matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Allow setting a different issuer from the public base URL

Browse Source
This commit is contained in:
Quentin Gliech
2023-06-26 17:36:40 +02:00
parent 5fc4303470
commit 125a6bdf11
8 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/cli/src/commands/server.rs
View File

@ -83,7 +83,8 @@ impl Options {
let policy_factory = policy_factory_from_config(&config.policy).await?; let policy_factory = policy_factory_from_config(&config.policy).await?;
let policy_factory = Arc::new(policy_factory); let policy_factory = Arc::new(policy_factory);
let url_builder = UrlBuilder::new(config.http.public_base.clone()); let url_builder =
UrlBuilder::new(config.http.public_base.clone(), config.http.issuer.clone());
// Load and compile the templates // Load and compile the templates
let templates = templates_from_config(&config.templates, &url_builder).await?; let templates = templates_from_config(&config.templates, &url_builder).await?;

3
crates/cli/src/commands/templates.rs
View File

@ -44,7 +44,8 @@ impl Options {
let clock = SystemClock::default(); let clock = SystemClock::default();
// XXX: we should disallow SeedableRng::from_entropy // XXX: we should disallow SeedableRng::from_entropy
let mut rng = rand_chacha::ChaChaRng::from_entropy(); let mut rng = rand_chacha::ChaChaRng::from_entropy();
let url_builder = mas_router::UrlBuilder::new("https://example.com/".parse()?); let url_builder =
mas_router::UrlBuilder::new("https://example.com/".parse()?, None);
let templates = Templates::load(path, url_builder).await?; let templates = Templates::load(path, url_builder).await?;
templates.check_render(clock.now(), &mut rng).await?; templates.check_render(clock.now(), &mut rng).await?;

3
crates/cli/src/commands/worker.rs
View File

@ -37,7 +37,8 @@ impl Options {
info!("Connecting to the database"); info!("Connecting to the database");
let pool = database_from_config(&config.database).await?; let pool = database_from_config(&config.database).await?;
let url_builder = UrlBuilder::new(config.http.public_base.clone()); let url_builder =
UrlBuilder::new(config.http.public_base.clone(), config.http.issuer.clone());
// Load and compile the templates // Load and compile the templates
let templates = templates_from_config(&config.templates, &url_builder).await?; let templates = templates_from_config(&config.templates, &url_builder).await?;

4
crates/config/src/sections/http.rs
View File

@ -326,6 +326,9 @@ pub struct HttpConfig {
/// Public URL base from where the authentication service is reachable /// Public URL base from where the authentication service is reachable
pub public_base: Url, pub public_base: Url,
/// OIDC issuer URL. Defaults to `public_base` if not set.
pub issuer: Option<Url>,
} }
impl Default for HttpConfig { impl Default for HttpConfig {
@ -364,6 +367,7 @@ impl Default for HttpConfig {
}], }],
}, },
], ],
issuer: Some(default_public_base()),
public_base: default_public_base(), public_base: default_public_base(),
} }
} }

2
crates/handlers/src/test_utils.rs
View File

@ -110,7 +110,7 @@ impl TestState {
.join("..") .join("..")
.join(".."); .join("..");
let url_builder = UrlBuilder::new("https://example.com/".parse()?); let url_builder = UrlBuilder::new("https://example.com/".parse()?, None);
let templates = let templates =
Templates::load(workspace_root.join("templates"), url_builder.clone()).await?; Templates::load(workspace_root.join("templates"), url_builder.clone()).await?;

12
crates/router/src/url_builder.rs
View File

@ -22,6 +22,7 @@ use crate::traits::Route;
#[derive(Clone, Debug, PartialEq, Eq)] #[derive(Clone, Debug, PartialEq, Eq)]
pub struct UrlBuilder { pub struct UrlBuilder {
base: Url, base: Url,
issuer: Url,
} }
impl UrlBuilder { impl UrlBuilder {
@ -41,20 +42,21 @@ impl UrlBuilder {
/// Create a new [`UrlBuilder`] from a base URL /// Create a new [`UrlBuilder`] from a base URL
#[must_use] #[must_use]
pub fn new(base: Url) -> Self { pub fn new(base: Url, issuer: Option<Url>) -> Self {
Self { base } let issuer = issuer.unwrap_or_else(|| base.clone());
Self { base, issuer }
} }
/// OIDC issuer /// OIDC issuer
#[must_use] #[must_use]
pub fn oidc_issuer(&self) -> Url { pub fn oidc_issuer(&self) -> Url {
self.base.clone() self.issuer.clone()
} }
/// OIDC dicovery document URL /// OIDC discovery document URL
#[must_use] #[must_use]
pub fn oidc_discovery(&self) -> Url { pub fn oidc_discovery(&self) -> Url {
self.url_for(&crate::endpoints::OidcConfiguration) crate::endpoints::OidcConfiguration.absolute_url(&self.issuer)
} }
/// OAuth 2.0 authorization endpoint /// OAuth 2.0 authorization endpoint

2
crates/templates/src/lib.rs
View File

@ -305,7 +305,7 @@ mod tests {
let mut rng = rand::thread_rng(); let mut rng = rand::thread_rng();
let path = Utf8Path::new(env!("CARGO_MANIFEST_DIR")).join("../../templates/"); let path = Utf8Path::new(env!("CARGO_MANIFEST_DIR")).join("../../templates/");
let url_builder = UrlBuilder::new("https://example.com/".parse().unwrap()); let url_builder = UrlBuilder::new("https://example.com/".parse().unwrap(), None);
let templates = Templates::load(path, url_builder).await.unwrap(); let templates = Templates::load(path, url_builder).await.unwrap();
templates.check_render(now, &mut rng).await.unwrap(); templates.check_render(now, &mut rng).await.unwrap();
} }

6
docs/config.schema.json
View File

@ -59,6 +59,7 @@
"http": { "http": {
"description": "Configuration of the HTTP server", "description": "Configuration of the HTTP server",
"default": { "default": {
"issuer": "http://[::]:8080/",
"listeners": [ "listeners": [
{ {
"binds": [ "binds": [
@ -787,6 +788,11 @@
"public_base" "public_base"
], ],
"properties": { "properties": {
"issuer": {
"description": "OIDC issuer URL. Defaults to `public_base` if not set.",
"type": "string",
"format": "uri"
},
"listeners": { "listeners": {
"description": "List of listeners to run", "description": "List of listeners to run",
"default": [], "default": [],