Record the user agent and IP in the device code grant

2025-08-09 04:22:45 +03:00 · 2024-02-02 16:54:56 +01:00
parent d39a1d29df
commit 17e968f7cc
14 changed files with 129 additions and 20 deletions
--- a/crates/handlers/src/activity_tracker/bound.rs
+++ b/crates/handlers/src/activity_tracker/bound.rs
@@ -33,6 +33,12 @@ impl Bound {
        Self { tracker, ip }
    }

+    /// Get the IP address bound to this activity tracker.
+    #[must_use]
+    pub fn ip(&self) -> Option<IpAddr> {
+        self.ip
+    }
+
    /// Record activity in an OAuth 2.0 session.
    pub async fn record_oauth2_session(&self, clock: &dyn Clock, session: &Session) {
        self.tracker
--- a/crates/handlers/src/oauth2/device/authorize.rs
+++ b/crates/handlers/src/oauth2/device/authorize.rs
@@ -14,7 +14,7 @@

 use axum::{extract::State, response::IntoResponse, Json, TypedHeader};
 use chrono::Duration;
-use headers::{CacheControl, Pragma};
+use headers::{CacheControl, Pragma, UserAgent};
 use hyper::StatusCode;
 use mas_axum_utils::{
    client_authorization::{ClientAuthorization, CredentialsVerificationError},
@@ -32,7 +32,7 @@ use oauth2_types::{
 use rand::distributions::{Alphanumeric, DistString};
 use thiserror::Error;

-use crate::impl_from_error_for_route;
+use crate::{impl_from_error_for_route, BoundActivityTracker};

 #[derive(Debug, Error)]
 pub(crate) enum RouteError {
@@ -84,6 +84,8 @@ pub(crate) async fn post(
    mut rng: BoxRng,
    clock: BoxClock,
    mut repo: BoxRepository,
+    user_agent: Option<TypedHeader<UserAgent>>,
+    activity_tracker: BoundActivityTracker,
    State(url_builder): State<UrlBuilder>,
    State(http_client_factory): State<HttpClientFactory>,
    State(encrypter): State<Encrypter>,
@@ -123,6 +125,9 @@ pub(crate) async fn post(

    let expires_in = Duration::minutes(20);

+    let user_agent = user_agent.map(|ua| ua.0.to_string());
+    let ip_address = activity_tracker.ip();
+
    let device_code = Alphanumeric.sample_string(&mut rng, 32);
    let user_code = Alphanumeric.sample_string(&mut rng, 6).to_uppercase();

@@ -137,6 +142,8 @@ pub(crate) async fn post(
                device_code,
                user_code,
                expires_in,
+                user_agent,
+                ip_address,
            },
        )
        .await?;