ezidam: oauth: authorize: generate and save authorization code
This commit is contained in:
parent
471e2fc740
commit
bb4ff8a9f8
6 changed files with 33 additions and 4 deletions
1
Cargo.lock
generated
1
Cargo.lock
generated
|
|
@ -793,6 +793,7 @@ name = "ezidam"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"apps",
|
"apps",
|
||||||
|
"authorization_codes",
|
||||||
"database_pool",
|
"database_pool",
|
||||||
"erased-serde",
|
"erased-serde",
|
||||||
"futures",
|
"futures",
|
||||||
|
|
|
||||||
|
|
@ -22,3 +22,4 @@ hash = { path = "../hash" }
|
||||||
openid = { path = "../openid" }
|
openid = { path = "../openid" }
|
||||||
jwt = { path = "../jwt" }
|
jwt = { path = "../jwt" }
|
||||||
apps = { path = "../apps" }
|
apps = { path = "../apps" }
|
||||||
|
authorization_codes = { path = "../authorization_codes" }
|
||||||
|
|
|
||||||
|
|
@ -68,3 +68,9 @@ impl From<apps::GetValidError> for Error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl From<authorization_codes::Error> for Error {
|
||||||
|
fn from(e: authorization_codes::Error) -> Self {
|
||||||
|
Error::internal_server_error(e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,7 @@
|
||||||
use super::prelude::*;
|
use super::prelude::*;
|
||||||
use apps::App;
|
use apps::App;
|
||||||
|
use authorization_codes::AuthorizationCodes;
|
||||||
|
use hash::SecretString;
|
||||||
use rocket::{get, post};
|
use rocket::{get, post};
|
||||||
use settings::Settings;
|
use settings::Settings;
|
||||||
use users::User;
|
use users::User;
|
||||||
|
|
@ -132,6 +134,8 @@ async fn authorize(
|
||||||
return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
|
return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
|
||||||
};
|
};
|
||||||
|
|
||||||
|
transaction.commit().await?;
|
||||||
|
|
||||||
// Check if user is archived
|
// Check if user is archived
|
||||||
if user.is_archived() {
|
if user.is_archived() {
|
||||||
return Ok(Either::Right(user_archived(form.login, auth_request)));
|
return Ok(Either::Right(user_archived(form.login, auth_request)));
|
||||||
|
|
@ -149,11 +153,20 @@ async fn authorize(
|
||||||
return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
|
return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: get ip
|
// Generate authorization code
|
||||||
// TODO: refresh token + jwt
|
let code = task::spawn_blocking(|| SecretString::new(35)).await?;
|
||||||
|
|
||||||
// TODO: put more data
|
// Save authorization code
|
||||||
Ok(Either::Left(Redirect::to(app.redirect_uri().to_string())))
|
let mut transaction = db.begin().await?;
|
||||||
|
AuthorizationCodes::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?;
|
||||||
|
transaction.commit().await?;
|
||||||
|
|
||||||
|
// TODO: put code, state (if present)
|
||||||
|
|
||||||
|
// TODO: handle query, fragment, and form post
|
||||||
|
Ok(Either::Left(Redirect::found(
|
||||||
|
app.redirect_uri().to_string(),
|
||||||
|
)))
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: oauth redirect route for ezidam
|
// TODO: oauth redirect route for ezidam
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,11 @@ impl Default for SecretString {
|
||||||
Self::new(64)
|
Self::new(64)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
impl AsRef<str> for SecretString {
|
||||||
|
fn as_ref(&self) -> &str {
|
||||||
|
self.0.as_ref()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct Secret(Hash);
|
pub struct Secret(Hash);
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,9 @@ pub struct User {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl User {
|
impl User {
|
||||||
|
pub fn id(&self) -> &UserID {
|
||||||
|
&self.id
|
||||||
|
}
|
||||||
pub fn is_archived(&self) -> bool {
|
pub fn is_archived(&self) -> bool {
|
||||||
self.is_archived
|
self.is_archived
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue