diff options
author | Jesse Luehrs <doy@tozt.net> | 2019-11-27 13:48:55 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2019-11-27 15:19:46 -0500 |
commit | 92bf64ce74050545c96694c8d34202b1546ab390 (patch) | |
tree | bb76a25b57188360274fb5d580f56ffaabd7cc4a /teleterm/src/server.rs | |
parent | 2bb014f580863f28ecbbea68a2b0aeaa815dc8ca (diff) | |
download | teleterm-92bf64ce74050545c96694c8d34202b1546ab390.tar.gz teleterm-92bf64ce74050545c96694c8d34202b1546ab390.zip |
rethink how oauth logins need to work
i can't exchange refresh tokens for access tokens without knowing the
webface oauth configuration either, so this strategy also won't work.
the server actually needs to only receive access tokens, and request the
web server to refresh them as needed.
Diffstat (limited to 'teleterm/src/server.rs')
-rw-r--r-- | teleterm/src/server.rs | 72 |
1 files changed, 10 insertions, 62 deletions
diff --git a/teleterm/src/server.rs b/teleterm/src/server.rs index 2215319..71a8ac4 100644 --- a/teleterm/src/server.rs +++ b/teleterm/src/server.rs @@ -383,6 +383,7 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> crate::error::AuthTypeMissingOauthConfig { ty }, )?; let (refresh, client) = match oauth { + // XXX handle this differently based on auth_client too crate::protocol::Auth::RecurseCenter { id, .. } => ( id.is_some(), ty.oauth_client( @@ -426,10 +427,10 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> // XXX unwrap here isn't super safe let refresh_token = refresh_token.unwrap(); client - .get_tokens_from_refresh_token( + .get_access_token_from_refresh_token( refresh_token.trim(), ) - .and_then(|(access_token, _)| { + .and_then(|access_token| { client.get_username_from_access_token( &access_token, ) @@ -455,7 +456,7 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> let authorize_url = client.generate_authorize_url(); let user_id = client.user_id().to_string(); conn.send_message( - crate::protocol::Message::oauth_request( + crate::protocol::Message::oauth_cli_request( &authorize_url, &user_id, ), @@ -596,7 +597,7 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> Ok(()) } - fn handle_message_oauth_response_code( + fn handle_message_oauth_cli_response( &mut self, conn: &mut Connection<S>, code: &str, @@ -612,14 +613,14 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> > { let client = conn.oauth_client.take().ok_or_else(|| { Error::UnexpectedMessage { - message: crate::protocol::Message::oauth_response_code(code), + message: crate::protocol::Message::oauth_cli_response(code), } })?; let term_info = conn.state.term_info().unwrap().clone(); let fut = client - .get_tokens_from_auth_code(code) - .and_then(|(access_token, _)| { + .get_access_token_from_auth_code(code) + .and_then(|access_token| { client.get_username_from_access_token(&access_token) }) .map(|username| { @@ -635,51 +636,6 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> Ok(Some(Box::new(fut))) } - fn handle_message_oauth_response_token( - &mut self, - conn: &mut Connection<S>, - access_token: &str, - refresh_token: &str, - ) -> Result< - Option< - Box< - dyn futures::Future< - Item = (ConnectionState, crate::protocol::Message), - Error = Error, - > + Send, - >, - >, - > { - let client = conn.oauth_client.take().ok_or_else(|| { - Error::UnexpectedMessage { - message: crate::protocol::Message::oauth_response_token( - access_token, - refresh_token, - ), - } - })?; - - let term_info = conn.state.term_info().unwrap().clone(); - let access_token = access_token.to_string(); - let fut = client.save_tokens(&access_token, refresh_token).and_then( - move |_| { - client.get_username_from_access_token(&access_token).map( - |username| { - ( - ConnectionState::LoggedIn { - term_info, - username: username.clone(), - }, - crate::protocol::Message::logged_in(&username), - ) - }, - ) - }, - ); - - Ok(Some(Box::new(fut))) - } - fn handle_accepted_message( &mut self, conn: &mut Connection<S>, @@ -720,17 +676,9 @@ impl<S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Send + 'static> >, > { match message { - crate::protocol::Message::OauthResponseCode { code } => { - self.handle_message_oauth_response_code(conn, &code) + crate::protocol::Message::OauthCliResponse { code } => { + self.handle_message_oauth_cli_response(conn, &code) } - crate::protocol::Message::OauthResponseToken { - access_token, - refresh_token, - } => self.handle_message_oauth_response_token( - conn, - &access_token, - &refresh_token, - ), m => Err(Error::UnauthenticatedMessage { message: m }), } } |