authorization code + let code = task::spawn_blocking(|| SecretString::new(35)).await?; - // TODO: put more data - Ok(Either::Left(Redirect::to(app.redirect_uri().to_string()))) + // Save authorization code + let mut transaction = db.begin().await?; + AuthorizationCodes::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?; + transaction.commit().await?; + + // TODO: put code, state (if present) + + // TODO: handle query, fragment, and form post + Ok(Either::Left(Redirect::found( + app.redirect_uri().to_string(), + ))) } // TODO: oauth redirect route for ezidam diff --git a/crates/hash/src/secret.rs b/crates/hash/src/secret.rs index 7c30f28..6461733 100644 --- a/crates/hash/src/secret.rs +++ b/crates/hash/src/secret.rs @@ -15,6 +15,11 @@ impl Default for SecretString { Self::new(64) } } +impl AsRef for SecretString { + fn as_ref(&self) -> &str { + self.0.as_ref() + } +} #[derive(Debug)] pub struct Secret(Hash); diff --git a/crates/users/src/lib.rs b/crates/users/src/lib.rs index 922ee9d..52ac11c 100644 --- a/crates/users/src/lib.rs +++ b/crates/users/src/lib.rs @@ -22,6 +22,9 @@ pub struct User { } impl User { + pub fn id(&self) -> &UserID { + &self.id + } pub fn is_archived(&self) -> bool { self.is_archived }