pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update actix_identity
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Pierre HUBERT
2022-07-22 12:21:38 +02:00
parent 98313d07e6
commit 07542abf8b
10 changed files with 94 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/controllers/login_controller.rs
View File

@ -1,6 +1,6 @@
use actix::Addr;
use actix_identity::Identity;
use actix_web::{HttpResponse, Responder, web};
use actix_web::{HttpRequest, HttpResponse, Responder, web};
use askama::Template;
use crate::actors::{bruteforce_actor, users_actor};
@ -80,7 +80,8 @@ pub async fn login_route(
bruteforce: web::Data<Addr<BruteForceActor>>,
query: web::Query<LoginRequestQuery>,
req: Option<web::Form<LoginRequestBody>>,
id: Identity,
id: Option<Identity>,
http_req: HttpRequest,
) -> impl Responder {
let mut danger = None;
let mut success = None;
@ -97,27 +98,29 @@ pub async fn login_route(
// Check if user session must be closed
if let Some(true) = query.logout {
id.forget();
if let Some(id) = id {
id.logout();
}
success = Some("Goodbye!".to_string());
}
// Check if user is already authenticated
if SessionIdentity(&id).is_authenticated() {
else if SessionIdentity(id.as_ref()).is_authenticated() {
return redirect_user(query.redirect.get());
}
// Check if the password of the user has to be changed
if SessionIdentity(&id).need_new_password() {
else if SessionIdentity(id.as_ref()).need_new_password() {
return redirect_user(&format!("/reset_password?redirect={}", query.redirect.get_encoded()));
}
// Check if the user has to valide a second factor
if SessionIdentity(&id).need_2fa_auth() {
else if SessionIdentity(id.as_ref()).need_2fa_auth() {
return redirect_user(&format!("/2fa_auth?redirect={}", query.redirect.get_encoded()));
}
// Try to authenticate user
if let Some(req) = &req {
else if let Some(req) = &req {
login = req.login.clone();
let response: LoginResult = users
.send(users_actor::LoginRequest {
@ -129,13 +132,13 @@ pub async fn login_route(
match response {
LoginResult::Success(user) => {
SessionIdentity(&id).set_user(&user);
SessionIdentity(id.as_ref()).set_user(&http_req, &user);
return if user.need_reset_password {
SessionIdentity(&id).set_status(SessionStatus::NeedNewPassword);
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::NeedNewPassword);
redirect_user(&format!("/reset_password?redirect={}", query.redirect.get_encoded()))
} else if user.has_two_factor() {
SessionIdentity(&id).set_status(SessionStatus::Need2FA);
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::Need2FA);
redirect_user(&format!("/2fa_auth?redirect={}", query.redirect.get_encoded()))
} else {
redirect_user(query.redirect.get())
@ -189,12 +192,13 @@ pub struct PasswordResetQuery {
}
/// Reset user password route
pub async fn reset_password_route(id: Identity, query: web::Query<PasswordResetQuery>,
pub async fn reset_password_route(id: Option<Identity>, query: web::Query<PasswordResetQuery>,
req: Option<web::Form<ChangePasswordRequestBody>>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
users: web::Data<Addr<UsersActor>>,
http_req: HttpRequest) -> impl Responder {
let mut danger = None;
if !SessionIdentity(&id).need_new_password() {
if !SessionIdentity(id.as_ref()).need_new_password() {
return redirect_user_for_login(query.redirect.get());
}
@ -205,7 +209,7 @@ pub async fn reset_password_route(id: Identity, query: web::Query<PasswordResetQ
} else {
let res: ChangePasswordResult = users
.send(users_actor::ChangePasswordRequest {
user_id: SessionIdentity(&id).user_id(),
user_id: SessionIdentity(id.as_ref()).user_id(),
new_password: req.password.clone(),
temporary: false,
})
@ -215,7 +219,7 @@ pub async fn reset_password_route(id: Identity, query: web::Query<PasswordResetQ
if !res.0 {
danger = Some("Failed to change password!".to_string());
} else {
SessionIdentity(&id).set_status(SessionStatus::SignedIn);
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::SignedIn);
return redirect_user(query.redirect.get());
}
}
@ -246,13 +250,14 @@ pub struct ChooseSecondFactorQuery {
}
/// Let the user select the factor to use to authenticate
pub async fn choose_2fa_method(id: Identity, query: web::Query<ChooseSecondFactorQuery>,
pub async fn choose_2fa_method(id: Option<Identity>, query: web::Query<ChooseSecondFactorQuery>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
if !SessionIdentity(&id).need_2fa_auth() {
if !SessionIdentity(id.as_ref()).need_2fa_auth() {
log::trace!("User does not require 2fa auth, redirecting");
return redirect_user_for_login(query.redirect.get());
}
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(id.as_ref()).user_id()))
.await.unwrap().0.expect("Could not find user!");
// Automatically choose factor if there is only one factor
@ -290,16 +295,17 @@ pub struct LoginWithOTPForm {
/// Login with OTP
pub async fn login_with_otp(id: Identity, query: web::Query<LoginWithOTPQuery>,
pub async fn login_with_otp(id: Option<Identity>, query: web::Query<LoginWithOTPQuery>,
form: Option<web::Form<LoginWithOTPForm>>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
users: web::Data<Addr<UsersActor>>,
http_req: HttpRequest) -> impl Responder {
let mut danger = None;
if !SessionIdentity(&id).need_2fa_auth() {
if !SessionIdentity(id.as_ref()).need_2fa_auth() {
return redirect_user_for_login(query.redirect.get());
}
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(id.as_ref()).user_id()))
.await.unwrap().0.expect("Could not find user!");
let factor = match user.find_factor(&query.id) {
@ -318,7 +324,7 @@ pub async fn login_with_otp(id: Identity, query: web::Query<LoginWithOTPQuery>,
if !key.check_code(&form.code).unwrap_or(false) {
danger = Some("Specified code is invalid!".to_string());
} else {
SessionIdentity(&id).set_status(SessionStatus::SignedIn);
SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::SignedIn);
return redirect_user(query.redirect.get());
}
}
@ -344,14 +350,14 @@ pub struct LoginWithWebauthnQuery {
/// Login with Webauthn
pub async fn login_with_webauthn(id: Identity, query: web::Query<LoginWithWebauthnQuery>,
pub async fn login_with_webauthn(id: Option<Identity>, query: web::Query<LoginWithWebauthnQuery>,
manager: WebAuthManagerReq,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
if !SessionIdentity(&id).need_2fa_auth() {
if !SessionIdentity(id.as_ref()).need_2fa_auth() {
return redirect_user_for_login(query.redirect.get());
}
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(&id).user_id()))
let user: User = users.send(users_actor::GetUserRequest(SessionIdentity(id.as_ref()).user_id()))
.await.unwrap().0.expect("Could not find user!");
let factor = match user.find_factor(&query.id) {