Add authentication from upstream providers #107
@ -23,8 +23,8 @@ struct ProviderLoginError<'a> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl<'a> ProviderLoginError<'a> {
|
impl<'a> ProviderLoginError<'a> {
|
||||||
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> String {
|
pub fn get(message: &'a str, redirect_uri: &'a LoginRedirect) -> HttpResponse {
|
||||||
Self {
|
let body = Self {
|
||||||
_p: BaseLoginPage {
|
_p: BaseLoginPage {
|
||||||
danger: None,
|
danger: None,
|
||||||
success: None,
|
success: None,
|
||||||
@ -35,7 +35,11 @@ impl<'a> ProviderLoginError<'a> {
|
|||||||
message,
|
message,
|
||||||
}
|
}
|
||||||
.render()
|
.render()
|
||||||
.unwrap()
|
.unwrap();
|
||||||
|
|
||||||
|
HttpResponse::Unauthorized()
|
||||||
|
.content_type("text/html")
|
||||||
|
.body(body)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -135,10 +139,11 @@ pub async fn finish_login(
|
|||||||
.map(|e| e.error_description.unwrap_or(e.error))
|
.map(|e| e.error_description.unwrap_or(e.error))
|
||||||
.unwrap_or("Authentication failed (unspecified error)!".to_string());
|
.unwrap_or("Authentication failed (unspecified error)!".to_string());
|
||||||
|
|
||||||
return HttpResponse::Unauthorized().body(ProviderLoginError::get(
|
logger.log(Action::ProviderError {
|
||||||
&error_message,
|
message: error_message.as_str(),
|
||||||
&LoginRedirect::default(),
|
});
|
||||||
));
|
|
||||||
|
return ProviderLoginError::get(&error_message, &LoginRedirect::default());
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -151,6 +156,17 @@ pub async fn finish_login(
|
|||||||
.await
|
.await
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
|
let state = match state {
|
||||||
|
Some(s) => s,
|
||||||
|
None => {
|
||||||
|
logger.log(Action::ProviderCBInvalidState {
|
||||||
|
state: query.state.as_str(),
|
||||||
|
});
|
||||||
|
log::warn!("User returned invalid state!");
|
||||||
|
return ProviderLoginError::get("Invalid state!", &LoginRedirect::default());
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
// TODO : rate limiting
|
// TODO : rate limiting
|
||||||
// TODO : finish login, get user information
|
// TODO : finish login, get user information
|
||||||
// TODO : check token signature
|
// TODO : check token signature
|
||||||
|
@ -32,6 +32,12 @@ pub enum Action<'a> {
|
|||||||
provider_id: &'a ProviderID,
|
provider_id: &'a ProviderID,
|
||||||
state: &'a str,
|
state: &'a str,
|
||||||
},
|
},
|
||||||
|
ProviderError {
|
||||||
|
message: &'a str,
|
||||||
|
},
|
||||||
|
ProviderCBInvalidState {
|
||||||
|
state: &'a str,
|
||||||
|
},
|
||||||
Signout,
|
Signout,
|
||||||
UserNeed2FAOnLogin(&'a User),
|
UserNeed2FAOnLogin(&'a User),
|
||||||
UserSuccessfullyAuthenticated(&'a User),
|
UserSuccessfullyAuthenticated(&'a User),
|
||||||
@ -98,6 +104,10 @@ impl<'a> Action<'a> {
|
|||||||
Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
|
Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
|
||||||
"started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
|
"started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
|
||||||
),
|
),
|
||||||
|
Action::ProviderError { message } =>
|
||||||
|
format!("failed provider authentication with message '{message}'"),
|
||||||
|
Action::ProviderCBInvalidState { state } =>
|
||||||
|
format!("provided invalid callback state after provider authentication: '{state}'"),
|
||||||
Action::Signout => "signed out".to_string(),
|
Action::Signout => "signed out".to_string(),
|
||||||
Action::UserNeed2FAOnLogin(user) => {
|
Action::UserNeed2FAOnLogin(user) => {
|
||||||
format!(
|
format!(
|
||||||
|
Loading…
Reference in New Issue
Block a user