Can initiate code authentication without client secret
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -16,7 +16,7 @@ use crate::constants::*;
|
||||
use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
|
||||
use crate::data::action_logger::{Action, ActionLogger};
|
||||
use crate::data::app_config::AppConfig;
|
||||
use crate::data::client::{AdditionalClaims, AuthenticationFlow, ClientID, ClientManager};
|
||||
use crate::data::client::{AdditionalClaims, ClientID, ClientManager};
|
||||
use crate::data::code_challenge::CodeChallenge;
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::id_token::IdToken;
|
||||
@@ -220,8 +220,8 @@ pub async fn authorize(
|
||||
));
|
||||
}
|
||||
|
||||
match (client.auth_flow(), query.response_type.as_str()) {
|
||||
(AuthenticationFlow::AuthorizationCode, "code") => {
|
||||
match (client.has_secret(), query.response_type.as_str()) {
|
||||
(_, "code") => {
|
||||
// Save all authentication information in memory
|
||||
let session = Session {
|
||||
session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
|
||||
@@ -263,7 +263,8 @@ pub async fn authorize(
|
||||
.finish())
|
||||
}
|
||||
|
||||
(AuthenticationFlow::Implicit, "id_token") => {
|
||||
// id_token is available only if user has no secret configured
|
||||
(false, "id_token") => {
|
||||
let id_token = IdToken {
|
||||
issuer: AppConfig::get().website_origin.to_string(),
|
||||
subject_identifier: user.uid.0.clone(),
|
||||
@@ -295,11 +296,11 @@ pub async fn authorize(
|
||||
.finish())
|
||||
}
|
||||
|
||||
(flow, code) => {
|
||||
(secret, code) => {
|
||||
log::warn!(
|
||||
"For client {:?}, configured with flow {:?}, made request with code {}",
|
||||
"For client {:?}, configured with secret {:?}, made request with code {}",
|
||||
client.id,
|
||||
flow,
|
||||
secret,
|
||||
code
|
||||
);
|
||||
Ok(error_redirect(
|
||||
|
||||
@@ -7,12 +7,6 @@ use std::collections::HashMap;
|
||||
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
|
||||
pub struct ClientID(pub String);
|
||||
|
||||
#[derive(Debug, Copy, Clone, Eq, PartialEq)]
|
||||
pub enum AuthenticationFlow {
|
||||
AuthorizationCode,
|
||||
Implicit,
|
||||
}
|
||||
|
||||
pub type AdditionalClaims = HashMap<String, Value>;
|
||||
|
||||
#[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
|
||||
@@ -61,12 +55,9 @@ impl PartialEq for Client {
|
||||
impl Eq for Client {}
|
||||
|
||||
impl Client {
|
||||
/// Get the client authentication flow
|
||||
pub fn auth_flow(&self) -> AuthenticationFlow {
|
||||
match self.secret {
|
||||
None => AuthenticationFlow::Implicit,
|
||||
Some(_) => AuthenticationFlow::AuthorizationCode,
|
||||
}
|
||||
/// Check if the client has a secret defined
|
||||
pub fn has_secret(&self) -> bool {
|
||||
self.secret.is_some()
|
||||
}
|
||||
|
||||
/// Process a single claim value
|
||||
|
||||
Reference in New Issue
Block a user