Save open id session
This commit is contained in:
@ -1,12 +1,17 @@
|
||||
use actix::Addr;
|
||||
use actix_web::{HttpResponse, Responder, web};
|
||||
use askama::Template;
|
||||
|
||||
use crate::constants::AUTHORIZE_URI;
|
||||
use crate::actors::openid_sessions_actor;
|
||||
use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
|
||||
use crate::constants::{AUTHORIZE_URI, OPEN_ID_AUTHORIZATION_CODE_LEN, OPEN_ID_AUTHORIZATION_CODE_TIMEOUT, OPEN_ID_SESSION_LEN, OPEN_ID_TOKEN_LEN, OPEN_ID_TOKEN_TIMEOUT};
|
||||
use crate::controllers::base_controller::FatalErrorPage;
|
||||
use crate::data::app_config::AppConfig;
|
||||
use crate::data::client::{ClientID, ClientManager};
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::openid_config::OpenIDConfig;
|
||||
use crate::utils::string_utils::rand_str;
|
||||
use crate::utils::time::time;
|
||||
|
||||
pub async fn get_configuration(app_conf: web::Data<AppConfig>) -> impl Responder {
|
||||
HttpResponse::Ok().json(OpenIDConfig {
|
||||
@ -23,7 +28,7 @@ pub async fn get_configuration(app_conf: web::Data<AppConfig>) -> impl Responder
|
||||
})
|
||||
}
|
||||
|
||||
#[derive(serde::Deserialize)]
|
||||
#[derive(serde::Deserialize, Debug)]
|
||||
pub struct AuthorizeQuery {
|
||||
/// REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored. See Sections 5.4 and 11 for additional scope values defined by this specification.
|
||||
scope: String,
|
||||
@ -49,6 +54,7 @@ pub struct AuthorizeQuery {
|
||||
}
|
||||
|
||||
fn error_redirect(query: &AuthorizeQuery, error: &str, description: &str) -> HttpResponse {
|
||||
log::warn!("Failed to process sign in request ({} => {}): {:?}", error, description, query);
|
||||
HttpResponse::Found()
|
||||
.append_header(
|
||||
("Location", format!(
|
||||
@ -63,7 +69,8 @@ fn error_redirect(query: &AuthorizeQuery, error: &str, description: &str) -> Htt
|
||||
}
|
||||
|
||||
pub async fn authorize(user: CurrentUser, query: web::Query<AuthorizeQuery>,
|
||||
clients: web::Data<ClientManager>) -> impl Responder {
|
||||
clients: web::Data<ClientManager>,
|
||||
sessions: web::Data<Addr<OpenIDSessionsActor>>) -> impl Responder {
|
||||
let client = match clients.find_by_id(&query.client_id) {
|
||||
None => {
|
||||
return HttpResponse::BadRequest().body(FatalErrorPage {
|
||||
@ -104,5 +111,30 @@ pub async fn authorize(user: CurrentUser, query: web::Query<AuthorizeQuery>,
|
||||
(_, _) => None
|
||||
};
|
||||
|
||||
HttpResponse::Ok().json("You did it")
|
||||
// TODO : Check if user is authorized to access the application
|
||||
|
||||
// Save all authentication information in memory
|
||||
let session = Session {
|
||||
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
|
||||
client: client.id,
|
||||
user: user.uid.clone(),
|
||||
redirect_uri,
|
||||
authorization_code: rand_str(OPEN_ID_AUTHORIZATION_CODE_LEN),
|
||||
code_expire_on: time() + OPEN_ID_AUTHORIZATION_CODE_TIMEOUT,
|
||||
token: rand_str(OPEN_ID_TOKEN_LEN),
|
||||
token_expire_at: time() + OPEN_ID_TOKEN_TIMEOUT,
|
||||
nonce: query.0.nonce,
|
||||
code_challenge,
|
||||
};
|
||||
sessions.send(openid_sessions_actor::PushNewSession(session.clone())).await.unwrap();
|
||||
|
||||
log::trace!("New OpenID session: {:#?}", session);
|
||||
|
||||
HttpResponse::Found()
|
||||
.append_header(("Location", format!(
|
||||
"{}?state={}&session_sate=&code={}",
|
||||
session.redirect_uri,
|
||||
urlencoding::encode(&query.0.state),
|
||||
urlencoding::encode(&session.authorization_code)
|
||||
))).finish()
|
||||
}
|
||||
Reference in New Issue
Block a user