ezidam: oauth: authorize: generate and save authorization code
This commit is contained in:
parent
471e2fc740
commit
bb4ff8a9f8
6 changed files with 33 additions and 4 deletions
|
|
@ -22,3 +22,4 @@ hash = { path = "../hash" }
|
|||
openid = { path = "../openid" }
|
||||
jwt = { path = "../jwt" }
|
||||
apps = { path = "../apps" }
|
||||
authorization_codes = { path = "../authorization_codes" }
|
||||
|
|
|
|||
|
|
@ -68,3 +68,9 @@ impl From<apps::GetValidError> for Error {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<authorization_codes::Error> for Error {
|
||||
fn from(e: authorization_codes::Error) -> Self {
|
||||
Error::internal_server_error(e)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
use super::prelude::*;
|
||||
use apps::App;
|
||||
use authorization_codes::AuthorizationCodes;
|
||||
use hash::SecretString;
|
||||
use rocket::{get, post};
|
||||
use settings::Settings;
|
||||
use users::User;
|
||||
|
|
@ -132,6 +134,8 @@ async fn authorize(
|
|||
return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
|
||||
};
|
||||
|
||||
transaction.commit().await?;
|
||||
|
||||
// Check if user is archived
|
||||
if user.is_archived() {
|
||||
return Ok(Either::Right(user_archived(form.login, auth_request)));
|
||||
|
|
@ -149,11 +153,20 @@ async fn authorize(
|
|||
return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
|
||||
}
|
||||
|
||||
// TODO: get ip
|
||||
// TODO: refresh token + jwt
|
||||
// Generate authorization code
|
||||
let code = task::spawn_blocking(|| SecretString::new(35)).await?;
|
||||
|
||||
// TODO: put more data
|
||||
Ok(Either::Left(Redirect::to(app.redirect_uri().to_string())))
|
||||
// Save authorization code
|
||||
let mut transaction = db.begin().await?;
|
||||
AuthorizationCodes::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?;
|
||||
transaction.commit().await?;
|
||||
|
||||
// TODO: put code, state (if present)
|
||||
|
||||
// TODO: handle query, fragment, and form post
|
||||
Ok(Either::Left(Redirect::found(
|
||||
app.redirect_uri().to_string(),
|
||||
)))
|
||||
}
|
||||
|
||||
// TODO: oauth redirect route for ezidam
|
||||
|
|
|
|||
|
|
@ -15,6 +15,11 @@ impl Default for SecretString {
|
|||
Self::new(64)
|
||||
}
|
||||
}
|
||||
impl AsRef<str> for SecretString {
|
||||
fn as_ref(&self) -> &str {
|
||||
self.0.as_ref()
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct Secret(Hash);
|
||||
|
|
|
|||
|
|
@ -22,6 +22,9 @@ pub struct User {
|
|||
}
|
||||
|
||||
impl User {
|
||||
pub fn id(&self) -> &UserID {
|
||||
&self.id
|
||||
}
|
||||
pub fn is_archived(&self) -> bool {
|
||||
self.is_archived
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue