From 937343c5f9c1ba6b2ef74b9e3db7845f4844b115 Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Fri, 15 Apr 2022 20:34:07 +0200
Subject: [PATCH] Add email to id_token

---
 src/controllers/openid_controller.rs | 9 ++++++++-
 src/data/id_token.rs                 | 5 ++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/controllers/openid_controller.rs b/src/controllers/openid_controller.rs
index fae6d2b..a957844 100644
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@@ -216,8 +216,8 @@ pub async fn token(req: HttpRequest,
                    clients: web::Data<ClientManager>,
                    app_config: web::Data<AppConfig>,
                    sessions: web::Data<Addr<OpenIDSessionsActor>>,
+                   users: web::Data<Addr<UsersActor>>,
                    jwt_signer: web::Data<JWTSigner>) -> actix_web::Result<HttpResponse> {
-    // TODO : check auth challenge : https://oa.dnc.global/-fr-.html?page=unarticle&id_article=148&lang=fr
 
     // Extraction authentication information
     let authorization_header = req.headers().get("authorization");
@@ -318,6 +318,12 @@ pub async fn token(req: HttpRequest,
             sessions.send(openid_sessions_actor::UpdateSession(session.clone()))
                 .await.unwrap();
 
+            let user: Option<User> = users.send(users_actor::GetUserRequest(session.user.clone()))
+                .await.unwrap().0;
+            let user = match user {
+                None => return Ok(error_response(&query, "invalid_request", "User not found!")),
+                Some(u) => u,
+            };
 
             // Generate id token
             let id_token = IdToken {
@@ -328,6 +334,7 @@ pub async fn token(req: HttpRequest,
                 issued_at: time(),
                 auth_time: session.auth_time,
                 nonce: session.nonce,
+                email: user.email,
             };
 
             TokenResponse {
diff --git a/src/data/id_token.rs b/src/data/id_token.rs
index e6f1697..67ac62b 100644
--- a/src/data/id_token.rs
+++ b/src/data/id_token.rs
@@ -23,11 +23,13 @@ pub struct IdToken {
     /// String value used to associate a Client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. If present in the ID Token, Clients MUST verify that the nonce Claim Value is equal to the value of the nonce parameter sent in the Authentication Request. If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub nonce: Option<String>,
+    pub email: String,
 }
 
 #[derive(serde::Serialize, serde::Deserialize)]
 pub struct CustomIdTokenClaims {
     auth_time: u64,
+    email: String,
 }
 
 impl IdToken {
@@ -42,7 +44,8 @@ impl IdToken {
             jwt_id: None,
             nonce: self.nonce,
             custom: CustomIdTokenClaims {
-                auth_time: self.auth_time
+                auth_time: self.auth_time,
+                email: self.email,
             },
         }
     }