Add default clients (#105)

* Add the possibility to create client enabled by default when creating new accounts
* Can mark clients are granted for all users, regardless of users accounts grants

Reviewed-on: #105

src/data/client.rs

@@ -6,11 +6,28 @@ pub struct ClientID(pub String);
 
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
 pub struct Client {
+    /// The ID of the client
     pub id: ClientID,
+
+    /// The human-readable name of the client
     pub name: String,
+
+    /// A short description of the service provided by the client
     pub description: String,
+
+    /// The secret used by the client to retrieve authenticated users information
     pub secret: String,
+
+    /// The URI where the users should be redirected once authenticated
     pub redirect_uri: String,
+
+    /// Specify if the client must be allowed by default for new account
+    #[serde(default = "bool::default")]
+    pub default: bool,
+
+    /// Specify whether a client is granted to all users
+    #[serde(default = "bool::default")]
+    pub granted_to_all_users: bool,
 }
 
 impl PartialEq for Client {
@@ -33,6 +50,13 @@ impl EntityManager<Client> {
         None
     }
 
+    /// Get the list of default clients.
+    ///
+    /// i.e. the clients that are granted to new accounts by default
+    pub fn get_default_clients(&self) -> Vec<&Client> {
+        self.iter().filter(|u| u.default).collect()
+    }
+
     pub fn apply_environment_variables(&mut self) {
         for c in self.iter_mut() {
             c.id = ClientID(apply_env_vars(&c.id.0));

src/data/user.rs

@@ -2,7 +2,7 @@ use std::collections::HashMap;
 use std::net::IpAddr;
 
 use crate::constants::SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN;
-use crate::data::client::ClientID;
+use crate::data::client::{Client, ClientID};
 use crate::data::login_redirect::LoginRedirect;
 use crate::data::totp_key::TotpKey;
 use crate::data::webauthn_manager::WebauthnPubKey;
@@ -170,10 +170,14 @@ impl User {
         }
     }
 
-    pub fn can_access_app(&self, id: &ClientID) -> bool {
+    pub fn can_access_app(&self, client: &Client) -> bool {
+        if client.granted_to_all_users {
+            return true;
+        }
+
         match self.granted_clients() {
             GrantedClients::AllClients => true,
-            GrantedClients::SomeClients(c) => c.contains(id),
+            GrantedClients::SomeClients(c) => c.contains(&client.id),
             GrantedClients::NoClient => false,
         }
     }

src/data/webauthn_manager.rs

@@ -56,19 +56,28 @@ pub struct WebAuthManager {
 
 impl WebAuthManager {
     pub fn init(conf: &AppConfig) -> Self {
+        let rp_id = conf
+            .domain_name()
+            .split_once(':')
+            .map(|s| s.0)
+            .unwrap_or_else(|| conf.domain_name());
+
+        let rp_origin =
+            url::Url::parse(&conf.website_origin).expect("Failed to parse configuration origin!");
+
+        log::debug!(
+            "rp_id={} rp_origin={} rp_origin_domain={:?}",
+            rp_id,
+            rp_origin,
+            rp_origin.domain()
+        );
+
         Self {
-            core: WebauthnBuilder::new(
-                conf.domain_name()
-                    .split_once(':')
-                    .map(|s| s.0)
-                    .unwrap_or_else(|| conf.domain_name()),
-                &url::Url::parse(&conf.website_origin)
-                    .expect("Failed to parse configuration origin!"),
-            )
-            .expect("Invalid Webauthn configuration")
-            .rp_name(APP_NAME)
-            .build()
-            .expect("Failed to build webauthn"),
+            core: WebauthnBuilder::new(rp_id, &rp_origin)
+                .expect("Invalid Webauthn configuration")
+                .rp_name(APP_NAME)
+                .build()
+                .expect("Failed to build webauthn"),
             crypto_wrapper: CryptoWrapper::new_random(),
         }
     }