From 9f5fdd65abe145e10b196ee5b6994c2d4be76988 Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Sun, 3 Apr 2022 14:46:58 +0200 Subject: [PATCH] Do not consider as valid sessions that are not completely signed in --- src/middlewares/auth_middleware.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/middlewares/auth_middleware.rs b/src/middlewares/auth_middleware.rs index 36657a3..2bc1571 100644 --- a/src/middlewares/auth_middleware.rs +++ b/src/middlewares/auth_middleware.rs @@ -11,7 +11,7 @@ use askama::Template; use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES}; use crate::controllers::base_controller::redirect_user_for_login; -use crate::data::session_identity::{SessionIdentity, SessionIdentityData}; +use crate::data::session_identity::{SessionIdentity, SessionIdentityData, SessionStatus}; // There are two steps in middleware processing. // 1. Middleware initialization, middleware factory gets called with @@ -40,19 +40,19 @@ impl Transform for AuthMiddleware } #[derive(Debug)] -enum SessionStatus { +enum ConnStatus { SignedOut, RegularUser, Admin, } -impl SessionStatus { +impl ConnStatus { pub fn is_auth(&self) -> bool { - !matches!(self, SessionStatus::SignedOut) + !matches!(self, ConnStatus::SignedOut) } pub fn is_admin(&self) -> bool { - matches!(self, SessionStatus::Admin) + matches!(self, ConnStatus::Admin) } } @@ -92,9 +92,9 @@ impl Service for AuthInnerMiddleware } let identity = match SessionIdentity::deserialize_session_data(req.get_identity()) { - None => SessionStatus::SignedOut, - Some(SessionIdentityData { is_admin: true, .. }) => SessionStatus::Admin, - _ => SessionStatus::RegularUser, + Some(SessionIdentityData { status: SessionStatus::SignedIn, is_admin: true, .. }) => ConnStatus::Admin, + Some(SessionIdentityData { status: SessionStatus::SignedIn, .. }) => ConnStatus::RegularUser, + _ => ConnStatus::SignedOut, }; // Redirect user to login page