Rewrite the authorization grant logic

2025-07-29 22:01:14 +03:00 · 2022-05-06 17:12:16 +02:00
parent fbd774a9fd
commit 436c0dcb19
22 changed files with 1141 additions and 915 deletions
--- a/crates/data-model/src/oauth2/authorization_grant.rs
+++ b/crates/data-model/src/oauth2/authorization_grant.rs
@ -119,6 +119,14 @@ impl<T: StorageBackend> AuthorizationGrantStage<T> {
            _ => Err(InvalidTransitionError),
        }
    }
+
+    /// Returns `true` if the authorization grant stage is [`Pending`].
+    ///
+    /// [`Pending`]: AuthorizationGrantStage::Pending
+    #[must_use]
+    pub fn is_pending(&self) -> bool {
+        matches!(self, Self::Pending)
+    }
 }

 impl<S: StorageBackendMarker> From<AuthorizationGrantStage<S>> for AuthorizationGrantStage<()> {
@ -166,6 +174,7 @@ pub struct AuthorizationGrant<T: StorageBackend> {
    pub response_type_token: bool,
    pub response_type_id_token: bool,
    pub created_at: DateTime<Utc>,
+    pub requires_consent: bool,
 }

 impl<S: StorageBackendMarker> From<AuthorizationGrant<S>> for AuthorizationGrant<()> {
@ -185,6 +194,7 @@ impl<S: StorageBackendMarker> From<AuthorizationGrant<S>> for AuthorizationGrant
            response_type_token: g.response_type_token,
            response_type_id_token: g.response_type_id_token,
            created_at: g.created_at,
+            requires_consent: g.requires_consent,
        }
    }
 }
--- a/crates/data-model/src/users.rs
+++ b/crates/data-model/src/users.rs
@ -89,6 +89,16 @@ impl<S: StorageBackendMarker> From<BrowserSession<S>> for BrowserSession<()> {
    }
 }

+impl<S: StorageBackend> BrowserSession<S> {
+    pub fn was_authenticated_after(&self, after: DateTime<Utc>) -> bool {
+        if let Some(auth) = &self.last_authentication {
+            auth.created_at > after
+        } else {
+            false
+        }
+    }
+}
+
 impl<T: StorageBackend> BrowserSession<T>
 where
    T::BrowserSessionData: Default,