Refactor code to prepare support of implicit flow
This commit is contained in:
parent
719416eea9
commit
24c7072c0c
@ -16,7 +16,7 @@ use crate::constants::*;
|
|||||||
use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
|
use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
|
||||||
use crate::data::action_logger::{Action, ActionLogger};
|
use crate::data::action_logger::{Action, ActionLogger};
|
||||||
use crate::data::app_config::AppConfig;
|
use crate::data::app_config::AppConfig;
|
||||||
use crate::data::client::{ClientID, ClientManager};
|
use crate::data::client::{AuthenticationFlow, ClientID, ClientManager};
|
||||||
use crate::data::code_challenge::CodeChallenge;
|
use crate::data::code_challenge::CodeChallenge;
|
||||||
use crate::data::current_user::CurrentUser;
|
use crate::data::current_user::CurrentUser;
|
||||||
use crate::data::id_token::IdToken;
|
use crate::data::id_token::IdToken;
|
||||||
@ -162,14 +162,6 @@ pub async fn authorize(
|
|||||||
return error_redirect(&query, "invalid_request", "openid scope missing!");
|
return error_redirect(&query, "invalid_request", "openid scope missing!");
|
||||||
}
|
}
|
||||||
|
|
||||||
if !query.response_type.eq("code") {
|
|
||||||
return error_redirect(
|
|
||||||
&query,
|
|
||||||
"invalid_request",
|
|
||||||
"Only code response type is supported!",
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if query.state.as_ref().map(String::is_empty).unwrap_or(false) {
|
if query.state.as_ref().map(String::is_empty).unwrap_or(false) {
|
||||||
return error_redirect(&query, "invalid_request", "State is specified but empty!");
|
return error_redirect(&query, "invalid_request", "State is specified but empty!");
|
||||||
}
|
}
|
||||||
@ -201,6 +193,13 @@ pub async fn authorize(
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check that requested authorization flow is supported
|
||||||
|
if query.response_type != "code" && query.response_type != "id_token" {
|
||||||
|
return error_redirect(&query, "invalid_request", "Unsupported authorization flow!");
|
||||||
|
}
|
||||||
|
|
||||||
|
match (client.auth_flow(), query.response_type.as_str()) {
|
||||||
|
(AuthenticationFlow::AuthorizationCode, "code") => {
|
||||||
// Save all authentication information in memory
|
// Save all authentication information in memory
|
||||||
let session = Session {
|
let session = Session {
|
||||||
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
|
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
|
||||||
@ -242,6 +241,23 @@ pub async fn authorize(
|
|||||||
.finish()
|
.finish()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//(AuthenticationFlow::Implicit, "id_token") => {}
|
||||||
|
(flow, code) => {
|
||||||
|
log::warn!(
|
||||||
|
"For client {:?}, configured with flow {:?}, made request with code {}",
|
||||||
|
client.id,
|
||||||
|
flow,
|
||||||
|
code
|
||||||
|
);
|
||||||
|
error_redirect(
|
||||||
|
&query,
|
||||||
|
"invalid_request",
|
||||||
|
"Requested authentication flow is unsupported / not configured for this client!",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(serde::Serialize)]
|
#[derive(serde::Serialize)]
|
||||||
struct ErrorResponse {
|
struct ErrorResponse {
|
||||||
error: String,
|
error: String,
|
||||||
|
@ -4,6 +4,7 @@ use crate::utils::string_utils::apply_env_vars;
|
|||||||
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
|
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
|
||||||
pub struct ClientID(pub String);
|
pub struct ClientID(pub String);
|
||||||
|
|
||||||
|
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
|
||||||
pub enum AuthenticationFlow {
|
pub enum AuthenticationFlow {
|
||||||
AuthorizationCode,
|
AuthorizationCode,
|
||||||
Implicit,
|
Implicit,
|
||||||
|
Loading…
Reference in New Issue
Block a user