matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

data-model: simplify tokens

Browse Source
This commit is contained in:
Quentin Gliech
2022-12-06 15:36:39 +01:00
parent cff3125c19
commit dff2f98167
4 changed files with 25 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
crates/axum-utils/src/user_authorization.rs
View File

@ -56,10 +56,7 @@ impl AccessToken {
&self, &self,
conn: &mut PgConnection, conn: &mut PgConnection,
) -> Result< ) -> Result<
( (mas_data_model::AccessToken, Session<PostgresqlBackend>),
mas_data_model::AccessToken<PostgresqlBackend>,
Session<PostgresqlBackend>,
),
AuthorizationVerificationError, AuthorizationVerificationError,
> { > {
let token = match self { let token = match self {

38
crates/data-model/src/tokens.rs
View File

@ -17,47 +17,23 @@ use crc::{Crc, CRC_32_ISO_HDLC};
use mas_iana::oauth::OAuthTokenTypeHint; use mas_iana::oauth::OAuthTokenTypeHint;
use rand::{distributions::Alphanumeric, Rng}; use rand::{distributions::Alphanumeric, Rng};
use thiserror::Error; use thiserror::Error;
use ulid::Ulid;
use crate::traits::{StorageBackend, StorageBackendMarker};
#[derive(Debug, Clone, PartialEq, Eq)] #[derive(Debug, Clone, PartialEq, Eq)]
pub struct AccessToken<T: StorageBackend> { pub struct AccessToken {
pub data: T::AccessTokenData, pub id: Ulid,
pub jti: String, pub jti: String,
pub access_token: String, pub access_token: String,
pub created_at: DateTime<Utc>, pub created_at: DateTime<Utc>,
pub expires_at: DateTime<Utc>, pub expires_at: DateTime<Utc>,
} }
impl<S: StorageBackendMarker> From<AccessToken<S>> for AccessToken<()> { #[derive(Debug, Clone, PartialEq, Eq)]
fn from(t: AccessToken<S>) -> Self { pub struct RefreshToken {
AccessToken { pub id: Ulid,
data: (),
jti: t.jti,
access_token: t.access_token,
expires_at: t.expires_at,
created_at: t.created_at,
}
}
}
#[derive(Debug, Clone, PartialEq)]
pub struct RefreshToken<T: StorageBackend> {
pub data: T::RefreshTokenData,
pub refresh_token: String, pub refresh_token: String,
pub created_at: DateTime<Utc>, pub created_at: DateTime<Utc>,
pub access_token: Option<AccessToken<T>>, pub access_token: Option<AccessToken>,
}
impl<S: StorageBackendMarker> From<RefreshToken<S>> for RefreshToken<()> {
fn from(t: RefreshToken<S>) -> Self {
RefreshToken {
data: (),
refresh_token: t.refresh_token,
created_at: t.created_at,
access_token: t.access_token.map(Into::into),
}
}
} }
/// Type of token to generate or validate /// Type of token to generate or validate

14
crates/storage/src/oauth2/access_token.rs
View File

@ -41,7 +41,7 @@ pub async fn add_access_token(
session: &Session<PostgresqlBackend>, session: &Session<PostgresqlBackend>,
access_token: String, access_token: String,
expires_after: Duration, expires_after: Duration,
) -> Result<AccessToken<PostgresqlBackend>, anyhow::Error> { ) -> Result<AccessToken, anyhow::Error> {
let created_at = clock.now(); let created_at = clock.now();
let expires_at = created_at + expires_after; let expires_at = created_at + expires_after;
let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng); let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng);
@ -66,7 +66,7 @@ pub async fn add_access_token(
.context("could not insert oauth2 access token")?; .context("could not insert oauth2 access token")?;
Ok(AccessToken { Ok(AccessToken {
data: id, id,
access_token, access_token,
jti: id.to_string(), jti: id.to_string(),
created_at, created_at,
@ -113,7 +113,7 @@ impl LookupError for AccessTokenLookupError {
pub async fn lookup_active_access_token( pub async fn lookup_active_access_token(
conn: &mut PgConnection, conn: &mut PgConnection,
token: &str, token: &str,
) -> Result<(AccessToken<PostgresqlBackend>, Session<PostgresqlBackend>), AccessTokenLookupError> { ) -> Result<(AccessToken, Session<PostgresqlBackend>), AccessTokenLookupError> {
let res = sqlx::query_as!( let res = sqlx::query_as!(
OAuth2AccessTokenLookup, OAuth2AccessTokenLookup,
r#" r#"
@ -162,7 +162,7 @@ pub async fn lookup_active_access_token(
let id = Ulid::from(res.oauth2_access_token_id); let id = Ulid::from(res.oauth2_access_token_id);
let access_token = AccessToken { let access_token = AccessToken {
data: id, id,
jti: id.to_string(), jti: id.to_string(),
access_token: res.oauth2_access_token, access_token: res.oauth2_access_token,
created_at: res.oauth2_access_token_created_at, created_at: res.oauth2_access_token_created_at,
@ -228,13 +228,13 @@ pub async fn lookup_active_access_token(
#[tracing::instrument( #[tracing::instrument(
skip_all, skip_all,
fields(access_token.id = %access_token.data), fields(%access_token.id),
err(Debug), err(Debug),
)] )]
pub async fn revoke_access_token( pub async fn revoke_access_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
clock: &Clock, clock: &Clock,
access_token: AccessToken<PostgresqlBackend>, access_token: AccessToken,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let revoked_at = clock.now(); let revoked_at = clock.now();
let res = sqlx::query!( let res = sqlx::query!(
@ -243,7 +243,7 @@ pub async fn revoke_access_token(
SET revoked_at = $2 SET revoked_at = $2
WHERE oauth2_access_token_id = $1 WHERE oauth2_access_token_id = $1
"#, "#,
Uuid::from(access_token.data), Uuid::from(access_token.id),
revoked_at, revoked_at,
) )
.execute(executor) .execute(executor)

