Check if user is authorized to access an application before authenticating him

2022-04-09 12:24:03 +02:00 · 2022-04-09 12:24:03 +02:00 · 5633aae029
commit 5633aae029
parent b10215ae9c
2 changed files with 6 additions and 2 deletions
--- a/src/actors/openid_sessions_actor.rs
+++ b/src/actors/openid_sessions_actor.rs
@ -28,7 +28,7 @@ pub struct Session {

 impl Session {
    pub fn is_expired(&self) -> bool {
-        self.code_expire_on < time() || self.token_expire_at < time()
+        self.code_expire_on < time() && self.token_expire_at < time()
    }
 }

--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@ -111,7 +111,11 @@ pub async fn authorize(user: CurrentUser, query: web::Query<AuthorizeQuery>,
        (_, _) => None
    };

-    // TODO : Check if user is authorized to access the application
+    // Check if user is authorized to access the application
+    if !user.can_access_app(&client.id) {
+        return error_redirect(&query, "invalid_request",
+                              "User is not authorized to access this application!");
+    }

    // Save all authentication information in memory
    let session = Session {