From e73b5b8e5b946edf7ddd6c853f606b7f06474a44 Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Mon, 24 Apr 2023 15:14:10 +0200 Subject: [PATCH 01/25] Update dependencies --- Cargo.lock | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 28168a5..8804781 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -317,9 +317,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "0.7.20" +version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac" +checksum = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04" dependencies = [ "memchr", ] @@ -664,9 +664,9 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.12.0" +version = "3.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535" +checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8" [[package]] name = "bytemuck" @@ -737,9 +737,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.2.2" +version = "4.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b802d85aaf3a1cdb02b224ba472ebdea62014fccfcb269b95a4d76443b5ee5a" +checksum = "956ac1f6381d8d82ab4684768f89c0ea3afe66925ceadb4eeb3fc452ffc55d62" dependencies = [ "clap_builder", "clap_derive", @@ -748,9 +748,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.2.2" +version = "4.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14a1a858f532119338887a4b8e1af9c60de8249cd7bafd68036a489e261e37b6" +checksum = "84080e799e54cff944f4b4a4b0e71630b0e0443b25b985175c7dddc1a859b749" dependencies = [ "anstream", "anstyle", @@ -866,9 +866,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" [[package]] name = "cpufeatures" -version = "0.2.6" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "280a9f2d8b3a38871a3c8a46fb80db65e5e5ed97da80c4d08bf27fb63e35e181" +checksum = "3e4c1eaa2012c47becbbad2ab175484c2a84d1185b566fb2cc5b8707343dfe58" dependencies = [ "libc", ] @@ -1283,9 +1283,9 @@ dependencies = [ [[package]] name = "h2" -version = "0.3.17" +version = "0.3.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66b91535aa35fea1523ad1b86cb6b53c28e0ae566ba4a460f4457e936cad7c6f" +checksum = "17f8a914c2987b688368b5138aa05321db91f4090cf26118185672ad588bce21" dependencies = [ "bytes", "fnv", @@ -1641,9 +1641,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.141" +version = "0.2.142" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5" +checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317" [[package]] name = "libm" @@ -1662,9 +1662,9 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.3.1" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d59d8c75012853d2e872fb56bc8a2e53718e2cafe1a4c823143141c6d90c322f" +checksum = "36eb31c1778188ae1e64398743890d0877fef36d11521ac60406b42016e8c2cf" [[package]] name = "local-channel" @@ -1875,9 +1875,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "openssl" -version = "0.10.50" +version = "0.10.51" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e30d8bc91859781f0a943411186324d580f2bbeb71b452fe91ae344806af3f1" +checksum = "97ea2d98598bf9ada7ea6ee8a30fb74f9156b63bbe495d64ec2b87c269d2dda3" dependencies = [ "bitflags", "cfg-if", @@ -1901,9 +1901,9 @@ dependencies = [ [[package]] name = "openssl-sys" -version = "0.9.85" +version = "0.9.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d3d193fb1488ad46ffe3aaabc912cc931d02ee8518fe2959aea8ef52718b0c0" +checksum = "992bac49bdbab4423199c654a5515bd2a6c6a23bf03f2dd3bdb7e5ae6259bc69" dependencies = [ "cc", "libc", @@ -2135,9 +2135,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.7.3" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d" +checksum = "af83e617f331cc6ae2da5443c602dfa5af81e517212d9d611a5b3ba1777b5370" dependencies = [ "aho-corasick", "memchr", @@ -2146,9 +2146,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.6.29" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" +checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c" [[package]] name = "rfc6979" @@ -2217,9 +2217,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.37.11" +version = "0.37.