Use abstracted UIAA call for login token route.
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
parent
d56ee58a73
commit
14e7a001b9
1 changed files with 7 additions and 47 deletions
|
|
@ -4,19 +4,16 @@ use axum::extract::State;
|
||||||
use axum_client_ip::InsecureClientIp;
|
use axum_client_ip::InsecureClientIp;
|
||||||
use ruma::{
|
use ruma::{
|
||||||
OwnedUserId,
|
OwnedUserId,
|
||||||
api::client::{
|
api::client::session::{
|
||||||
session::{
|
|
||||||
get_login_token,
|
get_login_token,
|
||||||
login::v3::{Request, Token},
|
login::v3::{Request, Token},
|
||||||
},
|
},
|
||||||
uiaa,
|
|
||||||
},
|
|
||||||
};
|
};
|
||||||
use tuwunel_core::{Err, Result, utils::random_string};
|
use tuwunel_core::{Err, Result, utils::random_string};
|
||||||
use tuwunel_service::{Services, uiaa::SESSION_ID_LENGTH};
|
use tuwunel_service::Services;
|
||||||
|
|
||||||
use super::TOKEN_LENGTH;
|
use super::TOKEN_LENGTH;
|
||||||
use crate::Ruma;
|
use crate::{Ruma, router::auth_uiaa};
|
||||||
|
|
||||||
pub(super) async fn handle_login(
|
pub(super) async fn handle_login(
|
||||||
services: &Services,
|
services: &Services,
|
||||||
|
|
@ -48,48 +45,11 @@ pub(crate) async fn login_token_route(
|
||||||
return Err!(Request(Forbidden("Login via an existing session is not enabled")));
|
return Err!(Request(Forbidden("Login via an existing session is not enabled")));
|
||||||
}
|
}
|
||||||
|
|
||||||
// This route SHOULD have UIA
|
let sender_user = auth_uiaa(&services, &body).await?;
|
||||||
// TODO: How do we make only UIA sessions that have not been used before valid?
|
|
||||||
let sender_user = body.sender_user();
|
|
||||||
let sender_device = body.sender_device()?;
|
|
||||||
|
|
||||||
let password_flow = uiaa::AuthFlow { stages: vec![uiaa::AuthType::Password] };
|
|
||||||
|
|
||||||
let mut uiaainfo = uiaa::UiaaInfo {
|
|
||||||
flows: vec![password_flow],
|
|
||||||
..Default::default()
|
|
||||||
};
|
|
||||||
|
|
||||||
match &body.auth {
|
|
||||||
| Some(auth) => {
|
|
||||||
let (worked, uiaainfo) = services
|
|
||||||
.uiaa
|
|
||||||
.try_auth(sender_user, sender_device, auth, &uiaainfo)
|
|
||||||
.await?;
|
|
||||||
|
|
||||||
if !worked {
|
|
||||||
return Err!(Uiaa(uiaainfo));
|
|
||||||
}
|
|
||||||
|
|
||||||
// Success!
|
|
||||||
},
|
|
||||||
| _ => match body.json_body.as_ref() {
|
|
||||||
| Some(json) => {
|
|
||||||
uiaainfo.session = Some(random_string(SESSION_ID_LENGTH));
|
|
||||||
services
|
|
||||||
.uiaa
|
|
||||||
.create(sender_user, sender_device, &uiaainfo, json);
|
|
||||||
|
|
||||||
return Err!(Uiaa(uiaainfo));
|
|
||||||
},
|
|
||||||
| _ => return Err!(Request(NotJson("No JSON body was sent when required."))),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
let login_token = random_string(TOKEN_LENGTH);
|
let login_token = random_string(TOKEN_LENGTH);
|
||||||
let expires_in = services
|
let expires_in = services
|
||||||
.users
|
.users
|
||||||
.create_login_token(sender_user, &login_token);
|
.create_login_token(&sender_user, &login_token);
|
||||||
|
|
||||||
Ok(get_login_token::v1::Response {
|
Ok(get_login_token::v1::Response {
|
||||||
expires_in: Duration::from_millis(expires_in),
|
expires_in: Duration::from_millis(expires_in),
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue