pierre/MoneyMgr
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases 6 Wiki Activity
Files
11fb50af9a11ad71fba2256a59b2aac96c71a7bc
MoneyMgr/moneymgr_backend/src/controllers/auth_controller.rs
Pierre HUBERT 544513d118 Add tokens routes
2025-03-19 18:57:38 +01:00

132 lines
3.8 KiB
Rust
Raw Blame History

use crate::app_config::AppConfig;
use crate::controllers::{HttpFailure, HttpResult};
use crate::extractors::auth_extractor::{AuthExtractor, AuthenticatedMethod};
use crate::extractors::money_session::MoneySession;
use crate::services::{tokens_service, users_service};
use actix_remote_ip::RemoteIP;
use actix_web::{HttpResponse, web};
use light_openid::primitives::OpenIDConfig;
#[derive(serde::Serialize)]
struct StartOIDCResponse {
url: String,
}
/// Start OIDC authentication
pub async fn start_oidc(session: MoneySession, remote_ip: RemoteIP) -> HttpResult {
let prov = AppConfig::get().openid_provider();
let conf = match OpenIDConfig::load_from_url(prov.configuration_url).await {
Ok(c) => c,
Err(e) => {
log::error!("Failed to fetch OpenID provider configuration! {e}");
return Ok(HttpResponse::InternalServerError()
.json("Failed to fetch OpenID provider configuration!"));
}
};
let state = match session.gen_oidc_state(remote_ip.0) {
Ok(s) => s,
Err(e) => {
log::error!("Failed to generate auth state! {e}");
return Ok(HttpResponse::InternalServerError().json("Failed to generate auth state!"));
}
};
Ok(HttpResponse::Ok().json(StartOIDCResponse {
url: conf.gen_authorization_url(
prov.client_id,
&state,
&AppConfig::get().oidc_redirect_url(),
),
}))
}
#[derive(serde::Deserialize)]
pub struct FinishOpenIDLoginQuery {
code: String,
state: String,
}
/// Finish OIDC authentication
pub async fn finish_oidc(
session: MoneySession,
remote_ip: RemoteIP,
req: web::Json<FinishOpenIDLoginQuery>,
) -> HttpResult {
if let Err(e) = session.validate_state(&req.state, remote_ip.0) {
log::error!("Failed to validate OIDC CB state! {e}");
return Ok(HttpResponse::BadRequest().json("Invalid state!"));
}
let prov = AppConfig::get().openid_provider();
let conf = OpenIDConfig::load_from_url(prov.configuration_url)
.await
.map_err(HttpFailure::OpenID)?;
let (token, _) = conf
.request_token(
prov.client_id,
prov.client_secret,
&req.code,
&AppConfig::get().oidc_redirect_url(),
)
.await
.map_err(HttpFailure::OpenID)?;
let (user_info, _) = conf
.request_user_info(&token)
.await
.map_err(HttpFailure::OpenID)?;
if user_info.email_verified != Some(true) {
log::error!("Email is not verified!");
return Ok(HttpResponse::Unauthorized().json("Email unverified by IDP!"));
}
let mail = match user_info.email {
Some(m) => m,
None => {
return Ok(HttpResponse::Unauthorized().json("Email not provided by the IDP!"));
}
};
let user_name = user_info.name.unwrap_or_else(|| {
format!(
"{} {}",
user_info.given_name.as_deref().unwrap_or(""),
user_info.family_name.as_deref().unwrap_or("")
)
});
let user = users_service::create_or_update_user(&mail, &user_name).await?;
session.set_user(&user)?;
Ok(HttpResponse::Ok().finish())
}
/// Get current user information
pub async fn auth_info(auth: AuthExtractor) -> HttpResult {
Ok(HttpResponse::Ok().json(auth.user))
}
/// Sign out user
pub async fn sign_out(auth: AuthExtractor, session: MoneySession) -> HttpResult {
match auth.method {
AuthenticatedMethod::Cookie => {
session.unset_current_user()?;
}
AuthenticatedMethod::Token(token) => {
tokens_service::delete(token.user_id(), token.id()).await?;
}
AuthenticatedMethod::Dev => {
// Nothing to be done, user is always authenticated
}
}
Ok(HttpResponse::NoContent().finish())
}
Reference in New Issue View Git Blame Copy Permalink