matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity

Move clients to the database

Browse Source
This commit is contained in:
Quentin Gliech
2022-03-08 17:33:25 +01:00
parent 19a81afe51
commit 62f633a716
33 changed files with 1926 additions and 867 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
crates/config/src/sections/clients.rs
View File

@@ -15,15 +15,12 @@
use std::ops::{Deref, DerefMut};
use async_trait::async_trait;
use futures_util::future::Either;
use http::Request;
use mas_http::HttpServiceExt;
use mas_jose::{DynamicJwksStore, JsonWebKeySet, StaticJwksStore, VerifyingKeystore};
use mas_iana::oauth::OAuthClientAuthenticationMethod;
use mas_jose::JsonWebKeySet;
use schemars::JsonSchema;
use serde::{Deserialize, Serialize};
use serde_with::skip_serializing_none;
use thiserror::Error;
use tower::{BoxError, ServiceExt};
use url::Url;
use super::ConfigurationSection;
@@ -35,41 +32,6 @@ pub enum JwksOrJwksUri {
JwksUri(Url),
}
impl JwksOrJwksUri {
pub fn key_store(&self) -> Either<StaticJwksStore, DynamicJwksStore> {
// Assert that the output is both a VerifyingKeystore and Send
fn assert<T: Send + VerifyingKeystore>(t: T) -> T {
t
}
let inner = match self {
Self::Jwks(jwks) => Either::Left(StaticJwksStore::new(jwks.clone())),
Self::JwksUri(uri) => {
let uri = uri.clone();
// TODO: get the client from somewhere else?
let exporter = mas_http::client("fetch-jwks")
.json::<JsonWebKeySet>()
.map_request(move |_: ()| {
Request::builder()
.method("GET")
// TODO: change the Uri type in config to avoid reparsing here
.uri(uri.to_string())
.body(http_body::Empty::new())
.unwrap()
})
.map_response(http::Response::into_body)
.map_err(BoxError::from)
.boxed_clone();
Either::Right(DynamicJwksStore::new(exporter))
}
};
assert(inner)
}
}
impl From<JsonWebKeySet> for JwksOrJwksUri {
fn from(jwks: JsonWebKeySet) -> Self {
Self::Jwks(jwks)
@@ -131,24 +93,53 @@ pub struct InvalidRedirectUriError;
impl ClientConfig {
#[doc(hidden)]
pub fn resolve_redirect_uri<'a>(
&'a self,
suggested_uri: &'a Option<Url>,
) -> Result<&'a Url, InvalidRedirectUriError> {
suggested_uri.as_ref().map_or_else(
|| self.redirect_uris.get(0).ok_or(InvalidRedirectUriError),
|suggested_uri| self.check_redirect_uri(suggested_uri),
)
#[must_use]
pub fn client_secret(&self) -> Option<&str> {
match &self.client_auth_method {
ClientAuthMethodConfig::ClientSecretPost { client_secret }
| ClientAuthMethodConfig::ClientSecretBasic { client_secret }
| ClientAuthMethodConfig::ClientSecretJwt { client_secret } => Some(client_secret),
_ => None,
}
}
fn check_redirect_uri<'a>(
&self,
redirect_uri: &'a Url,
) -> Result<&'a Url, InvalidRedirectUriError> {
if self.redirect_uris.contains(redirect_uri) {
Ok(redirect_uri)
} else {
Err(InvalidRedirectUriError)
#[doc(hidden)]
#[must_use]
pub fn client_auth_method(&self) -> OAuthClientAuthenticationMethod {
match &self.client_auth_method {
ClientAuthMethodConfig::None => OAuthClientAuthenticationMethod::None,
ClientAuthMethodConfig::ClientSecretBasic { .. } => {
OAuthClientAuthenticationMethod::ClientSecretBasic
}
ClientAuthMethodConfig::ClientSecretPost { .. } => {
OAuthClientAuthenticationMethod::ClientSecretPost
}
ClientAuthMethodConfig::ClientSecretJwt { .. } => {
OAuthClientAuthenticationMethod::ClientSecretJwt
}
ClientAuthMethodConfig::PrivateKeyJwt(_) => {
OAuthClientAuthenticationMethod::PrivateKeyJwt
}
}
}
#[doc(hidden)]
#[must_use]
pub fn jwks(&self) -> Option<&JsonWebKeySet> {
match &self.client_auth_method {
ClientAuthMethodConfig::PrivateKeyJwt(JwksOrJwksUri::Jwks(jwks)) => Some(jwks),
_ => None,
}
}
#[doc(hidden)]
#[must_use]
pub fn jwks_uri(&self) -> Option<&Url> {
match &self.client_auth_method {
ClientAuthMethodConfig::PrivateKeyJwt(JwksOrJwksUri::JwksUri(jwks_uri)) => {
Some(jwks_uri)
}
_ => None,
}
}
}