diff options
| author | mrw1593 <botahamec@outlook.com> | 2023-07-02 11:52:50 -0400 |
|---|---|---|
| committer | mrw1593 <botahamec@outlook.com> | 2023-07-02 11:52:50 -0400 |
| commit | 15a7387309fed7dcc589216aac748811e0321ab4 (patch) | |
| tree | 0541ba37a9b5e01e3c03dcf31b0b2df234d1bf49 /src/api/oauth.rs | |
| parent | b909c8496a7e0f035623105f631809ef3016a810 (diff) | |
Changes to jwt claims
Diffstat (limited to 'src/api/oauth.rs')
| -rw-r--r-- | src/api/oauth.rs | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/src/api/oauth.rs b/src/api/oauth.rs index fe1c361..aee0ed4 100644 --- a/src/api/oauth.rs +++ b/src/api/oauth.rs @@ -216,12 +216,16 @@ async fn authenticate_user( db: &MySqlPool, username: &str, password: &str, -) -> Result<bool, RawUnexpected> { +) -> Result<Option<Uuid>, RawUnexpected> { let Some(user) = db::get_user_by_username(db, username).await? else { - return Ok(false); + return Ok(None); }; - Ok(user.check_password(password)?) + if user.check_password(password)? { + Ok(Some(user.id)) + } else { + Ok(None) + } } #[post("/authorize")] @@ -248,7 +252,7 @@ async fn authorize( return HttpResponse::InternalServerError().content_type("text/html").body(page); }; - let self_id = config.id; + let self_id = config.url; let state = req.state.clone(); // get redirect uri @@ -267,9 +271,9 @@ async fn authorize( }; // authenticate user - if !authenticate_user(db, &credentials.username, &credentials.password) + let Some(user_id) = authenticate_user(db, &credentials.username, &credentials.password) .await - .unwrap() + .unwrap() else { let language = Language::from_str("en").unwrap(); let translations = translations.get_ref().clone(); @@ -289,9 +293,10 @@ async fn authorize( match req.response_type { ResponseType::Code => { // create auth code - let code = jwt::Claims::auth_code(db, &self_id, client_id, &scope, &redirect_uri) - .await - .unwrap(); + let code = + jwt::Claims::auth_code(db, self_id, client_id, user_id, &scope, &redirect_uri) + .await + .unwrap(); let code = code.to_jwt().unwrap(); let response = AuthCodeResponse { code, state }; @@ -307,7 +312,7 @@ async fn authorize( // create access token let duration = Duration::hours(1); let access_token = - jwt::Claims::access_token(db, None, &self_id, client_id, duration, &scope) + jwt::Claims::access_token(db, None, self_id, client_id, user_id, duration, &scope) .await .unwrap(); @@ -635,7 +640,7 @@ async fn token( }; let config = config::get_config().unwrap(); - let self_id = config.id; + let self_id = config.url; let duration = Duration::hours(1); let token_type = Box::from("bearer"); let cache_control = header::CacheControl(vec![header::CacheDirective::NoStore]); @@ -677,8 +682,9 @@ async fn token( let access_token = jwt::Claims::access_token( db, Some(claims.id()), - &self_id, + self_id, client_id, + claims.subject(), duration, claims.scopes(), ) @@ -729,7 +735,7 @@ async fn token( } // authenticate user - if !authenticate_user(db, &username, &password).await.unwrap() { + let Some(user_id) = authenticate_user(db, &username, &password).await.unwrap() else { return TokenError::incorrect_user_credentials().error_response(); }; @@ -755,7 +761,7 @@ async fn token( } let access_token = - jwt::Claims::access_token(db, None, &self_id, client_id, duration, &scope) + jwt::Claims::access_token(db, None, self_id, client_id, user_id, duration, &scope) .await .unwrap(); let refresh_token = jwt::Claims::refresh_token(db, &access_token).await.unwrap(); @@ -818,10 +824,11 @@ async fn token( return TokenError::excessive_scope().error_response(); } - let access_token = - jwt::Claims::access_token(db, None, &self_id, client_id, duration, &scope) - .await - .unwrap(); + let access_token = jwt::Claims::access_token( + db, None, self_id, client_id, client_id, duration, &scope, + ) + .await + .unwrap(); let expires_in = access_token.expires_in(); let scope = access_token.scopes().into(); |