pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Add authentication from upstream providers #107

Merged
pierre merged 25 commits from feat-upstream-providers into master 2023-04-27 10:10:29 +00:00
Conversation 0 Commits 25 Files Changed 39 +33 -7
2 changed files with 33 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 38e7c96d20 - Show all commits

30
src/controllers/providers_controller.rs
View File

@ -23,8 +23,8 @@ struct ProviderLoginError<'a> {
} }
impl<'a> ProviderLoginError<'a> { impl<'a> ProviderLoginError<'a> {
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> String { pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> HttpResponse {
Self { let body = Self {
_p: BaseLoginPage { _p: BaseLoginPage {
danger: None, danger: None,
success: None, success: None,
@ -35,7 +35,11 @@ impl<'a> ProviderLoginError<'a> {
message, message,
} }
.render() .render()
.unwrap() .unwrap();
HttpResponse::Unauthorized()
.content_type("text/html")
.body(body)
} }
} }
@ -135,10 +139,11 @@ pub async fn finish_login(
.map(|e| e.error_description.unwrap_or(e.error)) .map(|e| e.error_description.unwrap_or(e.error))
.unwrap_or("Authentication failed (unspecified error)!".to_string()); .unwrap_or("Authentication failed (unspecified error)!".to_string());
return HttpResponse::Unauthorized().body(ProviderLoginError::get( logger.log(Action::ProviderError {
&error_message, message: error_message.as_str(),
&LoginRedirect::default(), });
));
return ProviderLoginError::get(&error_message, &LoginRedirect::default());
} }
}; };
@ -151,6 +156,17 @@ pub async fn finish_login(
.await .await
.unwrap(); .unwrap();
let state = match state {
Some(s) => s,
None => {
logger.log(Action::ProviderCBInvalidState {
state: query.state.as_str(),
});
log::warn!("User returned invalid state!");
return ProviderLoginError::get("Invalid state!", &LoginRedirect::default());
}
};
// TODO : rate limiting // TODO : rate limiting
// TODO : finish login, get user information // TODO : finish login, get user information
// TODO : check token signature // TODO : check token signature

10
src/data/action_logger.rs
View File

@ -32,6 +32,12 @@ pub enum Action<'a> {
provider_id: &'a ProviderID, provider_id: &'a ProviderID,
state: &'a str, state: &'a str,
}, },
ProviderError {
message: &'a str,
},
ProviderCBInvalidState {
state: &'a str,
},
Signout, Signout,
UserNeed2FAOnLogin(&'a User), UserNeed2FAOnLogin(&'a User),
UserSuccessfullyAuthenticated(&'a User), UserSuccessfullyAuthenticated(&'a User),
@ -98,6 +104,10 @@ impl<'a> Action<'a> {
Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!( Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
"started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0 "started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
), ),
Action::ProviderError { message } =>
format!("failed provider authentication with message '{message}'"),
Action::ProviderCBInvalidState { state } =>
format!("provided invalid callback state after provider authentication: '{state}'"),
Action::Signout => "signed out".to_string(), Action::Signout => "signed out".to_string(),
Action::UserNeed2FAOnLogin(user) => { Action::UserNeed2FAOnLogin(user) => {
format!( format!(