Can set authorized authentication providers for a given account

2023-04-24 19:13:36 +02:00
parent f64f01a958
commit abd86ff22d
5 changed files with 52 additions and 2 deletions
--- a/src/data/user.rs
+++ b/src/data/user.rs
@ -1,10 +1,11 @@
-use crate::actors::users_actor::AuthorizedAuthenticationSources;
 use std::collections::HashMap;
 use std::net::IpAddr;

+use crate::actors::users_actor::AuthorizedAuthenticationSources;
 use crate::constants::SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN;
 use crate::data::client::{Client, ClientID};
 use crate::data::login_redirect::LoginRedirect;
+use crate::data::provider::{Provider, ProviderID};
 use crate::data::totp_key::TotpKey;
 use crate::data::webauthn_manager::WebauthnPubKey;
 use crate::utils::time::{fmt_time, time};
@ -151,6 +152,10 @@ pub struct User {
    /// Authorize connection through local login
    #[serde(default = "default_true")]
    pub allow_local_login: bool,
+
+    /// Allowed third party providers
+    #[serde(default)]
+    pub allow_login_from_providers: Vec<ProviderID>,
 }

 impl User {
@ -175,9 +180,15 @@ impl User {
    pub fn authorized_authentication_sources(&self) -> AuthorizedAuthenticationSources {
        AuthorizedAuthenticationSources {
            local: self.allow_local_login,
+            upstream: self.allow_login_from_providers.clone(),
        }
    }

+    /// Check if a user can authenticate using a givne provider or not
+    pub fn can_login_from_provider(&self, provider: &Provider) -> bool {
+        self.allow_login_from_providers.contains(&provider.id)
+    }
+
    pub fn granted_clients(&self) -> GrantedClients {
        match self.authorized_clients.as_deref() {
            None => GrantedClients::AllClients,
@ -313,6 +324,7 @@ impl Default for User {
            last_successful_2fa: Default::default(),
            authorized_clients: Some(Vec::new()),
            allow_local_login: true,
+            allow_login_from_providers: vec![],
        }
    }
 }
--- a/src/data/users_file_entity.rs
+++ b/src/data/users_file_entity.rs
@ -150,6 +150,7 @@ impl UsersSyncBackend for EntityManager<User> {
    ) -> Res {
        self.update_user(id, |mut user| {
            user.allow_local_login = sources.local;
+            user.allow_login_from_providers = sources.upstream;
            user
        })
    }