21
crates/storage/src/oauth2/refresh_token.rs
View File

@ -42,9 +42,9 @@ pub async fn add_refresh_token(
mut rng: impl Rng + Send, mut rng: impl Rng + Send,
clock: &Clock, clock: &Clock,
session: &Session<PostgresqlBackend>, session: &Session<PostgresqlBackend>,
access_token: AccessToken<PostgresqlBackend>, access_token: AccessToken,
refresh_token: String, refresh_token: String,
) -> anyhow::Result<RefreshToken<PostgresqlBackend>> { ) -> anyhow::Result<RefreshToken> {
let created_at = clock.now(); let created_at = clock.now();
let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng); let id = Ulid::from_datetime_with_source(created_at.into(), &mut rng);
tracing::Span::current().record("refresh_token.id", tracing::field::display(id)); tracing::Span::current().record("refresh_token.id", tracing::field::display(id));
@ -59,7 +59,7 @@ pub async fn add_refresh_token(
"#, "#,
Uuid::from(id), Uuid::from(id),
Uuid::from(session.data), Uuid::from(session.data),
Uuid::from(access_token.data), Uuid::from(access_token.id),
refresh_token, refresh_token,
created_at, created_at,
) )
@ -68,7 +68,7 @@ pub async fn add_refresh_token(
.context("could not insert oauth2 refresh token")?; .context("could not insert oauth2 refresh token")?;
Ok(RefreshToken { Ok(RefreshToken {
data: id, id,
refresh_token, refresh_token,
access_token: Some(access_token), access_token: Some(access_token),
created_at, created_at,
@ -117,8 +117,7 @@ impl LookupError for RefreshTokenLookupError {
pub async fn lookup_active_refresh_token( pub async fn lookup_active_refresh_token(
conn: &mut PgConnection, conn: &mut PgConnection,
token: &str, token: &str,
) -> Result<(RefreshToken<PostgresqlBackend>, Session<PostgresqlBackend>), RefreshTokenLookupError> ) -> Result<(RefreshToken, Session<PostgresqlBackend>), RefreshTokenLookupError> {
{
let res = sqlx::query_as!( let res = sqlx::query_as!(
OAuth2RefreshTokenLookup, OAuth2RefreshTokenLookup,
r#" r#"
@ -181,7 +180,7 @@ pub async fn lookup_active_refresh_token(
(Some(id), Some(access_token), Some(created_at), Some(expires_at)) => { (Some(id), Some(access_token), Some(created_at), Some(expires_at)) => {
let id = Ulid::from(id); let id = Ulid::from(id);
Some(AccessToken { Some(AccessToken {
data: id, id,
jti: id.to_string(), jti: id.to_string(),
access_token, access_token,
created_at, created_at,
@ -192,7 +191,7 @@ pub async fn lookup_active_refresh_token(
}; };
let refresh_token = RefreshToken { let refresh_token = RefreshToken {
data: res.oauth2_refresh_token_id.into(), id: res.oauth2_refresh_token_id.into(),
refresh_token: res.oauth2_refresh_token, refresh_token: res.oauth2_refresh_token,
created_at: res.oauth2_refresh_token_created_at, created_at: res.oauth2_refresh_token_created_at,
access_token, access_token,
@ -261,14 +260,14 @@ pub async fn lookup_active_refresh_token(
#[tracing::instrument( #[tracing::instrument(
skip_all, skip_all,
fields( fields(
refresh_token.id = %refresh_token.data, %refresh_token.id,
), ),
err(Debug), err(Debug),
)] )]
pub async fn consume_refresh_token( pub async fn consume_refresh_token(
executor: impl PgExecutor<'_>, executor: impl PgExecutor<'_>,
clock: &Clock, clock: &Clock,
refresh_token: &RefreshToken<PostgresqlBackend>, refresh_token: &RefreshToken,
) -> Result<(), anyhow::Error> { ) -> Result<(), anyhow::Error> {
let consumed_at = clock.now(); let consumed_at = clock.now();
let res = sqlx::query!( let res = sqlx::query!(
@ -277,7 +276,7 @@ pub async fn consume_refresh_token(
SET consumed_at = $2 SET consumed_at = $2
WHERE oauth2_refresh_token_id = $1 WHERE oauth2_refresh_token_id = $1
"#, "#,
Uuid::from(refresh_token.data), Uuid::from(refresh_token.id),
consumed_at, consumed_at,
) )
.execute(executor) .execute(executor)