matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Allow setting a different issuer from the public base URL

Browse Source
This commit is contained in:
Quentin Gliech
2023-06-26 17:36:40 +02:00
parent 5fc4303470
commit 125a6bdf11
8 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/cli/src/commands/server.rs
View File

@ -83,7 +83,8 @@ impl Options {
let policy_factory = policy_factory_from_config(&config.policy).await?;
let policy_factory = Arc::new(policy_factory);
let url_builder = UrlBuilder::new(config.http.public_base.clone());
let url_builder =
UrlBuilder::new(config.http.public_base.clone(), config.http.issuer.clone());
// Load and compile the templates
let templates = templates_from_config(&config.templates, &url_builder).await?;

3
crates/cli/src/commands/templates.rs
View File

@ -44,7 +44,8 @@ impl Options {
let clock = SystemClock::default();
// XXX: we should disallow SeedableRng::from_entropy
let mut rng = rand_chacha::ChaChaRng::from_entropy();
let url_builder = mas_router::UrlBuilder::new("https://example.com/".parse()?);
let url_builder =
mas_router::UrlBuilder::new("https://example.com/".parse()?, None);
let templates = Templates::load(path, url_builder).await?;
templates.check_render(clock.now(), &mut rng).await?;

3
crates/cli/src/commands/worker.rs
View File

@ -37,7 +37,8 @@ impl Options {
info!("Connecting to the database");
let pool = database_from_config(&config.database).await?;
let url_builder = UrlBuilder::new(config.http.public_base.clone());
let url_builder =
UrlBuilder::new(config.http.public_base.clone(), config.http.issuer.clone());
// Load and compile the templates
let templates = templates_from_config(&config.templates, &url_builder).await?;

4
crates/config/src/sections/http.rs
View File

@ -326,6 +326,9 @@ pub struct HttpConfig {
/// Public URL base from where the authentication service is reachable
pub public_base: Url,
/// OIDC issuer URL. Defaults to `public_base` if not set.
pub issuer: Option<Url>,
}
impl Default for HttpConfig {
@ -364,6 +367,7 @@ impl Default for HttpConfig {
}],
},
],
issuer: Some(default_public_base()),
public_base: default_public_base(),
}
}

2
crates/handlers/src/test_utils.rs
View File

@ -110,7 +110,7 @@ impl TestState {
.join("..")
.join("..");
let url_builder = UrlBuilder::new("https://example.com/".parse()?);
let url_builder = UrlBuilder::new("https://example.com/".parse()?, None);
let templates =
Templates::load(workspace_root.join("templates"), url_builder.clone()).await?;

12
crates/router/src/url_builder.rs
View File

@ -22,6 +22,7 @@ use crate::traits::Route;
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct UrlBuilder {
base: Url,
issuer: Url,
}
impl UrlBuilder {
@ -41,20 +42,21 @@ impl UrlBuilder {
/// Create a new [`UrlBuilder`] from a base URL
#[must_use]
pub fn new(base: Url) -> Self {
Self { base }
pub fn new(base: Url, issuer: Option<Url>) -> Self {
let issuer = issuer.unwrap_or_else(|| base.clone());
Self { base, issuer }
}
/// OIDC issuer
#[must_use]
pub fn oidc_issuer(&self) -> Url {
self.base.clone()
self.issuer.clone()
}
/// OIDC dicovery document URL
/// OIDC discovery document URL
#[must_use]
pub fn oidc_discovery(&self) -> Url {
self.url_for(&crate::endpoints::OidcConfiguration)
crate::endpoints::OidcConfiguration.absolute_url(&self.issuer)
}
/// OAuth 2.0 authorization endpoint

2
crates/templates/src/lib.rs
View File

@ -305,7 +305,7 @@ mod tests {
let mut rng = rand::thread_rng();
let path = Utf8Path::new(env!("CARGO_MANIFEST_DIR")).join("../../templates/");
let url_builder = UrlBuilder::new("https://example.com/".parse().unwrap());
let url_builder = UrlBuilder::new("https://example.com/".parse().unwrap(), None);
let templates = Templates::load(path, url_builder).await.unwrap();
templates.check_render(now, &mut rng).await.unwrap();
}