Add authentication from upstream providers #107
@ -80,3 +80,6 @@ pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15;
|
|||||||
|
|
||||||
/// OpenID providers configuration constants
|
/// OpenID providers configuration constants
|
||||||
pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;
|
pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;
|
||||||
|
|
||||||
|
/// OpenID provider callback URI
|
||||||
|
pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";
|
||||||
|
@ -5,7 +5,7 @@ use actix_web::{web, HttpResponse, Responder};
|
|||||||
|
|
||||||
use crate::actors::providers_states_actor;
|
use crate::actors::providers_states_actor;
|
||||||
use crate::actors::providers_states_actor::{ProviderLoginState, ProvidersStatesActor};
|
use crate::actors::providers_states_actor::{ProviderLoginState, ProvidersStatesActor};
|
||||||
use crate::controllers::base_controller::build_fatal_error_page;
|
use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
|
||||||
use crate::data::action_logger::{Action, ActionLogger};
|
use crate::data::action_logger::{Action, ActionLogger};
|
||||||
use crate::data::login_redirect::LoginRedirect;
|
use crate::data::login_redirect::LoginRedirect;
|
||||||
use crate::data::provider::{ProviderID, ProvidersManager};
|
use crate::data::provider::{ProviderID, ProvidersManager};
|
||||||
@ -65,7 +65,9 @@ pub async fn start_login(
|
|||||||
|
|
||||||
log::debug!("Provider configuration: {:?}", config);
|
log::debug!("Provider configuration: {:?}", config);
|
||||||
|
|
||||||
HttpResponse::Ok().body(state.state_id)
|
let url = config.auth_url(&provider, &state);
|
||||||
|
log::debug!("Redirect user on {url} for authorization",);
|
||||||
|
|
||||||
// Redirect user
|
// Redirect user
|
||||||
|
redirect_user(&url)
|
||||||
}
|
}
|
||||||
|
@ -1,7 +1,9 @@
|
|||||||
|
use crate::actors::providers_states_actor::ProviderLoginState;
|
||||||
use std::cell::RefCell;
|
use std::cell::RefCell;
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
|
||||||
use crate::constants::OIDC_PROVIDERS_LIFETIME;
|
use crate::constants::{OIDC_PROVIDERS_LIFETIME, OIDC_PROVIDER_CB_URI};
|
||||||
|
use crate::data::app_config::AppConfig;
|
||||||
use crate::data::jwt_signer::JsonWebKey;
|
use crate::data::jwt_signer::JsonWebKey;
|
||||||
use crate::data::provider::Provider;
|
use crate::data::provider::Provider;
|
||||||
use crate::utils::err::Res;
|
use crate::utils::err::Res;
|
||||||
@ -30,6 +32,18 @@ pub struct ProviderConfiguration {
|
|||||||
pub expire: u64,
|
pub expire: u64,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl ProviderConfiguration {
|
||||||
|
/// Get the URL where a user should be redirected to authenticate
|
||||||
|
pub fn auth_url(&self, provider: &Provider, state: &ProviderLoginState) -> String {
|
||||||
|
let authorization_url = &self.discovery.authorization_endpoint;
|
||||||
|
let client_id = urlencoding::encode(&provider.client_id).to_string();
|
||||||
|
let state = urlencoding::encode(&state.state_id).to_string();
|
||||||
|
let callback_url = AppConfig::get().full_url(OIDC_PROVIDER_CB_URI);
|
||||||
|
|
||||||
|
format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
thread_local! {
|
thread_local! {
|
||||||
static THREAD_CACHE: RefCell<HashMap<String, ProviderConfiguration>> = RefCell::new(Default::default());
|
static THREAD_CACHE: RefCell<HashMap<String, ProviderConfiguration>> = RefCell::new(Default::default());
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user