matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-29 22:01:14 +03:00
Code Activity

Pass the claims import preferences on the storage layer

Browse Source
This commit is contained in:
Quentin Gliech
2023-06-22 12:40:04 +02:00
parent 31788a95f2
commit 9d5c2a40a1
7 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/cli/src/commands/manage.rs
View File

@ -15,7 +15,7 @@
use anyhow::Context; use anyhow::Context;
use clap::{Parser, ValueEnum}; use clap::{Parser, ValueEnum};
use mas_config::{DatabaseConfig, PasswordsConfig, RootConfig}; use mas_config::{DatabaseConfig, PasswordsConfig, RootConfig};
use mas_data_model::{Device, TokenType}; use mas_data_model::{Device, TokenType, UpstreamOAuthProviderClaimsImports};
use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod}; use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod};
use mas_router::UrlBuilder; use mas_router::UrlBuilder;
use mas_storage::{ use mas_storage::{
@ -375,6 +375,7 @@ impl Options {
token_endpoint_signing_alg, token_endpoint_signing_alg,
client_id.clone(), client_id.clone(),
encrypted_client_secret, encrypted_client_secret,
UpstreamOAuthProviderClaimsImports::default(),
) )
.await?; .await?;

1
crates/data-model/src/upstream_oauth2/mod.rs
View File

@ -20,6 +20,7 @@ pub use self::{
link::UpstreamOAuthLink, link::UpstreamOAuthLink,
provider::{ provider::{
ClaimsImports as UpstreamOAuthProviderClaimsImports, ClaimsImports as UpstreamOAuthProviderClaimsImports,
ImportAction as UpstreamOAuthProviderImportAction,
ImportPreference as UpstreamOAuthProviderImportPreference, UpstreamOAuthProvider, ImportPreference as UpstreamOAuthProviderImportPreference, UpstreamOAuthProvider,
}, },
session::{UpstreamOAuthAuthorizationSession, UpstreamOAuthAuthorizationSessionState}, session::{UpstreamOAuthAuthorizationSession, UpstreamOAuthAuthorizationSessionState},

2
crates/handlers/src/upstream_oauth2/link.rs
View File

@ -124,7 +124,7 @@ fn import_claim(
name: &'static str, name: &'static str,
value: Option<String>, value: Option<String>,
preference: &UpstreamOAuthProviderImportPreference, preference: &UpstreamOAuthProviderImportPreference,
mut run: impl FnMut(String, bool) -> (), mut run: impl FnMut(String, bool),
) -> Result<(), RouteError> { ) -> Result<(), RouteError> {
// If this claim is ignored, we don't need to do anything. // If this claim is ignored, we don't need to do anything.
if preference.ignore() { if preference.ignore() {

3
crates/handlers/src/views/login.rs
View File

@ -284,6 +284,7 @@ mod test {
header::{CONTENT_TYPE, LOCATION}, header::{CONTENT_TYPE, LOCATION},
Request, StatusCode, Request, StatusCode,
}; };
use mas_data_model::UpstreamOAuthProviderClaimsImports;
use mas_iana::oauth::OAuthClientAuthenticationMethod; use mas_iana::oauth::OAuthClientAuthenticationMethod;
use mas_router::Route; use mas_router::Route;
use mas_storage::{upstream_oauth2::UpstreamOAuthProviderRepository, RepositoryAccess}; use mas_storage::{upstream_oauth2::UpstreamOAuthProviderRepository, RepositoryAccess};
@ -326,6 +327,7 @@ mod test {
None, None,
"first_client".into(), "first_client".into(),
None, None,
UpstreamOAuthProviderClaimsImports::default(),
) )
.await .await
.unwrap(); .unwrap();
@ -350,6 +352,7 @@ mod test {
None, None,
"second_client".into(), "second_client".into(),
None, None,
UpstreamOAuthProviderClaimsImports::default(),
) )
.await .await
.unwrap(); .unwrap();

