Better data-model for compat sessions & devices

2025-11-21 23:00:50 +03:00 · 2022-05-18 14:03:14 +02:00
parent 33204b7cf8
commit c4fa87e457
9 changed files with 212 additions and 163 deletions
--- a/crates/handlers/src/oauth2/authorization/mod.rs
+++ b/crates/handlers/src/oauth2/authorization/mod.rs
@@ -21,7 +21,7 @@ use axum_extra::extract::PrivateCookieJar;
 use hyper::StatusCode;
 use mas_axum_utils::SessionInfoExt;
 use mas_config::Encrypter;
-use mas_data_model::{AuthorizationCode, Pkce};
+use mas_data_model::{AuthorizationCode, Device, Pkce};
 use mas_iana::oauth::OAuthAuthorizationEndpointResponseType;
 use mas_router::{PostAuthAction, Route};
 use mas_storage::oauth2::{
@@ -38,7 +38,6 @@ use oauth2_types::{
    pkce,
    prelude::*,
    requests::{AuthorizationRequest, GrantType, Prompt, ResponseMode},
-    scope::ScopeToken,
 };
 use rand::{distributions::Alphanumeric, thread_rng, Rng};
 use serde::Deserialize;
@@ -252,15 +251,8 @@ pub(crate) async fn get(
            };

            // Generate the device ID
-            // TODO: this should probably be done somewhere else?
-            let device_id: String = thread_rng()
-                .sample_iter(&Alphanumeric)
-                .take(10)
-                .map(char::from)
-                .collect();
-            let device_scope: ScopeToken = format!("urn:matrix:device:{}", device_id)
-                .parse()
-                .context("could not parse generated device scope")?;
+            let device = Device::generate(&mut thread_rng());
+            let device_scope = device.to_scope_token();

            let scope = {
                let mut s = params.auth.scope.clone();
--- a/crates/handlers/src/oauth2/introspection.rs
+++ b/crates/handlers/src/oauth2/introspection.rs
@@ -26,10 +26,7 @@ use mas_storage::{
        refresh_token::{lookup_active_refresh_token, RefreshTokenLookupError},
    },
 };
-use oauth2_types::{
-    requests::{IntrospectionRequest, IntrospectionResponse},
-    scope::ScopeToken,
-};
+use oauth2_types::requests::{IntrospectionRequest, IntrospectionResponse};
 use sqlx::PgPool;
 use thiserror::Error;

@@ -217,28 +214,29 @@ pub(crate) async fn post(
            }
        }
        TokenType::CompatAccessToken => {
-            let (token, user) = lookup_active_compat_access_token(&mut conn, token).await?;
+            let (token, session) = lookup_active_compat_access_token(&mut conn, token).await?;

-            let device_scope: ScopeToken = format!("urn:matrix:device:{}", token.device_id)
-                .parse()
-                .unwrap();
+            let device_scope = session.device.to_scope_token();
            let scope = [device_scope].into_iter().collect();

            IntrospectionResponse {
                active: true,
                scope: Some(scope),
                client_id: Some("legacy".into()),
-                username: Some(user.username),
+                username: Some(session.user.username),
                token_type: Some(OAuthTokenTypeHint::AccessToken),
-                exp: None,
+                exp: token.exp(),
                iat: Some(token.created_at),
                nbf: Some(token.created_at),
-                sub: Some(user.sub),
+                sub: Some(session.user.sub),
                aud: None,
                iss: None,
                jti: None,
            }
        }
+        TokenType::CompatRefreshToken => {
+            todo!()
+        }
    };

    Ok(Json(reply))