pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Add authentication from upstream providers #107

Merged
pierre merged 25 commits from feat-upstream-providers into master 2023-04-27 10:10:29 +00:00
Conversation 0 Commits 25 Files Changed 39 +22 -3
3 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3bc53b8f91 - Show all commits

3
src/constants.rs
View File

@ -80,3 +80,6 @@ pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15;
/// OpenID providers configuration constants /// OpenID providers configuration constants
pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600; pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;
/// OpenID provider callback URI
pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";

6
src/controllers/providers_controller.rs
View File

@ -5,7 +5,7 @@ use actix_web::{web, HttpResponse, Responder};
use crate::actors::providers_states_actor; use crate::actors::providers_states_actor;
use crate::actors::providers_states_actor::{ProviderLoginState, ProvidersStatesActor}; use crate::actors::providers_states_actor::{ProviderLoginState, ProvidersStatesActor};
use crate::controllers::base_controller::build_fatal_error_page; use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
use crate::data::action_logger::{Action, ActionLogger}; use crate::data::action_logger::{Action, ActionLogger};
use crate::data::login_redirect::LoginRedirect; use crate::data::login_redirect::LoginRedirect;
use crate::data::provider::{ProviderID, ProvidersManager}; use crate::data::provider::{ProviderID, ProvidersManager};
@ -65,7 +65,9 @@ pub async fn start_login(
log::debug!("Provider configuration: {:?}", config); log::debug!("Provider configuration: {:?}", config);
HttpResponse::Ok().body(state.state_id) let url = config.auth_url(&provider, &state);
log::debug!("Redirect user on {url} for authorization",);
// Redirect user // Redirect user
redirect_user(&url)
} }

16
src/data/provider_configuration.rs
View File

@ -1,7 +1,9 @@
use crate::actors::providers_states_actor::ProviderLoginState;
use std::cell::RefCell; use std::cell::RefCell;
use std::collections::HashMap; use std::collections::HashMap;
use crate::constants::OIDC_PROVIDERS_LIFETIME; use crate::constants::{OIDC_PROVIDERS_LIFETIME, OIDC_PROVIDER_CB_URI};
use crate::data::app_config::AppConfig;
use crate::data::jwt_signer::JsonWebKey; use crate::data::jwt_signer::JsonWebKey;
use crate::data::provider::Provider; use crate::data::provider::Provider;
use crate::utils::err::Res; use crate::utils::err::Res;
@ -30,6 +32,18 @@ pub struct ProviderConfiguration {
pub expire: u64, pub expire: u64,
} }
impl ProviderConfiguration {
/// Get the URL where a user should be redirected to authenticate
pub fn auth_url(&self, provider: &Provider, state: &ProviderLoginState) -> String {
let authorization_url = &self.discovery.authorization_endpoint;
let client_id = urlencoding::encode(&provider.client_id).to_string();
let state = urlencoding::encode(&state.state_id).to_string();
let callback_url = AppConfig::get().full_url(OIDC_PROVIDER_CB_URI);
format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
}
}
thread_local! { thread_local! {
static THREAD_CACHE: RefCell<HashMap<String, ProviderConfiguration>> = RefCell::new(Default::default()); static THREAD_CACHE: RefCell<HashMap<String, ProviderConfiguration>> = RefCell::new(Default::default());
} }