pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor dependencies to reduce code base size (#111)
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
Use crates to reduce code base size :

* `actix-remote-ip` to safely determine user IP location
* `light-openid` for the OpenID primitives & as client to handle federation

Reviewed-on: #111
This commit is contained in:
Pierre HUBERT
2023-04-29 11:11:24 +00:00
parent f262e6f183
commit 6cc9f4c54c
18 changed files with 112 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
src/data/provider_configuration.rs
View File

@ -1,38 +1,20 @@
use std::cell::RefCell;
use std::collections::HashMap;
use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
use base64::Engine as _;
use light_openid::primitives::{OpenIDConfig, OpenIDTokenResponse, OpenIDUserInfo};
use crate::actors::providers_states_actor::ProviderLoginState;
use crate::constants::OIDC_PROVIDERS_LIFETIME;
use crate::data::app_config::AppConfig;
use crate::data::jwt_signer::JsonWebKey;
use crate::data::openid_primitive::{OpenIDUserInfo, TokenResponse};
use crate::data::provider::Provider;
use crate::utils::err::Res;
use crate::utils::time::time;
#[derive(Debug, Clone, serde::Deserialize)]
pub struct ProviderDiscovery {
pub issuer: String,
pub authorization_endpoint: String,
pub token_endpoint: String,
pub userinfo_endpoint: Option<String>,
pub jwks_uri: String,
pub claims_supported: Option<Vec<String>>,
}
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct ProviderJWKs {
pub keys: Vec<JsonWebKey>,
}
/// Provider configuration
#[derive(Debug, Clone)]
pub struct ProviderConfiguration {
pub discovery: ProviderDiscovery,
//pub keys: ProviderJWKs,
pub discovery: OpenIDConfig,
pub expire: u64,
}
@ -52,41 +34,23 @@ impl ProviderConfiguration {
&self,
provider: &Provider,
authorization_code: &str,
) -> Res<TokenResponse> {
let authorization =
BASE64_STANDARD.encode(format!("{}:{}", provider.client_id, provider.client_secret));
) -> Res<OpenIDTokenResponse> {
let (token, _) = self
.discovery
.request_token(
&provider.client_id,
&provider.client_secret,
authorization_code,
&AppConfig::get().oidc_provider_redirect_url(),
)
.await?;
let redirect_url = AppConfig::get().oidc_provider_redirect_url();
let mut params = HashMap::new();
params.insert("grant_type", "authorization_code");
params.insert("code", authorization_code);
params.insert("redirect_uri", redirect_url.as_str());
Ok(reqwest::Client::new()
.post(&self.discovery.token_endpoint)
.header("Authorization", format!("Basic {authorization}"))
.form(&params)
.send()
.await?
.json()
.await?)
Ok(token)
}
/// Retrieve information about the user, using given [TokenResponse]
pub async fn get_userinfo(&self, token: &TokenResponse) -> Res<OpenIDUserInfo> {
Ok(reqwest::Client::new()
.get(
self.discovery
.userinfo_endpoint
.as_ref()
.expect("Userinfo endpoint is required by this implementation!"),
)
.header("Authorization", format!("Bearer {}", token.access_token))
.send()
.await?
.json()
.await?)
/// Retrieve information about the user, using a given [OpenIDTokenResponse]
pub async fn get_userinfo(&self, token: &OpenIDTokenResponse) -> Res<OpenIDUserInfo> {
Ok(self.discovery.request_user_info(token).await?.0)
}
}
@ -119,16 +83,8 @@ impl ProviderConfigurationHelper {
/// Get fresh configuration from provider
async fn fetch_configuration(provider: &Provider) -> Res<ProviderConfiguration> {
let discovery: ProviderDiscovery = reqwest::get(&provider.configuration_url)
.await?
.json()
.await?;
// let keys: ProviderJWKs = reqwest::get(&discovery.jwks_uri).await?.json().await?;
Ok(ProviderConfiguration {
discovery,
// keys,
discovery: OpenIDConfig::load_from_url(&provider.configuration_url).await?,
expire: time() + OIDC_PROVIDERS_LIFETIME,
})
}