3
crates/storage-pg/src/upstream_oauth2/mod.rs
View File

@ -27,6 +27,7 @@ pub use self::{
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use chrono::Duration; use chrono::Duration;
use mas_data_model::UpstreamOAuthProviderClaimsImports;
use mas_storage::{ use mas_storage::{
clock::MockClock, clock::MockClock,
upstream_oauth2::{ upstream_oauth2::{
@ -64,6 +65,7 @@ mod tests {
None, None,
"client-id".to_owned(), "client-id".to_owned(),
None, None,
UpstreamOAuthProviderClaimsImports::default(),
) )
.await .await
.unwrap(); .unwrap();
@ -207,6 +209,7 @@ mod tests {
None, None,
client_id, client_id,
None, None,
UpstreamOAuthProviderClaimsImports::default(),
) )
.await .await
.unwrap(); .unwrap();

3
crates/storage-pg/src/upstream_oauth2/provider.rs
View File

@ -163,13 +163,12 @@ impl<'c> UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'
token_endpoint_signing_alg: Option<JsonWebSignatureAlg>, token_endpoint_signing_alg: Option<JsonWebSignatureAlg>,
client_id: String, client_id: String,
encrypted_client_secret: Option<String>, encrypted_client_secret: Option<String>,
claims_imports: UpstreamOAuthProviderClaimsImports,
) -> Result<UpstreamOAuthProvider, Self::Error> { ) -> Result<UpstreamOAuthProvider, Self::Error> {
let created_at = clock.now(); let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), rng); let id = Ulid::from_datetime_with_source(created_at.into(), rng);
tracing::Span::current().record("upstream_oauth_provider.id", tracing::field::display(id)); tracing::Span::current().record("upstream_oauth_provider.id", tracing::field::display(id));
let claims_imports = UpstreamOAuthProviderClaimsImports::default();
sqlx::query!( sqlx::query!(
r#" r#"
INSERT INTO upstream_oauth_providers ( INSERT INTO upstream_oauth_providers (

8
crates/storage/src/upstream_oauth2/provider.rs
View File

@ -13,7 +13,7 @@
// limitations under the License. // limitations under the License.
use async_trait::async_trait; use async_trait::async_trait;
use mas_data_model::UpstreamOAuthProvider; use mas_data_model::{UpstreamOAuthProvider, UpstreamOAuthProviderClaimsImports};
use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod}; use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod};
use oauth2_types::scope::Scope; use oauth2_types::scope::Scope;
use rand_core::RngCore; use rand_core::RngCore;
@ -58,6 +58,8 @@ pub trait UpstreamOAuthProviderRepository: Send + Sync {
/// * `client_id`: The client ID to use when authenticating to the upstream /// * `client_id`: The client ID to use when authenticating to the upstream
/// * `encrypted_client_secret`: The encrypted client secret to use when /// * `encrypted_client_secret`: The encrypted client secret to use when
/// authenticating to the upstream /// authenticating to the upstream
/// * `claims_imports`: How claims should be imported from the upstream
/// provider
/// ///
/// # Errors /// # Errors
/// ///
@ -73,6 +75,7 @@ pub trait UpstreamOAuthProviderRepository: Send + Sync {
token_endpoint_signing_alg: Option<JsonWebSignatureAlg>, token_endpoint_signing_alg: Option<JsonWebSignatureAlg>,
client_id: String, client_id: String,
encrypted_client_secret: Option<String>, encrypted_client_secret: Option<String>,
claims_imports: UpstreamOAuthProviderClaimsImports,
) -> Result<UpstreamOAuthProvider, Self::Error>; ) -> Result<UpstreamOAuthProvider, Self::Error>;
/// Get a paginated list of upstream OAuth providers /// Get a paginated list of upstream OAuth providers
@ -109,7 +112,8 @@ repository_impl!(UpstreamOAuthProviderRepository:
token_endpoint_auth_method: OAuthClientAuthenticationMethod, token_endpoint_auth_method: OAuthClientAuthenticationMethod,
token_endpoint_signing_alg: Option<JsonWebSignatureAlg>, token_endpoint_signing_alg: Option<JsonWebSignatureAlg>,
client_id: String, client_id: String,
encrypted_client_secret: Option<String> encrypted_client_secret: Option<String>,
claims_imports: UpstreamOAuthProviderClaimsImports
) -> Result<UpstreamOAuthProvider, Self::Error>; ) -> Result<UpstreamOAuthProvider, Self::Error>;
async fn list_paginated( async fn list_paginated(