matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity

Store the browser user-agent when starting a browser session

Browse Source
This commit is contained in:
Quentin Gliech
2023-08-29 16:45:42 +02:00
parent 1849b86a7d
commit 5d3b8cd92f
16 changed files with 87 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/handlers/src/graphql/tests.rs
View File

@@ -84,7 +84,7 @@ async fn start_oauth_session(
let browser_session = repo
.browser_session()
.add(&mut rng, &state.clock, user)
.add(&mut rng, &state.clock, user, None)
.await
.unwrap();

2
crates/handlers/src/oauth2/introspection.rs
View File

@@ -421,7 +421,7 @@ mod tests {
let browser_session = repo
.browser_session()
.add(&mut state.rng(), &state.clock, &user)
.add(&mut state.rng(), &state.clock, &user, None)
.await
.unwrap();

2
crates/handlers/src/oauth2/revoke.rs
View File

@@ -284,7 +284,7 @@ mod tests {
let browser_session = repo
.browser_session()
.add(&mut state.rng(), &state.clock, &user)
.add(&mut state.rng(), &state.clock, &user, None)
.await
.unwrap();

4
crates/handlers/src/oauth2/token.rs
View File

@@ -464,7 +464,7 @@ mod tests {
let browser_session = repo
.browser_session()
.add(&mut state.rng(), &state.clock, &user)
.add(&mut state.rng(), &state.clock, &user, None)
.await
.unwrap();
@@ -672,7 +672,7 @@ mod tests {
let browser_session = repo
.browser_session()
.add(&mut state.rng(), &state.clock, &user)
.add(&mut state.rng(), &state.clock, &user, None)
.await
.unwrap();

15
crates/handlers/src/upstream_oauth2/link.rs
View File

@@ -15,7 +15,7 @@
use axum::{
extract::{Path, State},
response::{Html, IntoResponse},
Form,
Form, TypedHeader,
};
use hyper::StatusCode;
use mas_axum_utils::{
@@ -170,8 +170,10 @@ pub(crate) async fn get(
mut repo: BoxRepository,
State(templates): State<Templates>,
cookie_jar: CookieJar,
user_agent: Option<TypedHeader<headers::UserAgent>>,
Path(link_id): Path<Ulid>,
) -> Result<impl IntoResponse, RouteError> {
let user_agent = user_agent.map(|ua| ua.as_str().to_owned());
let sessions_cookie = UpstreamSessionsCookie::load(&cookie_jar);
let (session_id, post_auth_action) = sessions_cookie
.lookup_link(link_id)
@@ -264,7 +266,10 @@ pub(crate) async fn get(
.filter(mas_data_model::User::is_valid)
.ok_or(RouteError::UserNotFound)?;
let session = repo.browser_session().add(&mut rng, &clock, &user).await?;
let session = repo
.browser_session()
.add(&mut rng, &clock, &user, user_agent)
.await?;
let upstream_session = repo
.upstream_oauth_session()
@@ -352,9 +357,11 @@ pub(crate) async fn post(
clock: BoxClock,
mut repo: BoxRepository,
cookie_jar: CookieJar,
user_agent: Option<TypedHeader<headers::UserAgent>>,
Path(link_id): Path<Ulid>,
Form(form): Form<ProtectedForm<FormData>>,
) -> Result<impl IntoResponse, RouteError> {
let user_agent = user_agent.map(|ua| ua.as_str().to_owned());
let form = cookie_jar.verify_form(&clock, form)?;
let sessions_cookie = UpstreamSessionsCookie::load(&cookie_jar);
@@ -503,7 +510,9 @@ pub(crate) async fn post(
.associate_to_user(&link, &user)
.await?;
repo.browser_session().add(&mut rng, &clock, &user).await?
repo.browser_session()
.add(&mut rng, &clock, &user, user_agent)
.await?
}
_ => return Err(RouteError::InvalidFormAction),

8
crates/handlers/src/views/login.rs
View File

@@ -15,7 +15,9 @@
use axum::{
extract::{Form, Query, State},
response::{Html, IntoResponse, Response},
TypedHeader,
};
use headers::UserAgent;
use hyper::StatusCode;
use mas_axum_utils::{
cookies::CookieJar,
@@ -109,8 +111,10 @@ pub(crate) async fn post(
mut repo: BoxRepository,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: CookieJar,
user_agent: Option<TypedHeader<UserAgent>>,
Form(form): Form<ProtectedForm<LoginForm>>,
) -> Result<Response, FancyError> {
let user_agent = user_agent.map(|ua| ua.as_str().to_owned());
if !password_manager.is_enabled() {
// XXX: is it necessary to have better errors here?
return Ok(StatusCode::METHOD_NOT_ALLOWED.into_response());
@@ -158,6 +162,7 @@ pub(crate) async fn post(
&clock,
&form.username,
&form.password,
user_agent,
)
.await
{
@@ -193,6 +198,7 @@ async fn login(
clock: &impl Clock,
username: &str,
password: &str,
user_agent: Option<String>,
) -> Result<BrowserSession, FormError> {
// XXX: we're loosing the error context here
// First, lookup the user
@@ -245,7 +251,7 @@ async fn login(
// Start a new session
let user_session = repo
.browser_session()
.add(&mut rng, clock, &user)
.add(&mut rng, clock, &user, user_agent)
.await
.map_err(|_| FormError::Internal)?;

9
crates/handlers/src/views/register.rs
View File

@@ -17,7 +17,9 @@ use std::{str::FromStr, sync::Arc};
use axum::{
extract::{Form, Query, State},
response::{Html, IntoResponse, Response},
TypedHeader,
};
use headers::UserAgent;
use hyper::StatusCode;
use lettre::Address;
use mas_axum_utils::{
@@ -104,8 +106,10 @@ pub(crate) async fn post(
mut repo: BoxRepository,
Query(query): Query<OptionalPostAuthAction>,
cookie_jar: CookieJar,
user_agent: Option<TypedHeader<UserAgent>>,
Form(form): Form<ProtectedForm<RegisterForm>>,
) -> Result<Response, FancyError> {
let user_agent = user_agent.map(|ua| ua.as_str().to_owned());
if !password_manager.is_enabled() {
return Ok(StatusCode::METHOD_NOT_ALLOWED.into_response());
}
@@ -206,7 +210,10 @@ pub(crate) async fn post(
let next = mas_router::AccountVerifyEmail::new(user_email.id).and_maybe(query.post_auth_action);
let session = repo.browser_session().add(&mut rng, &clock, &user).await?;
let session = repo
.browser_session()
.add(&mut rng, &clock, &user, user_agent)
.await?;
repo.browser_session()
.authenticate_with_password(&mut rng, &clock, &session, &user_password)