Add authentication from upstream providers #107
@ -23,8 +23,8 @@ struct ProviderLoginError<'a> {
|
||||
}
|
||||
|
||||
impl<'a> ProviderLoginError<'a> {
|
||||
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> String {
|
||||
Self {
|
||||
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> HttpResponse {
|
||||
let body = Self {
|
||||
_p: BaseLoginPage {
|
||||
danger: None,
|
||||
success: None,
|
||||
@ -35,7 +35,11 @@ impl<'a> ProviderLoginError<'a> {
|
||||
message,
|
||||
}
|
||||
.render()
|
||||
.unwrap()
|
||||
.unwrap();
|
||||
|
||||
HttpResponse::Unauthorized()
|
||||
.content_type("text/html")
|
||||
.body(body)
|
||||
}
|
||||
}
|
||||
|
||||
@ -135,10 +139,11 @@ pub async fn finish_login(
|
||||
.map(|e| e.error_description.unwrap_or(e.error))
|
||||
.unwrap_or("Authentication failed (unspecified error)!".to_string());
|
||||
|
||||
return HttpResponse::Unauthorized().body(ProviderLoginError::get(
|
||||
&error_message,
|
||||
&LoginRedirect::default(),
|
||||
));
|
||||
logger.log(Action::ProviderError {
|
||||
message: error_message.as_str(),
|
||||
});
|
||||
|
||||
return ProviderLoginError::get(&error_message, &LoginRedirect::default());
|
||||
}
|
||||
};
|
||||
|
||||
@ -151,6 +156,17 @@ pub async fn finish_login(
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let state = match state {
|
||||
Some(s) => s,
|
||||
None => {
|
||||
logger.log(Action::ProviderCBInvalidState {
|
||||
state: query.state.as_str(),
|
||||
});
|
||||
log::warn!("User returned invalid state!");
|
||||
return ProviderLoginError::get("Invalid state!", &LoginRedirect::default());
|
||||
}
|
||||
};
|
||||
|
||||
// TODO : rate limiting
|
||||
// TODO : finish login, get user information
|
||||
// TODO : check token signature
|
||||
|
@ -32,6 +32,12 @@ pub enum Action<'a> {
|
||||
provider_id: &'a ProviderID,
|
||||
state: &'a str,
|
||||
},
|
||||
ProviderError {
|
||||
message: &'a str,
|
||||
},
|
||||
ProviderCBInvalidState {
|
||||
state: &'a str,
|
||||
},
|
||||
Signout,
|
||||
UserNeed2FAOnLogin(&'a User),
|
||||
UserSuccessfullyAuthenticated(&'a User),
|
||||
@ -98,6 +104,10 @@ impl<'a> Action<'a> {
|
||||
Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
|
||||
"started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
|
||||
),
|
||||
Action::ProviderError { message } =>
|
||||
format!("failed provider authentication with message '{message}'"),
|
||||
Action::ProviderCBInvalidState { state } =>
|
||||
format!("provided invalid callback state after provider authentication: '{state}'"),
|
||||
Action::Signout => "signed out".to_string(),
|
||||
Action::UserNeed2FAOnLogin(user) => {
|
||||
format!(
|
||||
|
Loading…
Reference in New Issue
Block a user