pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: pierre:9a4c725b4e6db48e17e8b65dc0a71a83a40ac019
Branches Tags
pierre:master
..
compare: pierre:9f5fdd65abe145e10b196ee5b6994c2d4be76988
Branches Tags
pierre:master

2 Commits
9a4c725b4e ... 9f5fdd65ab

Author SHA1 Message Date
Pierre Hubert
9f5fdd65ab Do not consider as valid sessions that are not completely signed in 2022-04-03 14:46:58 +02:00
Pierre Hubert
123dc519af Disabled accounts can not login 2022-04-03 14:42:16 +02:00
3 changed files with 18 additions and 8 deletions
Show Stats Expand all files Collapse all files

5
src/actors/users_actor.rs
View File

@ -7,6 +7,7 @@ use crate::data::user::{User, UserID, verify_password};
pub enum LoginResult { pub enum LoginResult {
AccountNotFound, AccountNotFound,
InvalidPassword, InvalidPassword,
AccountDisabled,
Success(User), Success(User),
} }
@ -54,6 +55,10 @@ impl Handler<LoginRequest> for UsersActor {
return MessageResult(LoginResult::InvalidPassword); return MessageResult(LoginResult::InvalidPassword);
} }
if !user.enabled {
return MessageResult(LoginResult::AccountDisabled);
}
MessageResult(LoginResult::Success(user)) MessageResult(LoginResult::Success(user))
} }
} }

5
src/controllers/login_controller.rs
View File

@ -114,6 +114,11 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
} }
} }
LoginResult::AccountDisabled => {
log::warn!("Failed login for username {} : account is disabled", login);
danger = "Your account is disabled!".to_string();
}
c => { c => {
// TODO : add bruteforce detection // TODO : add bruteforce detection
log::warn!("Failed login for username {} : {:?}", login, c); log::warn!("Failed login for username {} : {:?}", login, c);

16
src/middlewares/auth_middleware.rs
View File

@ -11,7 +11,7 @@ use askama::Template;
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES}; use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES};
use crate::controllers::base_controller::redirect_user_for_login; use crate::controllers::base_controller::redirect_user_for_login;
use crate::data::session_identity::{SessionIdentity, SessionIdentityData}; use crate::data::session_identity::{SessionIdentity, SessionIdentityData, SessionStatus};
// There are two steps in middleware processing. // There are two steps in middleware processing.
// 1. Middleware initialization, middleware factory gets called with // 1. Middleware initialization, middleware factory gets called with
@ -40,19 +40,19 @@ impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
} }
#[derive(Debug)] #[derive(Debug)]
enum SessionStatus { enum ConnStatus {
SignedOut, SignedOut,
RegularUser, RegularUser,
Admin, Admin,
} }
impl SessionStatus { impl ConnStatus {
pub fn is_auth(&self) -> bool { pub fn is_auth(&self) -> bool {
!matches!(self, SessionStatus::SignedOut) !matches!(self, ConnStatus::SignedOut)
} }
pub fn is_admin(&self) -> bool { pub fn is_admin(&self) -> bool {
matches!(self, SessionStatus::Admin) matches!(self, ConnStatus::Admin)
} }
} }
@ -92,9 +92,9 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
} }
let identity = match SessionIdentity::deserialize_session_data(req.get_identity()) { let identity = match SessionIdentity::deserialize_session_data(req.get_identity()) {
None => SessionStatus::SignedOut, Some(SessionIdentityData { status: SessionStatus::SignedIn, is_admin: true, .. }) => ConnStatus::Admin,
Some(SessionIdentityData { is_admin: true, .. }) => SessionStatus::Admin, Some(SessionIdentityData { status: SessionStatus::SignedIn, .. }) => ConnStatus::RegularUser,
_ => SessionStatus::RegularUser, _ => ConnStatus::SignedOut,
}; };
// Redirect user to login page // Redirect user to login page