matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Handle legacy /refresh

Browse Source
This commit is contained in:
Quentin Gliech
2022-05-19 09:39:01 +02:00
parent 309c89fc4f
commit 0fcecfa7fb
7 changed files with 368 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

233
crates/storage/sqlx-data.json
View File

@ -1,5 +1,18 @@
{
"db": "PostgreSQL",
"02be1a7451e890cb0cc07b32c937881ac9bd1707eb498e20a3cf27737c95a949": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Left": [
"Int8",
"Int8"
]
}
},
"query": "\n UPDATE compat_refresh_tokens\n SET next_token_id = $2\n WHERE id = $1\n "
},
"08896e50738af687ac53dc5ac5ae0b19bcac7503230ba90e11de799978d7a026": {
"describe": {
"columns": [
@ -333,6 +346,18 @@
},
"query": "\n INSERT INTO user_sessions (user_id)\n VALUES ($1)\n RETURNING id, created_at\n "
},
"366ea127c7b220960f17fd1b651600826ac10b8baf92f0e936fd07f34a7dc0fc": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Left": [
"Int8"
]
}
},
"query": "\n UPDATE compat_access_tokens\n SET expires_at = NOW()\n WHERE id = $1\n "
},
"41b5ecd6860791ac6f90417ac51eb977b8c69a3dd81af4672b2592efb65963eb": {
"describe": {
"columns": [
@ -1497,6 +1522,122 @@
},
"query": "\n INSERT INTO oauth2_client_redirect_uris (oauth2_client_id, redirect_uri)\n SELECT $1, uri FROM UNNEST($2::text[]) uri\n "
},
"ab800ea65b9c703a56b6c3b7dd47402dbbe0c9900f6d965c908b84332b2aa148": {
"describe": {
"columns": [
{
"name": "compat_refresh_token_id",
"ordinal": 0,
"type_info": "Int8"
},
{
"name": "compat_refresh_token",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "compat_refresh_token_created_at",
"ordinal": 2,
"type_info": "Timestamptz"
},
{
"name": "compat_access_token_id",
"ordinal": 3,
"type_info": "Int8"
},
{
"name": "compat_access_token",
"ordinal": 4,
"type_info": "Text"
},
{
"name": "compat_access_token_created_at",
"ordinal": 5,
"type_info": "Timestamptz"
},
{
"name": "compat_access_token_expires_at",
"ordinal": 6,
"type_info": "Timestamptz"
},
{
"name": "compat_session_id",
"ordinal": 7,
"type_info": "Int8"
},
{
"name": "compat_session_created_at",
"ordinal": 8,
"type_info": "Timestamptz"
},
{
"name": "compat_session_deleted_at",
"ordinal": 9,
"type_info": "Timestamptz"
},
{
"name": "compat_session_device_id",
"ordinal": 10,
"type_info": "Text"
},
{
"name": "user_id!",
"ordinal": 11,
"type_info": "Int8"
},
{
"name": "user_username!",
"ordinal": 12,
"type_info": "Text"
},
{
"name": "user_email_id?",
"ordinal": 13,
"type_info": "Int8"
},
{
"name": "user_email?",
"ordinal": 14,
"type_info": "Text"
},
{
"name": "user_email_created_at?",
"ordinal": 15,
"type_info": "Timestamptz"
},
{
"name": "user_email_confirmed_at?",
"ordinal": 16,
"type_info": "Timestamptz"
}
],
"nullable": [
false,
false,
false,
false,
false,
false,
true,
false,
false,
true,
false,
false,
false,
false,
false,
false,
true
],
"parameters": {
"Left": [
"Text"
]
}
},
