BasicOIDC/src/data/session_identity.rs

use actix_identity::Identity;
use serde::{Deserialize, Serialize};

use crate::constants::{MAX_SESSION_DURATION, MIN_ACTIVITY_RECORD_TIME};
use crate::data::user::User;
use crate::utils::time::time;

#[derive(Debug, Serialize, Deserialize, Eq, PartialEq)]
pub enum SessionStatus {
    Invalid,
    SignedIn,
    NeedNewPassword,
    NeedMFA,
}

impl Default for SessionStatus {
    fn default() -> Self {
        Self::Invalid
    }
}


#[derive(Debug, Serialize, Deserialize, Default)]
struct SessionIdentityData {
    pub id: String,
    pub is_admin: bool,
    last_access: u64,
    pub status: SessionStatus,

    // TODO : add session max duration (1 day)
}

pub struct SessionIdentity<'a>(pub &'a Identity);

impl<'a> SessionIdentity<'a> {
    pub fn set_user(&self, user: &User) {
        self.set_session_data(&SessionIdentityData {
            id: user.uid.clone(),
            is_admin: user.admin,
            last_access: time(),
            status: SessionStatus::SignedIn,
        });
    }

    fn get_session_data(&self) -> Option<SessionIdentityData> {
        let mut res: Option<SessionIdentityData> = self.0.identity()
            .as_ref()
            .map(String::as_str)
            .map(serde_json::from_str)
            .map(|f| f.expect("Failed to deserialize session data!"));

        // Check if session is valid
        if let Some(sess) = &res {
            if sess.id.is_empty() {
                return None;
            }
        }

        if let Some(session) = res.as_mut() {
            if session.last_access + MAX_SESSION_DURATION < time() {
                log::info!("Session is expired for {}", session.id);
                self.0.forget();
                return None;
            }

            if session.last_access + MIN_ACTIVITY_RECORD_TIME < time() {
                log::debug!("Refresh last access for session");
                session.last_access = time();
                self.set_session_data(session);
            }
        }

        res
    }

    fn set_session_data(&self, data: &SessionIdentityData) {
        let s = serde_json::to_string(data)
            .expect("Failed to serialize session data!");

        self.0.remember(s);
    }

    pub fn set_status(&self, status: SessionStatus) {
        let mut sess = self.get_session_data().unwrap_or_default();
        sess.status = status;
        self.set_session_data(&sess);
    }

    pub fn is_authenticated(&self) -> bool {
        self.get_session_data()
            .map(|s| s.status == SessionStatus::SignedIn)
            .unwrap_or(false)
    }

    pub fn need_new_password(&self) -> bool {
        self.get_session_data()
            .map(|s| s.status == SessionStatus::NeedNewPassword)
            .unwrap_or(false)
    }

    pub fn user_id(&self) -> String {
        self.get_session_data()
            .unwrap_or_default()
            .id
    }
}
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`use actix_identity::Identity;`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`use serde::{Deserialize, Serialize};`
Redirect user after successful login 2022-04-01 16:59:17 +00:00
Refactor sessions management 2022-04-01 20:51:33 +00:00			`use crate::constants::{MAX_SESSION_DURATION, MIN_ACTIVITY_RECORD_TIME};`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`use crate::data::user::User;`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`use crate::utils::time::time;`

			`#[derive(Debug, Serialize, Deserialize, Eq, PartialEq)]`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`pub enum SessionStatus {`
			`Invalid,`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`SignedIn,`
			`NeedNewPassword,`
			`NeedMFA,`
			`}`
Redirect user after successful login 2022-04-01 16:59:17 +00:00
Can request new user password on login 2022-04-02 06:30:01 +00:00			`impl Default for SessionStatus {`
			`fn default() -> Self {`
			`Self::Invalid`
			`}`
			`}`


			`#[derive(Debug, Serialize, Deserialize, Default)]`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`struct SessionIdentityData {`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`pub id: String,`
			`pub is_admin: bool,`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`last_access: u64,`
			`pub status: SessionStatus,`
Can request new user password on login 2022-04-02 06:30:01 +00:00
			`// TODO : add session max duration (1 day)`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`

Refactor sessions management 2022-04-01 20:51:33 +00:00			`pub struct SessionIdentity<'a>(pub &'a Identity);`

			`impl<'a> SessionIdentity<'a> {`
			`pub fn set_user(&self, user: &User) {`
			`self.set_session_data(&SessionIdentityData {`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`id: user.uid.clone(),`
			`is_admin: user.admin,`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`last_access: time(),`
			`status: SessionStatus::SignedIn,`
			`});`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`

Refactor sessions management 2022-04-01 20:51:33 +00:00			`fn get_session_data(&self) -> Option<SessionIdentityData> {`
			`let mut res: Option<SessionIdentityData> = self.0.identity()`
			`.as_ref()`
			`.map(String::as_str)`
			`.map(serde_json::from_str)`
			`.map(\|f\| f.expect("Failed to deserialize session data!"));`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`// Check if session is valid`
			`if let Some(sess) = &res {`
			`if sess.id.is_empty() {`
			`return None;`
			`}`
			`}`

Refactor sessions management 2022-04-01 20:51:33 +00:00			`if let Some(session) = res.as_mut() {`
			`if session.last_access + MAX_SESSION_DURATION < time() {`
			`log::info!("Session is expired for {}", session.id);`
			`self.0.forget();`
			`return None;`
			`}`

			`if session.last_access + MIN_ACTIVITY_RECORD_TIME < time() {`
			`log::debug!("Refresh last access for session");`
			`session.last_access = time();`
			`self.set_session_data(session);`
			`}`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`
Refactor sessions management 2022-04-01 20:51:33 +00:00
			`res`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`

Refactor sessions management 2022-04-01 20:51:33 +00:00			`fn set_session_data(&self, data: &SessionIdentityData) {`
			`let s = serde_json::to_string(data)`
			`.expect("Failed to serialize session data!");`

			`self.0.remember(s);`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`pub fn set_status(&self, status: SessionStatus) {`
			`let mut sess = self.get_session_data().unwrap_or_default();`
			`sess.status = status;`
			`self.set_session_data(&sess);`
			`}`

Refactor sessions management 2022-04-01 20:51:33 +00:00			`pub fn is_authenticated(&self) -> bool {`
			`self.get_session_data()`
			`.map(\|s\| s.status == SessionStatus::SignedIn)`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`.unwrap_or(false)`
			`}`
Can request new user password on login 2022-04-02 06:30:01 +00:00
			`pub fn need_new_password(&self) -> bool {`
			`self.get_session_data()`
			`.map(\|s\| s.status == SessionStatus::NeedNewPassword)`
			`.unwrap_or(false)`
			`}`

			`pub fn user_id(&self) -> String {`
			`self.get_session_data()`
			`.unwrap_or_default()`
			`.id`
			`}`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`