studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Auth related cleanups.

Browse Source 
Cleanup; additional error macros.

Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-06-16 03:43:22 +00:00
parent 83ceda808c
commit cd8648dce5
3 changed files with 57 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/api/client/session/mod.rs
View File

@@ -81,7 +81,7 @@ pub(crate) async fn login_route(
};
// Generate a new token for the device
let token = utils::random_string(TOKEN_LENGTH);
let access_token = utils::random_string(TOKEN_LENGTH);
// Generate new device id if the user didn't specify one
let device_id = body
@@ -102,7 +102,7 @@ pub(crate) async fn login_route(
.create_device(
&user_id,
&device_id,
&token,
&access_token,
body.initial_device_display_name.clone(),
Some(client.to_string()),
)
@@ -110,28 +110,32 @@ pub(crate) async fn login_route(
} else {
services
.users
.set_token(&user_id, &device_id, &token)
.set_token(&user_id, &device_id, &access_token)
.await?;
}
info!("{user_id} logged in");
let home_server = services.server.name.clone().into();
// send client well-known if specified so the client knows to reconfigure itself
let client_discovery_info: Option<DiscoveryInfo> = services
let well_known: Option<DiscoveryInfo> = services
.config
.well_known
.client
.as_ref()
.map(|server| DiscoveryInfo::new(HomeserverInfo::new(server.to_string())));
info!("{user_id} logged in");
.map(ToString::to_string)
.map(HomeserverInfo::new)
.map(DiscoveryInfo::new);
#[allow(deprecated)]
Ok(login::v3::Response {
user_id,
access_token: token,
access_token,
device_id,
well_known: client_discovery_info,
home_server,
well_known,
expires_in: None,
home_server: Some(services.config.server_name.clone()),
refresh_token: None,
})
}

31
src/api/router/auth.rs
View File

@@ -50,6 +50,7 @@ pub(super) async fn auth(
) -> Result<Auth> {
let bearer: Option<TypedHeader<Authorization<Bearer>>> =
request.parts.extract().await.unwrap_or(None);
let token = match &bearer {
| Some(TypedHeader(Authorization(bearer))) => Some(bearer.token()),
| None => request.query.access_token.as_deref(),
@@ -81,10 +82,9 @@ pub(super) async fn auth(
// already
},
| Token::None | Token::Invalid => {
return Err(Error::BadRequest(
ErrorKind::MissingToken,
"Missing or invalid access token.",
));
return Err!(Request(MissingToken(
"Missing or invalid access token."
)));
},
}
}
@@ -105,10 +105,9 @@ pub(super) async fn auth(
// already
},
| Token::None | Token::Invalid => {
return Err(Error::BadRequest(
ErrorKind::MissingToken,
"Missing or invalid access token.",
));
return Err!(Request(MissingToken(
"Missing or invalid access token."
)));
},
}
}
@@ -139,10 +138,10 @@ pub(super) async fn auth(
appservice_info: None,
})
} else {
Err(Error::BadRequest(ErrorKind::MissingToken, "Missing access token."))
Err!(Request(MissingToken("Missing access token.")))
}
},
| _ => Err(Error::BadRequest(ErrorKind::MissingToken, "Missing access token.")),
| _ => Err!(Request(MissingToken("Missing access token."))),
},
| (
AuthScheme::AccessToken | AuthScheme::AccessTokenOptional | AuthScheme::None,
@@ -165,14 +164,10 @@ pub(super) async fn auth(
appservice_info: None,
}),
| (AuthScheme::ServerSignatures, Token::Appservice(_) | Token::User(_)) =>
Err(Error::BadRequest(
ErrorKind::Unauthorized,
"Only server signatures should be used on this endpoint.",
)),
| (AuthScheme::AppserviceToken, Token::User(_)) => Err(Error::BadRequest(
ErrorKind::Unauthorized,
"Only appservice access tokens should be used on this endpoint.",
)),
Err!(Request(Unauthorized("Only server signatures should be used on this endpoint."))),
| (AuthScheme::AppserviceToken, Token::User(_)) => Err!(Request(Unauthorized(
"Only appservice access tokens should be used on this endpoint."
))),
| (AuthScheme::None, Token::Invalid) => {
// OpenID federation endpoint uses a query param with the same name, drop this
// once query params for user auth are removed from the spec. This is