"query": "\n SELECT\n cr.id AS \"compat_refresh_token_id\",\n cr.token AS \"compat_refresh_token\",\n cr.created_at AS \"compat_refresh_token_created_at\",\n ct.id AS \"compat_access_token_id\",\n ct.token AS \"compat_access_token\",\n ct.created_at AS \"compat_access_token_created_at\",\n ct.expires_at AS \"compat_access_token_expires_at\",\n cs.id AS \"compat_session_id\",\n cs.created_at AS \"compat_session_created_at\",\n cs.deleted_at AS \"compat_session_deleted_at\",\n cs.device_id AS \"compat_session_device_id\",\n u.id AS \"user_id!\",\n u.username AS \"user_username!\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n\n FROM compat_refresh_tokens cr\n INNER JOIN compat_access_tokens ct\n ON ct.id = cr.compat_access_token_id\n INNER JOIN compat_sessions cs\n ON cs.id = cr.compat_session_id\n INNER JOIN users u\n ON u.id = cs.user_id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE cr.token = $1\n AND cr.next_token_id IS NULL\n AND cs.deleted_at IS NULL\n "
},
"aea289a04e151da235825305a5085bc6aa100fce139dbf10a2c1bed4867fc52a": {
"describe": {
"columns": [
@ -2038,97 +2179,5 @@
}
},
"query": "TRUNCATE oauth2_client_redirect_uris, oauth2_clients RESTART IDENTITY CASCADE"
},
"fc5d32bab9999ad383f906dbf20a45dafba1149e809155eccb4d94506ff6cf6f": {
"describe": {
"columns": [
{
"name": "compat_refresh_token_id",
"ordinal": 0,
"type_info": "Int8"
},
{
"name": "compat_refresh_token",
"ordinal": 1,
"type_info": "Text"
},
{
"name": "compat_refresh_token_created_at",
"ordinal": 2,
"type_info": "Timestamptz"
},
{
"name": "compat_session_id",
"ordinal": 3,
"type_info": "Int8"
},
{
"name": "compat_session_created_at",
"ordinal": 4,
"type_info": "Timestamptz"
},
{
"name": "compat_session_deleted_at",
"ordinal": 5,
"type_info": "Timestamptz"
},
{
"name": "compat_session_device_id",
"ordinal": 6,
"type_info": "Text"
},
{
"name": "user_id!",
"ordinal": 7,
"type_info": "Int8"
},
{
"name": "user_username!",
"ordinal": 8,
"type_info": "Text"
},
{
"name": "user_email_id?",
"ordinal": 9,
"type_info": "Int8"
},
{
"name": "user_email?",
"ordinal": 10,
"type_info": "Text"
},
{
"name": "user_email_created_at?",
"ordinal": 11,
"type_info": "Timestamptz"
},
{
"name": "user_email_confirmed_at?",
"ordinal": 12,
"type_info": "Timestamptz"
}
],
"nullable": [
false,
false,
false,
false,
false,
true,
false,
false,
false,
false,
false,
false,
true
],
"parameters": {
"Left": [
"Text"
]
}
},
"query": "\n SELECT\n cr.id AS \"compat_refresh_token_id\",\n cr.token AS \"compat_refresh_token\",\n cr.created_at AS \"compat_refresh_token_created_at\",\n cs.id AS \"compat_session_id\",\n cs.created_at AS \"compat_session_created_at\",\n cs.deleted_at AS \"compat_session_deleted_at\",\n cs.device_id AS \"compat_session_device_id\",\n u.id AS \"user_id!\",\n u.username AS \"user_username!\",\n ue.id AS \"user_email_id?\",\n ue.email AS \"user_email?\",\n ue.created_at AS \"user_email_created_at?\",\n ue.confirmed_at AS \"user_email_confirmed_at?\"\n\n FROM compat_refresh_tokens cr\n INNER JOIN compat_sessions cs\n ON cs.id = cr.compat_session_id\n INNER JOIN users u\n ON u.id = cs.user_id\n LEFT JOIN user_emails ue\n ON ue.id = u.primary_email_id\n\n WHERE cr.token = $1\n AND cs.deleted_at IS NULL\n "
}
}