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85597d61f83914ddeba6a47b3b8ffe7365107221c2e557ed94426489fefb5f77" +checksum = "d9b864d3c18a5785a05953adeed93e2dca37ed30f18e69bba9f30079d51f363f" dependencies = [ "bitflags", "errno", -- 2.45.2 From d9f659ce9875b26130dbee875a54c3b55cb26daf Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Mon, 24 Apr 2023 15:43:49 +0200 Subject: [PATCH 02/25] Add basic providers configuration --- src/constants.rs | 3 ++ src/controllers/admin_controller.rs | 22 ++++++++ src/data/app_config.rs | 6 ++- src/data/mod.rs | 1 + src/data/provider.rs | 60 ++++++++++++++++++++++ src/main.rs | 11 ++++ templates/settings/base_settings_page.html | 8 ++- templates/settings/providers_list.html | 27 ++++++++++ 8 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 src/data/provider.rs create mode 100644 templates/settings/providers_list.html diff --git a/src/constants.rs b/src/constants.rs index a8fc7ef..37b372b 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -6,6 +6,9 @@ pub const USERS_LIST_FILE: &str = "users.json"; /// File in storage containing clients list pub const CLIENTS_LIST_FILE: &str = "clients.yaml"; +/// File in storage containing providers list +pub const PROVIDERS_LIST_FILE: &str = "providers.yaml"; + /// Default built-in credentials pub const DEFAULT_ADMIN_USERNAME: &str = "admin"; pub const DEFAULT_ADMIN_PASSWORD: &str = "admin"; diff --git a/src/controllers/admin_controller.rs b/src/controllers/admin_controller.rs index c6955c2..445abe0 100644 --- a/src/controllers/admin_controller.rs +++ b/src/controllers/admin_controller.rs @@ -12,6 +12,7 @@ use crate::controllers::settings_controller::BaseSettingsPage; use crate::data::action_logger::{Action, ActionLogger}; use crate::data::client::{Client, ClientID, ClientManager}; use crate::data::current_user::CurrentUser; +use crate::data::provider::{Provider, ProvidersManager}; use crate::data::user::{GeneralSettings, GrantedClients, User, UserID}; use crate::utils::string_utils::rand_str; @@ -22,6 +23,13 @@ struct ClientsListTemplate { clients: Vec, } +#[derive(Template)] +#[template(path = "settings/providers_list.html")] +struct ProvidersListTemplate { + _p: BaseSettingsPage, + providers: Vec, +} + #[derive(Template)] #[template(path = "settings/users_list.html")] struct UsersListTemplate { @@ -51,6 +59,20 @@ pub async fn clients_route( ) } +pub async fn providers_route( + user: CurrentUser, + providers: web::Data>, +) -> impl Responder { + HttpResponse::Ok().body( + ProvidersListTemplate { + _p: BaseSettingsPage::get("OpenID Providers list", &user, None, None), + providers: providers.cloned(), + } + .render() + .unwrap(), + ) +} + #[derive(serde::Deserialize, Debug)] pub struct UpdateUserQuery { uid: UserID, diff --git a/src/data/app_config.rs b/src/data/app_config.rs index f5298b5..791a46a 100644 --- a/src/data/app_config.rs +++ b/src/data/app_config.rs @@ -2,7 +2,7 @@ use std::path::{Path, PathBuf}; use clap::Parser; -use crate::constants::{APP_NAME, CLIENTS_LIST_FILE, USERS_LIST_FILE}; +use crate::constants::{APP_NAME, CLIENTS_LIST_FILE, PROVIDERS_LIST_FILE, USERS_LIST_FILE}; /// Basic OIDC provider #[derive(Parser, Debug, Clone)] @@ -72,6 +72,10 @@ impl AppConfig { self.storage_path().join(CLIENTS_LIST_FILE) } + pub fn providers_file(&self) -> PathBuf { + self.storage_path().join(PROVIDERS_LIST_FILE) + } + pub fn full_url(&self, uri: &str) -> String { if uri.starts_with('/') { format!