//! # Admin account controller //! //! @author Pierre Hubert use crate::api_data::admin::admin_auth_options::AdminAuthOptions; use crate::api_data::admin::admin_auth_success::AdminAuthSuccess; use crate::api_data::admin::admin_id_api::AdminIDAPI; use crate::api_data::admin::admin_info_api::AdminInfoAPI; use crate::api_data::admin::admin_keys_api::AdminKeyAPI; use crate::data::admin::{AdminKey, NewAdminGeneralSettings}; use crate::data::base_request_handler::BaseRequestHandler; use crate::data::error::Res; use crate::data::http_request_handler::HttpRequestHandler; use crate::data::webauthn_config::get_wan; use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_account_key_helper, admin_key_authentication_challenges_helper, admin_key_registration_challenges_helper}; use crate::routes::RequestResult; use crate::utils::date_utils::time; impl HttpRequestHandler { pub fn post_admin_auth_key(&mut self, name_mail: &str, name_key_id: &str) -> Res { let mail = self.post_string(name_mail)?; let key_id = self.post_u64(name_key_id)?; let admin = admin_account_helper::find_admin_by_email(&mail)?; let keys = admin_account_key_helper::get_admin_keys(admin.id)?; let key = keys.into_iter() .filter(|k| k.id == key_id) .next(); match key { Some(key) => Ok(key), None => Err(self.bad_request("The key is not associated with this account!".to_string()).unwrap_err()) } } } /// Get admin auth options pub fn get_auth_options(r: &mut HttpRequestHandler) -> RequestResult { let mail = r.post_email("mail")?; let admin = admin_account_helper::find_admin_by_email(&mail)?; let keys = admin_account_key_helper::get_admin_keys(admin.id)?; r.set_response(AdminAuthOptions::new(&admin, &keys)) } /// Login admin using a reset token pub fn auth_with_reset_token(r: &mut HttpRequestHandler) -> RequestResult { let reset_token = r.post_string("token")?; let admin = admin_account_helper::find_admin_by_email(&r.post_email("mail")?)?; let token = r.some_or_internal_error( admin.reset_token, "Specified user has not valid reset token for now!", )?; if !token.token.eq(&reset_token) || time() > token.expire { return r.forbidden("Specified reset token is invalid!".to_string()); } let token = admin_access_token_helper::create(admin.id)?; r.set_response(AdminAuthSuccess::new(token)) } /// Sign out current admin pub fn sign_out(r: &mut HttpRequestHandler) -> RequestResult { admin_access_token_helper::destroy(r.admin_id()?)?; r.ok() } /// Get current admin ID pub fn get_admin_id(r: &mut HttpRequestHandler) -> RequestResult { r.set_response(AdminIDAPI::new(r.admin_id()?)) } /// Get current admin information pub fn get_admin_info(r: &mut HttpRequestHandler) -> RequestResult { let admin = match r.has_post_parameter("id") { false => admin_account_helper::find_admin_by_id(r.admin_id()?)?, true => { let admin_id = r.post_admin_id("id")?; admin_account_helper::find_admin_by_id(admin_id)? } }; r.set_response(AdminInfoAPI::new(&admin)) } /// Get an admin keys pub fn get_keys_list(r: &mut HttpRequestHandler) -> RequestResult { let admin_id = r.post_admin_id("id")?; if admin_id != r.admin_id()? { // TODO : implement unimplemented!(); } let keys = admin_account_key_helper::get_admin_keys(admin_id)?; r.set_response(keys.iter().map(AdminKeyAPI::new).collect::>()) } /// Update general settings pub fn update_general_settings(r: &mut HttpRequestHandler) -> RequestResult { let admin_id = r.post_admin_id("id")?; let new_name = r.post_string("name")?; let new_email = r.post_email("email")?; if admin_id != r.admin_id()? { // TODO unimplemented!(); } admin_account_helper::set_general_settings(NewAdminGeneralSettings { id: admin_id, name: new_name, email: new_email, })?; r.ok() } /// Generate a challenge to register a new key pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult { let mut wan = get_wan(); let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?; admin_key_registration_challenges_helper::set(r.admin_id()?, state)?; r.set_response(res) } /// Register key pub fn register_key(r: &mut HttpRequestHandler) -> RequestResult { let name = r.post_string("name")?; let creds = r.post_register_public_key_credential("key")?; let state = r.some_or_internal_error( admin_key_registration_challenges_helper::get(r.admin_id()?)?, "No challenge found!", )?; let wan = get_wan(); let key = wan.register_credential(creds, state, |_| Ok(false))?; admin_account_key_helper::add_key(r.admin_id()?, &name, key)?; r.ok() } /// Delete an admin auth key pub fn delete_auth_key(r: &mut HttpRequestHandler) -> RequestResult { let admin_id = r.post_admin_id("adminID")?; let key_id = r.post_u64("keyID")?; if admin_id != r.admin_id()? { unimplemented!(); // TODO } for key in admin_account_key_helper::get_admin_keys(admin_id)? { if key.id == key_id { admin_account_key_helper::delete_key(key)?; return r.ok(); } } r.not_found("Requested key was not found!".to_string()) } /// Generate a challenge to authenticate with a security key pub fn challenge_auth_with_key(r: &mut HttpRequestHandler) -> RequestResult { let key = r.post_admin_auth_key("mail", "key_id")?; let (challenge_response, auth_state) = get_wan().generate_challenge_authenticate(vec![key.key], None)?; admin_key_authentication_challenges_helper::set(key.id, auth_state)?; r.set_response(challenge_response) } /// Authenticate a user with a security key pub fn auth_with_key(r: &mut HttpRequestHandler) -> RequestResult { let key = r.post_admin_auth_key("mail", "key_id")?; let credentials = r.post_auth_public_key_credential("credential")?; let state = r.some_or_internal_error( admin_key_authentication_challenges_helper::get(key.id)?, "Associated authentication state not found!", )?; // Perform authentication let state = get_wan().authenticate_credential(credentials, state)?; r.some_or_bad_request(state, "Invalid key!")?; // Generate access token let token = admin_access_token_helper::create(key.admin_id)?; r.set_response(AdminAuthSuccess::new(token)) }