From 3bc53b8f915bb0a20b4f4e864dd0fb3fca6aa164 Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Tue, 25 Apr 2023 17:44:51 +0200 Subject: [PATCH] Redirect user for authentication --- src/constants.rs | 3 +++ src/controllers/providers_controller.rs | 6 ++++-- src/data/provider_configuration.rs | 16 +++++++++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/constants.rs b/src/constants.rs index e357dd2..5ee6a30 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -80,3 +80,6 @@ pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15; /// OpenID providers configuration constants pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600; + +/// OpenID provider callback URI +pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb"; diff --git a/src/controllers/providers_controller.rs b/src/controllers/providers_controller.rs index 50ca53b..c7624f3 100644 --- a/src/controllers/providers_controller.rs +++ b/src/controllers/providers_controller.rs @@ -5,7 +5,7 @@ use actix_web::{web, HttpResponse, Responder}; use crate::actors::providers_states_actor; use crate::actors::providers_states_actor::{ProviderLoginState, ProvidersStatesActor}; -use crate::controllers::base_controller::build_fatal_error_page; +use crate::controllers::base_controller::{build_fatal_error_page, redirect_user}; use crate::data::action_logger::{Action, ActionLogger}; use crate::data::login_redirect::LoginRedirect; use crate::data::provider::{ProviderID, ProvidersManager}; @@ -65,7 +65,9 @@ pub async fn start_login( log::debug!("Provider configuration: {:?}", config); - HttpResponse::Ok().body(state.state_id) + let url = config.auth_url(&provider, &state); + log::debug!("Redirect user on {url} for authorization",); // Redirect user + redirect_user(&url) } diff --git a/src/data/provider_configuration.rs b/src/data/provider_configuration.rs index c1ccd43..2fe1f92 100644 --- a/src/data/provider_configuration.rs +++ b/src/data/provider_configuration.rs @@ -1,7 +1,9 @@ +use crate::actors::providers_states_actor::ProviderLoginState; use std::cell::RefCell; use std::collections::HashMap; -use crate::constants::OIDC_PROVIDERS_LIFETIME; +use crate::constants::{OIDC_PROVIDERS_LIFETIME, OIDC_PROVIDER_CB_URI}; +use crate::data::app_config::AppConfig; use crate::data::jwt_signer::JsonWebKey; use crate::data::provider::Provider; use crate::utils::err::Res; @@ -30,6 +32,18 @@ pub struct ProviderConfiguration { pub expire: u64, } +impl ProviderConfiguration { + /// Get the URL where a user should be redirected to authenticate + pub fn auth_url(&self, provider: &Provider, state: &ProviderLoginState) -> String { + let authorization_url = &self.discovery.authorization_endpoint; + let client_id = urlencoding::encode(&provider.client_id).to_string(); + let state = urlencoding::encode(&state.state_id).to_string(); + let callback_url = AppConfig::get().full_url(OIDC_PROVIDER_CB_URI); + + format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}") + } +} + thread_local! { static THREAD_CACHE: RefCell> = RefCell::new(Default::default()); }