("{}{}", self.website_origin, uri) diff --git a/src/data/mod.rs b/src/data/mod.rs index 7e431b6..d0df343 100644 --- a/src/data/mod.rs +++ b/src/data/mod.rs @@ -11,6 +11,7 @@ pub mod jwt_signer; pub mod login_redirect; pub mod open_id_user_info; pub mod openid_config; +pub mod provider; pub mod remote_ip; pub mod session_identity; pub mod totp_key; diff --git a/src/data/provider.rs b/src/data/provider.rs new file mode 100644 index 0000000..ab51109 --- /dev/null +++ b/src/data/provider.rs @@ -0,0 +1,60 @@ +use crate::data::entity_manager::EntityManager; +use crate::utils::string_utils::apply_env_vars; + +#[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)] +pub struct ProviderID(pub String); + +#[derive(Clone, Debug, serde::Serialize, serde::Deserialize)] +pub struct Provider { + /// The ID of the provider + pub id: ProviderID, + + /// The human-readable name of the client + pub name: String, + + /// A logo presented to the users of the provider + pub logo: String, + + /// The registration id of BasicOIDC on the provider + pub client_id: String, + + /// The registration secret of BasicOIDC on the provider + pub client_secret: String, + + /// Specify the URL of the OpenID configuration URL + /// + /// (.well-known/openid-configuration endpoint) + pub configuration_url: String, +} + +impl PartialEq for Provider { + fn eq(&self, other: &Self) -> bool { + self.id.eq(&other.id) + } +} + +impl Eq for Provider {} + +pub type ProvidersManager = EntityManager; + +impl EntityManager { + pub fn find_by_id(&self, u: &ProviderID) -> Option { + for entry in self.iter() { + if entry.id.eq(u) { + return Some(entry.clone()); + } + } + None + } + + pub fn apply_environment_variables(&mut self) { + for c in self.iter_mut() { + c.id = ProviderID(apply_env_vars(&c.id.0)); + c.name = apply_env_vars(&c.name); + c.logo = apply_env_vars(&c.logo); + c.client_id = apply_env_vars(&c.client_id); + c.client_secret = apply_env_vars(&c.client_secret); + c.configuration_url = apply_env_vars(&c.configuration_url); + } + } +} diff --git a/src/main.rs b/src/main.rs index 975590c..11bb727 100644 --- a/src/main.rs +++ b/src/main.rs @@ -20,6 +20,7 @@ use basic_oidc::data::app_config::AppConfig; use basic_oidc::data::client::ClientManager; use basic_oidc::data::entity_manager::EntityManager; use basic_oidc::data::jwt_signer::JWTSigner; +use basic_oidc::data::provider::ProvidersManager; use basic_oidc::data::user::User; use basic_oidc::data::webauthn_manager::WebAuthManager; use basic_oidc::middlewares::auth_middleware::AuthMiddleware; @@ -77,6 +78,11 @@ async fn main() -> std::io::Result<()> { clients.apply_environment_variables(); let clients = Arc::new(clients); + let mut providers = ProvidersManager::open_or_create(config.providers_file()) + .expect("Failed to load providers list!"); + providers.apply_environment_variables(); + let providers = Arc::new(providers); + log::info!("Server will listen on {}", config.listen_address); let listen_address = config.listen_address.to_string(); @@ -101,6 +107,7 @@ async fn main() -> std::io::Result<()> { .app_data(web::Data::new(bruteforce_actor.clone())) .app_data(web::Data::new(openid_sessions_actor.clone())) .app_data(web::Data::new(clients.clone())) + .app_data(web::Data::new(providers.clone())) .app_data(web::Data::new(jwt_signer.clone())) .app_data(web::Data::new(webauthn_manager.clone())) .wrap( @@ -207,6 +214,10 @@ async fn main() -> std::io::Result<()> { "/admin/clients", web::get().to(admin_controller::clients_route), ) + .route( + "/admin/providers", + web::get().to(admin_controller::providers_route), + ) .route("/admin/users", web::get().to(admin_controller::users_route)) .route( "/admin/users", diff --git a/templates/settings/base_settings_page.html b/templates/settings/base_settings_page.html index 88328b7..a99ec21 100644 --- a/templates/settings/base_settings_page.html +++ b/templates/settings/base_settings_page.html @@ -15,7 +15,7 @@ {{ _p.app_name }} {% if _p.is_admin %} - Version {{ _p.version }} + Version {{ _p.version }} {% endif %}