Use JWT token for access token

2022-04-15 20:08:31 +02:00
parent 69bb2816b9
commit 94c601119a
4 changed files with 77 additions and 37 deletions
--- a/src/actors/openid_sessions_actor.rs
+++ b/src/actors/openid_sessions_actor.rs
@ -2,9 +2,14 @@ use actix::{Actor, AsyncContext, Context, Handler};
 use actix::Message;

 use crate::constants::*;
+use crate::data::access_token::AccessToken;
+use crate::data::app_config::AppConfig;
 use crate::data::client::ClientID;
 use crate::data::code_challenge::CodeChallenge;
+use crate::data::jwt_signer::JWTSigner;
 use crate::data::user::UserID;
+use crate::utils::err::Res;
+use crate::utils::string_utils::rand_str;
 use crate::utils::time::time;

 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
@ -20,9 +25,8 @@ pub struct Session {

    pub authorization_code: String,
    pub authorization_code_expire_at: u64,
-    pub authorization_code_used: bool,

-    pub access_token: String,
+    pub access_token: Option<String>,
    pub access_token_expire_at: u64,
    pub refresh_token: String,
    pub refresh_token_expire_at: u64,
@ -36,6 +40,26 @@ impl Session {
        self.authorization_code_expire_at < time() && self.access_token_expire_at < time()
            && self.refresh_token_expire_at < time()
    }
+
+    pub fn regenerate_access_and_refresh_tokens(&mut self,
+                                                app_config: &AppConfig,
+                                                jwt_signer: &JWTSigner) -> Res {
+        let access_token = AccessToken {
+            issuer: app_config.website_origin.to_string(),
+            subject_identifier: self.user.clone(),
+            issued_at: time(),
+            exp_time: time() + OPEN_ID_ACCESS_TOKEN_TIMEOUT,
+            rand_val: rand_str(OPEN_ID_ACCESS_TOKEN_LEN),
+            nonce: self.nonce.clone(),
+        };
+        self.access_token_expire_at = access_token.exp_time;
+        self.access_token = Some(jwt_signer.sign_token(access_token.to_jwt_claims())?);
+
+        self.refresh_token = rand_str(OPEN_ID_REFRESH_TOKEN_LEN);
+        self.refresh_token_expire_at = OPEN_ID_REFRESH_TOKEN_TIMEOUT + time();
+
+        Ok(())
+    }
 }

 #[derive(Message)]
@ -54,10 +78,6 @@ pub struct FindSessionByRefreshToken(pub String);
 #[rtype(result = "Option<Session>")]
 pub struct FindSessionByAccessToken(pub String);

-#[derive(Message)]
-#[rtype(result = "()")]
-pub struct MarkAuthorizationCodeUsed(pub String);
-
 #[derive(Message)]
 #[rtype(result = "()")]
 pub struct UpdateSession(pub Session);
@ -121,23 +141,11 @@ impl Handler<FindSessionByAccessToken> for OpenIDSessionsActor {
    fn handle(&mut self, msg: FindSessionByAccessToken, _ctx: &mut Self::Context) -> Self::Result {
        self.session
            .iter()
-            .find(|f| f.access_token.eq(&msg.0))
+            .find(|f| f.access_token.as_ref().map(|t| t.eq(&msg.0)).unwrap_or(false))
            .cloned()
    }
 }

-impl Handler<MarkAuthorizationCodeUsed> for OpenIDSessionsActor {
-    type Result = ();
-
-    fn handle(&mut self, msg: MarkAuthorizationCodeUsed, _ctx: &mut Self::Context) -> Self::Result {
-        if let Some(r) = self.session
-            .iter_mut()
-            .find(|f| f.authorization_code.eq(&msg.0)) {
-            r.authorization_code_used = true;
-        }
-    }
-}
-
 impl Handler<UpdateSession> for OpenIDSessionsActor {
    type Result = ();