matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Include "state" in authorization request errors

Browse Source
This commit is contained in:
Quentin Gliech
2021-09-17 18:13:30 +02:00
parent dc0d54aaf5
commit 1813984a1c
2 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
crates/core/src/handlers/oauth2/authorization.rs
View File

@ -69,6 +69,7 @@ use crate::{
struct PartialParams {
client_id: Option<String>,
redirect_uri: Option<String>,
state: Option<String>,
/*
response_type: Option<String>,
response_mode: Option<String>,
@ -81,6 +82,7 @@ enum ReplyOrBackToClient {
params: Value,
redirect_uri: Url,
response_mode: ResponseMode,
state: Option<String>,
},
Error(Box<dyn OAuth2Error>),
}
@ -88,6 +90,7 @@ enum ReplyOrBackToClient {
fn back_to_client<T>(
mut redirect_uri: Url,
response_mode: ResponseMode,
state: Option<String>,
params: T,
templates: &Templates,
) -> anyhow::Result<Box<dyn Reply>>
@ -99,6 +102,9 @@ where
#[serde(flatten, skip_serializing_if = "Option::is_none")]
existing: Option<HashMap<&'s str, &'s str>>,
#[serde(skip_serializing_if = "Option::is_none")]
state: Option<String>,
#[serde(flatten)]
params: T,
}
@ -110,7 +116,11 @@ where
.map(|qs| serde_urlencoded::from_str(qs))
.transpose()?;
let merged = AllParams { existing, params };
let merged = AllParams {
existing,
state,
params,
};
let new_qs = serde_urlencoded::to_string(merged)?;
@ -128,7 +138,11 @@ where
.map(|qs| serde_urlencoded::from_str(qs))
.transpose()?;
let merged = AllParams { existing, params };
let merged = AllParams {
existing,
state,
params,
};
let new_qs = serde_urlencoded::to_string(merged)?;
@ -230,17 +244,19 @@ async fn actually_reply(
clients: Vec<OAuth2ClientConfig>,
templates: Templates,
) -> Result<impl Reply, Rejection> {
let (redirect_uri, response_mode, params) = match rep {
let (redirect_uri, response_mode, state, params) = match rep {
ReplyOrBackToClient::Reply(r) => return Ok(r),
ReplyOrBackToClient::BackToClient {
redirect_uri,
response_mode,
params,
} => (redirect_uri, response_mode, params),
state,
} => (redirect_uri, response_mode, state, params),
ReplyOrBackToClient::Error(error) => {
let PartialParams {
client_id,
redirect_uri,
state,
..
} = q;
@ -271,12 +287,11 @@ async fn actually_reply(
let reply: ErrorResponse = error.into();
let reply = serde_json::to_value(&reply).wrap_error()?;
// TODO: resolve response mode
(redirect_uri.clone(), ResponseMode::Query, reply)
(redirect_uri.clone(), ResponseMode::Query, state, reply)
}
};
// TODO: we should include the state param in errors
back_to_client(redirect_uri, response_mode, params, &templates).wrap_error()
back_to_client(redirect_uri, response_mode, state, params, &templates).wrap_error()
}
async fn get(
@ -400,10 +415,7 @@ async fn step(
&& user_session.last_authd_at >= oauth2_session.max_auth_time()
{
// Yep! Let's complete the auth now
let mut params = AuthorizationResponse {
state: oauth2_session.state.clone(),
..AuthorizationResponse::default()
};
let mut params = AuthorizationResponse::default();
// Did they request an auth code?
if response_type.contains(&ResponseType::Code) {
@ -446,6 +458,7 @@ async fn step(
ReplyOrBackToClient::BackToClient {
redirect_uri,
response_mode,
state: oauth2_session.state.clone(),
params,
}
} else {

1
crates/oauth2-types/src/requests.rs
View File

@ -177,7 +177,6 @@ pub struct AuthorizationRequest {
#[derive(Serialize, Deserialize, Default)]
pub struct AuthorizationResponse<R> {
pub code: Option<String>,
pub state: Option<String>,
#[serde(flatten)]
pub response: R,
}