matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Generate a scope with a random device ID

Browse Source
This commit is contained in:
Quentin Gliech
2021-11-22 14:06:25 +01:00
parent 6a69ef8456
commit 5a4d3f6c94
2 changed files with 32 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/core/src/handlers/oauth2/authorization.rs
View File

@ -35,6 +35,7 @@ use oauth2_types::{
AccessTokenResponse, AuthorizationRequest, AuthorizationResponse, ResponseMode, AccessTokenResponse, AuthorizationRequest, AuthorizationResponse, ResponseMode,
ResponseType, ResponseType,
}, },
scope::ScopeToken,
}; };
use rand::{distributions::Alphanumeric, thread_rng, Rng}; use rand::{distributions::Alphanumeric, thread_rng, Rng};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -353,11 +354,27 @@ async fn get(
None None
}; };
// Generate the device ID
// TODO: this should probably be done somewhere else?
let device_id: String = thread_rng()
.sample_iter(&Alphanumeric)
.take(10)
.map(char::from)
.collect();
let device_scope: ScopeToken = format!("urn:matrix:device:{}", device_id)
.parse()
.wrap_error()?;
let scope = {
let mut s = params.auth.scope.clone();
s.insert(device_scope);
s
};
let grant = new_authorization_grant( let grant = new_authorization_grant(
&mut txn, &mut txn,
client.client_id.clone(), client.client_id.clone(),
redirect_uri.clone(), redirect_uri.clone(),
params.auth.scope, scope,
code, code,
params.auth.state, params.auth.state,
params.auth.nonce, params.auth.nonce,

21
crates/oauth2-types/src/scope.rs
View File

@ -28,17 +28,20 @@ pub struct InvalidScope;
pub struct ScopeToken(Cow<'static, str>); pub struct ScopeToken(Cow<'static, str>);
impl ScopeToken { impl ScopeToken {
const fn well_known(token: &'static str) -> Self { /// Create a `ScopeToken` from a static string. The validity of it is not
/// checked since it has to be valid in const contexts
#[must_use]
pub const fn from_static(token: &'static str) -> Self {
Self(Cow::Borrowed(token)) Self(Cow::Borrowed(token))
} }
} }
pub const OPENID: ScopeToken = ScopeToken::well_known("openid"); pub const OPENID: ScopeToken = ScopeToken::from_static("openid");
pub const PROFILE: ScopeToken = ScopeToken::well_known("profile"); pub const PROFILE: ScopeToken = ScopeToken::from_static("profile");
pub const EMAIL: ScopeToken = ScopeToken::well_known("email"); pub const EMAIL: ScopeToken = ScopeToken::from_static("email");
pub const ADDRESS: ScopeToken = ScopeToken::well_known("address"); pub const ADDRESS: ScopeToken = ScopeToken::from_static("address");
pub const PHONE: ScopeToken = ScopeToken::well_known("phone"); pub const PHONE: ScopeToken = ScopeToken::from_static("phone");
pub const OFFLINE_ACCESS: ScopeToken = ScopeToken::well_known("offline_access"); pub const OFFLINE_ACCESS: ScopeToken = ScopeToken::from_static("offline_access");
// As per RFC6749 appendix A: // As per RFC6749 appendix A:
// https://datatracker.ietf.org/doc/html/rfc6749#appendix-A // https://datatracker.ietf.org/doc/html/rfc6749#appendix-A
@ -114,6 +117,10 @@ impl Scope {
.map(|token| self.0.contains(&token)) .map(|token| self.0.contains(&token))
.unwrap_or(false) .unwrap_or(false)
} }
pub fn insert(&mut self, value: ScopeToken) -> bool {
self.0.insert(value)
}
} }
impl ToString for Scope { impl ToString for Scope {