Generate a scope with a random device ID

2025-07-31 09:24:31 +03:00 · 2021-11-22 14:06:25 +01:00
parent 6a69ef8456
commit 5a4d3f6c94
2 changed files with 32 additions and 8 deletions
--- a/crates/core/src/handlers/oauth2/authorization.rs
+++ b/crates/core/src/handlers/oauth2/authorization.rs
@ -35,6 +35,7 @@ use oauth2_types::{
        AccessTokenResponse, AuthorizationRequest, AuthorizationResponse, ResponseMode,
        ResponseType,
    },
+    scope::ScopeToken,
 };
 use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use serde::{Deserialize, Serialize};
@ -353,11 +354,27 @@ async fn get(
        None
    };

+    // Generate the device ID
+    // TODO: this should probably be done somewhere else?
+    let device_id: String = thread_rng()
+        .sample_iter(&Alphanumeric)
+        .take(10)
+        .map(char::from)
+        .collect();
+    let device_scope: ScopeToken = format!("urn:matrix:device:{}", device_id)
+        .parse()
+        .wrap_error()?;
+    let scope = {
+        let mut s = params.auth.scope.clone();
+        s.insert(device_scope);
+        s
+    };
+
    let grant = new_authorization_grant(
        &mut txn,
        client.client_id.clone(),
        redirect_uri.clone(),
-        params.auth.scope,
+        scope,
        code,
        params.auth.state,
        params.auth.nonce,
--- a/crates/oauth2-types/src/scope.rs
+++ b/crates/oauth2-types/src/scope.rs
@ -28,17 +28,20 @@ pub struct InvalidScope;
 pub struct ScopeToken(Cow<'static, str>);

 impl ScopeToken {
-    const fn well_known(token: &'static str) -> Self {
+    /// Create a `ScopeToken` from a static string. The validity of it is not
+    /// checked since it has to be valid in const contexts
+    #[must_use]
+    pub const fn from_static(token: &'static str) -> Self {
        Self(Cow::Borrowed(token))
    }
 }

-pub const OPENID: ScopeToken = ScopeToken::well_known("openid");
-pub const PROFILE: ScopeToken = ScopeToken::well_known("profile");
-pub const EMAIL: ScopeToken = ScopeToken::well_known("email");
-pub const ADDRESS: ScopeToken = ScopeToken::well_known("address");
-pub const PHONE: ScopeToken = ScopeToken::well_known("phone");
-pub const OFFLINE_ACCESS: ScopeToken = ScopeToken::well_known("offline_access");
+pub const OPENID: ScopeToken = ScopeToken::from_static("openid");
+pub const PROFILE: ScopeToken = ScopeToken::from_static("profile");
+pub const EMAIL: ScopeToken = ScopeToken::from_static("email");
+pub const ADDRESS: ScopeToken = ScopeToken::from_static("address");
+pub const PHONE: ScopeToken = ScopeToken::from_static("phone");
+pub const OFFLINE_ACCESS: ScopeToken = ScopeToken::from_static("offline_access");

 // As per RFC6749 appendix A:
 // https://datatracker.ietf.org/doc/html/rfc6749#appendix-A
@ -114,6 +117,10 @@ impl Scope {
            .map(|token| self.0.contains(&token))
            .unwrap_or(false)
    }
+
+    pub fn insert(&mut self, value: ScopeToken) -> bool {
+        self.0.insert(value)
+    }
 }

 impl ToString for Scope {