From f04bd4b788ddecdcb040379c70bc0bc9670c9605 Mon Sep 17 00:00:00 2001 From: metamuffin Date: Thu, 22 Aug 2024 18:27:00 +0200 Subject: got some more random tokens --- Cargo.lock | 13 +++++++++++++ Cargo.toml | 1 + src/modules/auth/openid.rs | 47 +++++++++++++++++++++++++++++++++++----------- 3 files changed, 50 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a297a03..482d131 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -617,6 +617,7 @@ dependencies = [ "rustls-pemfile", "rustls-webpki", "serde", + "serde_json", "serde_yaml", "sha2", "thiserror", @@ -1356,6 +1357,18 @@ dependencies = [ "syn", ] +[[package]] +name = "serde_json" +version = "1.0.125" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" +dependencies = [ + "itoa", + "memchr", + "ryu", + "serde", +] + [[package]] name = "serde_yaml" version = "0.9.34+deprecated" diff --git a/Cargo.toml b/Cargo.toml index 6c32a9d..f89b679 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,6 +38,7 @@ pin-project = "1.1.5" # Config serde = { version = "1.0.208", features = ["derive"] } serde_yaml = "0.9.34" +serde_json = "1.0.125" inotify = "0.11.0" # Logging diff --git a/src/modules/auth/openid.rs b/src/modules/auth/openid.rs index fb1fbcb..a8d9d6e 100644 --- a/src/modules/auth/openid.rs +++ b/src/modules/auth/openid.rs @@ -40,7 +40,8 @@ impl NodeKind for OpenIDAuthKind { #[derive(Deserialize)] pub struct OpenIDAuth { client_id: String, - provider: String, + authorize_endpoint: String, + token_endpoint: String, next: DynNode, } @@ -92,8 +93,13 @@ impl Node for OpenIDAuth { }; let redirect_uri = redirect_uri(&request)?.to_string(); - token_request( - &self.provider, + let OAuthTokenResponse { + access_token, + expires_in, + token_type, + id_token, + } = token_request( + &self.token_endpoint, &self.client_id, &redirect_uri, &code, @@ -102,8 +108,18 @@ impl Node for OpenIDAuth { .await?; let mut r = Response::new(BoxBody::<_, ServiceError>::new( - format!("state={state:?}\ncode={code:?}\nreturn_path={return_path:?}") - .map_err(|_| unreachable!()), + format!( + r#"Response: + +state={state:?} +code={code:?} +return_path={return_path:?} +access_token={access_token:?} +token_type={token_type:?} +expires_in={expires_in:?} +id_token={id_token:?}"# + ) + .map_err(|_| unreachable!()), )); r.headers_mut() .insert(CONTENT_TYPE, HeaderValue::from_static("text/plain")); @@ -137,8 +153,8 @@ impl Node for OpenIDAuth { let redirect_uri = redirect_uri(&request)?.to_string(); let uri = format!( - "{}/authorize?client_id={}&redirect_uri={}&state={}_{}&code_challenge={}&code_challenge_method=S256&response_type=code&scope=openid profile email", - self.provider, + "{}?client_id={}&redirect_uri={}&state={}_{}&code_challenge={}&code_challenge_method=S256&response_type=code&scope=openid magic", + self.authorize_endpoint, utf8_percent_encode(&self.client_id, NON_ALPHANUMERIC), utf8_percent_encode(&redirect_uri, NON_ALPHANUMERIC), hex::encode(verif_cipher), @@ -180,8 +196,8 @@ async fn token_request( redirect_uri: &str, code: &str, verifier: &str, -) -> Result<(), ServiceError> { - let url = Uri::from_str(&format!("{provider}/token")).unwrap(); +) -> Result { + let url = Uri::from_str(provider).unwrap(); let body = format!( "client_id={}&redirect_uri={}&code={}&code_verifier={}&grant_type=authorization_code", utf8_percent_encode(client_id, NON_ALPHANUMERIC), @@ -214,6 +230,15 @@ async fn token_request( let body = res.collect().await.unwrap().aggregate(); let mut buf = String::new(); body.reader().read_to_string(&mut buf).unwrap(); - eprintln!("{buf:?}"); - Ok(()) + eprintln!("{buf}"); + Ok(serde_json::from_str(&buf) + .map_err(|_| ServiceError::CustomStatic("invalid token response"))?) +} + +#[derive(Debug, Deserialize)] +struct OAuthTokenResponse { + access_token: String, + expires_in: i64, + token_type: String, + id_token: String, } -- cgit v1.2.3-70-g09d2