storage: oauth2 session repository

2025-11-20 12:02:22 +03:00 · 2023-01-05 15:16:03 +01:00
parent e26f75246d
commit 603a26eabd
18 changed files with 307 additions and 227 deletions
--- a/crates/handlers/src/oauth2/authorization/complete.rs
+++ b/crates/handlers/src/oauth2/authorization/complete.rs
@@ -25,9 +25,13 @@ use mas_data_model::{AuthorizationGrant, BrowserSession};
 use mas_keystore::Encrypter;
 use mas_policy::PolicyFactory;
 use mas_router::{PostAuthAction, Route};
-use mas_storage::oauth2::{
-    authorization_grant::{derive_session, fulfill_grant, get_grant_by_id},
-    consent::fetch_client_consent,
+use mas_storage::{
+    oauth2::{
+        authorization_grant::{fulfill_grant, get_grant_by_id},
+        consent::fetch_client_consent,
+        OAuth2SessionRepository,
+    },
+    Repository,
 };
 use mas_templates::Templates;
 use oauth2_types::requests::{AccessTokenResponse, AuthorizationResponse};
@@ -193,7 +197,10 @@ pub(crate) async fn complete(
    }

    // All good, let's start the session
-    let session = derive_session(&mut txn, &mut rng, &clock, &grant, browser_session).await?;
+    let session = txn
+        .oauth2_session()
+        .create_from_grant(&mut rng, &clock, &grant, &browser_session)
+        .await?;

    let grant = fulfill_grant(&mut txn, grant, session.clone()).await?;

--- a/crates/handlers/src/oauth2/authorization/mod.rs
+++ b/crates/handlers/src/oauth2/authorization/mod.rs
@@ -26,7 +26,7 @@ use mas_keystore::Encrypter;
 use mas_policy::PolicyFactory;
 use mas_router::{PostAuthAction, Route};
 use mas_storage::{
-    oauth2::{authorization_grant::new_authorization_grant, client::OAuth2ClientRepository},
+    oauth2::{authorization_grant::new_authorization_grant, OAuth2ClientRepository},
    Repository,
 };
 use mas_templates::Templates;
--- a/crates/handlers/src/oauth2/registration.rs
+++ b/crates/handlers/src/oauth2/registration.rs
@@ -19,7 +19,7 @@ use hyper::StatusCode;
 use mas_iana::oauth::OAuthClientAuthenticationMethod;
 use mas_keystore::Encrypter;
 use mas_policy::{PolicyFactory, Violation};
-use mas_storage::{oauth2::client::OAuth2ClientRepository, Repository};
+use mas_storage::{oauth2::OAuth2ClientRepository, Repository};
 use oauth2_types::{
    errors::{ClientError, ClientErrorCode},
    registration::{
--- a/crates/handlers/src/oauth2/token.rs
+++ b/crates/handlers/src/oauth2/token.rs
@@ -35,8 +35,8 @@ use mas_storage::{
    oauth2::{
        access_token::{add_access_token, revoke_access_token},
        authorization_grant::{exchange_grant, lookup_grant_by_code},
-        end_oauth_session,
        refresh_token::{add_refresh_token, consume_refresh_token, lookup_active_refresh_token},
+        OAuth2SessionRepository,
    },
    user::BrowserSessionRepository,
    Repository,
@@ -234,7 +234,7 @@ async fn authorization_code_grant(
            // Ending the session if the token was already exchanged more than 20s ago
            if now - exchanged_at > Duration::seconds(20) {
                debug!("Ending potentially compromised session");
-                end_oauth_session(&mut txn, &clock, session).await?;
+                txn.oauth2_session().finish(&clock, session).await?;
                txn.commit().await?;
            }

--- a/crates/handlers/src/oauth2/userinfo.rs
+++ b/crates/handlers/src/oauth2/userinfo.rs
@@ -29,7 +29,7 @@ use mas_jose::{
 use mas_keystore::Keystore;
 use mas_router::UrlBuilder;
 use mas_storage::{
-    oauth2::client::OAuth2ClientRepository,
+    oauth2::OAuth2ClientRepository,
    user::{BrowserSessionRepository, UserEmailRepository},
    Repository,
 };