pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Userinfo endpoint is working

Browse Source
This commit is contained in:
Pierre HUBERT
2022-04-15 17:04:23 +02:00
parent b867016a71
commit 819210ae86
4 changed files with 88 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/controllers/openid_controller.rs
View File

@ -6,8 +6,9 @@ use actix_web::{HttpRequest, HttpResponse, Responder, web};
use actix_web::error::ErrorUnauthorized;
use askama::Template;
use crate::actors::openid_sessions_actor;
use crate::actors::{openid_sessions_actor, users_actor};
use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
use crate::actors::users_actor::UsersActor;
use crate::constants::{AUTHORIZE_URI, CERT_URI, OPEN_ID_ACCESS_TOKEN_LEN, OPEN_ID_ACCESS_TOKEN_TIMEOUT, OPEN_ID_AUTHORIZATION_CODE_LEN, OPEN_ID_AUTHORIZATION_CODE_TIMEOUT, OPEN_ID_REFRESH_TOKEN_LEN, OPEN_ID_REFRESH_TOKEN_TIMEOUT, OPEN_ID_SESSION_LEN, TOKEN_URI, USERINFO_URI};
use crate::controllers::base_controller::FatalErrorPage;
use crate::data::app_config::AppConfig;
@ -16,8 +17,10 @@ use crate::data::code_challenge::CodeChallenge;
use crate::data::current_user::CurrentUser;
use crate::data::id_token::IdToken;
use crate::data::jwt_signer::{JsonWebKey, JWTSigner};
use crate::data::open_id_user_info::OpenIDUserInfo;
use crate::data::openid_config::OpenIDConfig;
use crate::data::session_identity::SessionIdentity;
use crate::data::user::User;
use crate::utils::string_utils::rand_str;
use crate::utils::time::time;
@ -406,21 +409,29 @@ pub struct UserInfoQuery {
pub async fn user_info_post(req: HttpRequest,
form: Option<web::Form<UserInfoQuery>>,
query: web::Query<UserInfoQuery>) -> impl Responder {
query: web::Query<UserInfoQuery>,
sessions: web::Data<Addr<OpenIDSessionsActor>>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
user_info(req,
form
.map(|f| f.0.access_token)
.unwrap_or_default()
.or(query.0.access_token),
sessions,
users,
).await
}
pub async fn user_info_get(req: HttpRequest, query: web::Query<UserInfoQuery>) -> impl Responder {
user_info(req, query.0.access_token).await
pub async fn user_info_get(req: HttpRequest, query: web::Query<UserInfoQuery>,
sessions: web::Data<Addr<OpenIDSessionsActor>>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
user_info(req, query.0.access_token, sessions, users).await
}
/// Authenticate request using RFC6750 <https://datatracker.ietf.org/doc/html/rfc6750>///
async fn user_info(req: HttpRequest, token: Option<String>) -> impl Responder {
async fn user_info(req: HttpRequest, token: Option<String>,
sessions: web::Data<Addr<OpenIDSessionsActor>>,
users: web::Data<Addr<UsersActor>>) -> impl Responder {
let token = match token {
Some(t) => t,
None => {
@ -443,6 +454,35 @@ async fn user_info(req: HttpRequest, token: Option<String>) -> impl Responder {
}
};
// TODO : continue <https://openid.net/specs/openid-connect-core-1_0.html#RFC6749>
HttpResponse::Ok().body(format!("token is {}", token))
let session: Option<Session> = sessions
.send(openid_sessions_actor::FindSessionByAccessToken(token)).await.unwrap();
let session = match session {
None => {
return user_info_error("invalid_request", "Session not found!");
}
Some(s) => s,
};
if session.access_token_expire_at < time() {
return user_info_error("invalid_request", "Access token has expired!");
}
let user: Option<User> = users.send(users_actor::GetUserRequest(session.user)).await.unwrap().0;
let user = match user {
None => {
return user_info_error("invalid_request", "Failed to extract user information!");
}
Some(u) => u,
};
HttpResponse::Ok()
.json(OpenIDUserInfo {
name: user.full_name(),
sub: user.uid,
given_name: user.first_name,
family_name: user.last_name,
preferred_username: user.username,
email: user.email,
email_verified: true,
})
}