2sys/shoutdotdev
2sys/shoutdotdev
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix auth bugs from empty redirect urls

Browse source
This commit is contained in:
Brent Schroeter 2025-03-11 22:23:09 -07:00
parent 8b693d44ed
commit 83e34b8654
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/auth.rs
View file

@ -45,12 +45,12 @@ pub fn new_oauth_client(settings: &Settings) -> Result<BasicClient, AppError> {
pub fn new_router() -> Router<AppState> { pub fn new_router() -> Router<AppState> {
Router::new() Router::new()
.route("/login", get(propel_auth)) .route("/login", get(start_login))
.route("/callback", get(login_authorized)) .route("/callback", get(login_authorized))
.route("/logout", get(logout)) .route("/logout", get(logout))
} }
pub async fn propel_auth( pub async fn start_login(
State(state): State<AppState>, State(state): State<AppState>,
State(Settings { State(Settings {
auth: auth_settings, auth: auth_settings,
@ -64,7 +64,7 @@ pub async fn propel_auth(
if let Some(session) = maybe_session { if let Some(session) = maybe_session {
if session.get::<AuthInfo>(SESSION_KEY_AUTH_INFO).is_some() { if session.get::<AuthInfo>(SESSION_KEY_AUTH_INFO).is_some() {
tracing::debug!("already logged in, redirecting..."); tracing::debug!("already logged in, redirecting...");
return Ok(Redirect::to(&base_path).into_response()); return Ok(Redirect::to(&format!("{}/", base_path)).into_response());
} }
} }
let csrf_token = CsrfToken::new_random(); let csrf_token = CsrfToken::new_random();
@ -124,7 +124,7 @@ pub async fn logout(
} }
let jar = jar.remove(Cookie::from(auth_settings.cookie_name)); let jar = jar.remove(Cookie::from(auth_settings.cookie_name));
tracing::debug!("Removed session cookie from jar."); tracing::debug!("Removed session cookie from jar.");
Ok((jar, Redirect::to(&base_path))) Ok((jar, Redirect::to(&format!("{}/", base_path))))
} }
#[derive(Debug, Deserialize)] #[derive(Debug, Deserialize)]
@ -167,11 +167,13 @@ pub async fn login_authorized(
"OAuth CSRF tokens do not match.".to_string(), "OAuth CSRF tokens do not match.".to_string(),
)); ));
} }
tracing::debug!("exchanging authorization code");
let response = state let response = state
.oauth_client .oauth_client
.exchange_code(AuthorizationCode::new(query.code.clone())) .exchange_code(AuthorizationCode::new(query.code.clone()))
.request_async(async_http_client) .request_async(async_http_client)
.await?; .await?;
tracing::debug!("fetching user info");
let auth_info: AuthInfo = reqwest_client let auth_info: AuthInfo = reqwest_client
.get(auth_settings.userinfo_url.as_str()) .get(auth_settings.userinfo_url.as_str())
.bearer_auth(response.access_token().secret()) .bearer_auth(response.access_token().secret())
@ -179,6 +181,7 @@ pub async fn login_authorized(
.await? .await?
.json() .json()
.await?; .await?;
tracing::debug!("updating session");
session.insert(SESSION_KEY_AUTH_INFO, &auth_info)?; session.insert(SESSION_KEY_AUTH_INFO, &auth_info)?;
session.insert(SESSION_KEY_AUTH_REFRESH_TOKEN, response.refresh_token())?; session.insert(SESSION_KEY_AUTH_REFRESH_TOKEN, response.refresh_token())?;
if state.session_store.store_session(session).await?.is_some() { if state.session_store.store_session(session).await?.is_some() {
@ -187,7 +190,8 @@ pub async fn login_authorized(
) )
.into()); .into());
} }
Ok(Redirect::to(&base_path)) tracing::debug!("successfully authenticated");
Ok(Redirect::to(&format!("{}/", base_path)))
} }
impl FromRequestParts<AppState> for AuthInfo { impl FromRequestParts<AppState> for AuthInfo {