Can finish open id login

2023-06-02 15:04:49 +02:00
parent 29c0247b4b
commit d54f9e4503
6 changed files with 150 additions and 4 deletions
--- a/geneit_backend/src/controllers/auth_controller.rs
+++ b/geneit_backend/src/controllers/auth_controller.rs
@ -254,3 +254,53 @@ pub async fn start_openid_login(

    Ok(HttpResponse::Ok().json(StartOpenIDLoginResponse { url }))
 }
+
+#[derive(serde::Deserialize)]
+pub struct FinishOpenIDLoginQuery {
+    code: String,
+    state: String,
+}
+
+/// Finish OpenID login
+pub async fn finish_openid_login(
+    remote_ip: RemoteIP,
+    req: web::Json<FinishOpenIDLoginQuery>,
+) -> HttpResult {
+    let user_info = openid_service::finish_login(remote_ip.0, &req.code, &req.state).await?;
+
+    if user_info.email_verified != Some(true) {
+        log::error!("Email is not verified!");
+        return Ok(
+            HttpResponse::Unauthorized().json("Email non vérifié par le fournisseur d'identité !")
+        );
+    }
+
+    let mail = match user_info.email {
+        Some(m) => m,
+        None => {
+            return Ok(HttpResponse::Unauthorized()
+                .json("Email non spécifié par le fournisseur d'identité !"));
+        }
+    };
+
+    // Create the account, if required
+    if !users_service::exists_email(&mail).await? {
+        let name = match (user_info.name, user_info.given_name, user_info.family_name) {
+            (Some(name), _, _) => name,
+            (None, Some(g), Some(f)) => format!("{g} {f}"),
+            (_, _, _) => {
+                return Ok(HttpResponse::Unauthorized()
+                    .json("Nom non spécifié par le fournisseur d'identité !"));
+            }
+        };
+
+        users_service::create_account(&name, &mail).await?;
+    }
+
+    let user = users_service::get_by_mail(&mail).await?;
+
+    // OpenID auth is enough to validate accounts
+    users_service::validate_account(&user).await?;
+
+    finish_login(&user).await
+}