75
crates/storage/src/compat.rs
View File

@ -153,6 +153,10 @@ pub struct CompatRefreshTokenLookup {
compat_refresh_token_id: i64,
compat_refresh_token: String,
compat_refresh_token_created_at: DateTime<Utc>,
compat_access_token_id: i64,
compat_access_token: String,
compat_access_token_created_at: DateTime<Utc>,
compat_access_token_expires_at: Option<DateTime<Utc>>,
compat_session_id: i64,
compat_session_created_at: DateTime<Utc>,
compat_session_deleted_at: Option<DateTime<Utc>>,
@ -186,6 +190,7 @@ pub async fn lookup_active_compat_refresh_token(
) -> Result<
(
CompatRefreshToken<PostgresqlBackend>,
CompatAccessToken<PostgresqlBackend>,
CompatSession<PostgresqlBackend>,
),
CompatRefreshTokenLookupError,
@ -197,6 +202,10 @@ pub async fn lookup_active_compat_refresh_token(
cr.id AS "compat_refresh_token_id",
cr.token AS "compat_refresh_token",
cr.created_at AS "compat_refresh_token_created_at",
ct.id AS "compat_access_token_id",
ct.token AS "compat_access_token",
ct.created_at AS "compat_access_token_created_at",
ct.expires_at AS "compat_access_token_expires_at",
cs.id AS "compat_session_id",
cs.created_at AS "compat_session_created_at",
cs.deleted_at AS "compat_session_deleted_at",
@ -209,6 +218,8 @@ pub async fn lookup_active_compat_refresh_token(
ue.confirmed_at AS "user_email_confirmed_at?"
FROM compat_refresh_tokens cr
INNER JOIN compat_access_tokens ct
ON ct.id = cr.compat_access_token_id
INNER JOIN compat_sessions cs
ON cs.id = cr.compat_session_id
INNER JOIN users u
@ -217,6 +228,7 @@ pub async fn lookup_active_compat_refresh_token(
ON ue.id = u.primary_email_id
WHERE cr.token = $1
AND cr.next_token_id IS NULL
AND cs.deleted_at IS NULL
"#,
token,
@ -225,12 +237,19 @@ pub async fn lookup_active_compat_refresh_token(
.instrument(info_span!("Fetch compat refresh token"))
.await?;
let token = CompatRefreshToken {
let refresh_token = CompatRefreshToken {
data: res.compat_refresh_token_id,
token: res.compat_refresh_token,
created_at: res.compat_refresh_token_created_at,
};
let access_token = CompatAccessToken {
data: res.compat_access_token_id,
token: res.compat_access_token,
created_at: res.compat_access_token_created_at,
expires_at: res.compat_access_token_expires_at,
};
let primary_email = match (
res.user_email_id,
res.user_email,
@ -264,7 +283,7 @@ pub async fn lookup_active_compat_refresh_token(
deleted_at: res.compat_session_deleted_at,
};
Ok((token, session))
Ok((refresh_token, access_token, session))
}
#[tracing::instrument(skip(conn, password), err)]
@ -392,6 +411,31 @@ pub async fn add_compat_access_token(
}
}
pub async fn expire_compat_access_token(
executor: impl PgExecutor<'_>,
access_token: CompatAccessToken<PostgresqlBackend>,
) -> anyhow::Result<()> {
let res = sqlx::query!(
r#"
UPDATE compat_access_tokens
SET expires_at = NOW()
WHERE id = $1
"#,
access_token.data,
)
.execute(executor)
.await
.context("failed to update compat access token")?;
if res.rows_affected() == 1 {
Ok(())
} else {
Err(anyhow::anyhow!(
"no row were affected when updating access token"
))
}
}
pub async fn add_compat_refresh_token(
executor: impl PgExecutor<'_>,
session: &CompatSession<PostgresqlBackend>,
@ -447,3 +491,30 @@ pub async fn compat_logout(
_ => anyhow::bail!("too many row affected"),
}
}
pub async fn replace_compat_refresh_token(
executor: impl PgExecutor<'_>,
refresh_token: &CompatRefreshToken<PostgresqlBackend>,
next_refresh_token: &CompatRefreshToken<PostgresqlBackend>,
) -> anyhow::Result<()> {
let res = sqlx::query!(
r#"
UPDATE compat_refresh_tokens
SET next_token_id = $2
WHERE id = $1
"#,
refresh_token.data,
next_refresh_token.data
)
.execute(executor)
.await
.context("failed to update compat refresh token")?;
if res.rows_affected() == 1 {
Ok(())
} else {
Err(anyhow::anyhow!(
"no row were affected when updating refresh token"
))
}
}