ezidam: oauth: authorize: generate and save authorization code

2023-03-16 23:20:27 +01:00 · 2023-03-16 23:20:27 +01:00 · bb4ff8a9f8
commit bb4ff8a9f8
parent 471e2fc740
6 changed files with 33 additions and 4 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -793,6 +793,7 @@ name = "ezidam"
 version = "0.1.0"
 dependencies = [
 "apps",
+ "authorization_codes",
 "database_pool",
 "erased-serde",
 "futures",
--- a/crates/ezidam/Cargo.toml
+++ b/crates/ezidam/Cargo.toml
@ -22,3 +22,4 @@ hash = { path = "../hash" }
 openid = { path = "../openid" }
 jwt = { path = "../jwt" }
 apps = { path = "../apps" }
+authorization_codes = { path = "../authorization_codes" }
--- a/crates/ezidam/src/error/conversion.rs
+++ b/crates/ezidam/src/error/conversion.rs
@ -68,3 +68,9 @@ impl From<apps::GetValidError> for Error {
        }
    }
 }
+
+impl From<authorization_codes::Error> for Error {
+    fn from(e: authorization_codes::Error) -> Self {
+        Error::internal_server_error(e)
+    }
+}
--- a/crates/ezidam/src/routes/oauth.rs
+++ b/crates/ezidam/src/routes/oauth.rs
@ -1,5 +1,7 @@
 use super::prelude::*;
 use apps::App;
+use authorization_codes::AuthorizationCodes;
+use hash::SecretString;
 use rocket::{get, post};
 use settings::Settings;
 use users::User;
@ -132,6 +134,8 @@ async fn authorize(
        return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
    };

+    transaction.commit().await?;
+
    // Check if user is archived
    if user.is_archived() {
        return Ok(Either::Right(user_archived(form.login, auth_request)));
@ -149,11 +153,20 @@ async fn authorize(
        return Ok(Either::Right(invalid_credentials(form.login, auth_request)));
    }

-    // TODO: get ip
-    // TODO: refresh token + jwt
+    // Generate authorization code
+    let code = task::spawn_blocking(|| SecretString::new(35)).await?;

-    // TODO: put more data
-    Ok(Either::Left(Redirect::to(app.redirect_uri().to_string())))
+    // Save authorization code
+    let mut transaction = db.begin().await?;
+    AuthorizationCodes::insert(&mut transaction, code.as_ref(), app.id(), user.id()).await?;
+    transaction.commit().await?;
+
+    // TODO: put code, state (if present)
+
+    // TODO: handle query, fragment, and form post
+    Ok(Either::Left(Redirect::found(
+        app.redirect_uri().to_string(),
+    )))
 }

 // TODO: oauth redirect route for ezidam
--- a/crates/hash/src/secret.rs
+++ b/crates/hash/src/secret.rs
@ -15,6 +15,11 @@ impl Default for SecretString {
        Self::new(64)
    }
 }
+impl AsRef<str> for SecretString {
+    fn as_ref(&self) -> &str {
+        self.0.as_ref()
+    }
+}

 #[derive(Debug)]
 pub struct Secret(Hash);
--- a/crates/users/src/lib.rs
+++ b/crates/users/src/lib.rs
@ -22,6 +22,9 @@ pub struct User {
 }

 impl User {
+    pub fn id(&self) -> &UserID {
+        &self.id
+    }
    pub fn is_archived(&self) -> bool {
        self.is_archived
    }