Skip to content

Commit

Permalink
Review fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Timshel
Timshel committed Nov 28, 2023
1 parent 7a5191c commit 53a0d65
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 14 deletions.
2 changes: 1 addition & 1 deletion SSO.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ The following configurations are available
- `SSO_AUTHORITY` : the OpendID Connect Discovery endpoint of your SSO
- `SSO_CLIENT_ID` : Client Id
- `SSO_CLIENT_SECRET` : Client Secret
- `SSO_KEY_FILEPATH` : And optional public key that can be used to authenticate the SSO during the exchange flow.
- `SSO_KEY_FILEPATH` : Optional public key to validate the JWT token (without it signature check will not be done).

The callback url is : `https://your.domain/identity/connect/oidc-signin`

Expand Down
2 changes: 1 addition & 1 deletion src/api/core/accounts.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ pub struct SetPasswordData {
MasterPasswordHash: String,
MasterPasswordHint: Option<String>,
#[allow(dead_code)]
orgIdentifier: Option<String>,
OrgIdentifier: Option<String>,
}

#[derive(Deserialize, Debug)]
Expand Down
8 changes: 4 additions & 4 deletions src/api/core/organizations.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ async fn get_user_collections(headers: Headers, mut conn: DbConn) -> Json<Value>

// Called during the SSO enrollement
#[get("/organizations/<_identifier>/auto-enroll-status")]
fn get_auto_enroll_status(_identifier: String) -> JsonResult {
fn get_auto_enroll_status(_identifier: &str) -> JsonResult {
Ok(Json(json!({
"ResetPasswordEnabled": false, // Not implemented
})))
Expand Down Expand Up @@ -1686,14 +1686,14 @@ async fn list_policies_token(org_id: &str, token: &str, mut conn: DbConn) -> Jso
// Since the VW SSO flow is not linked to an organization it will be called with a dummy or undefinned `org_id`
#[allow(non_snake_case)]
#[get("/organizations/<org_id>/policies/invited-user?<userId>")]
async fn list_policies_invited_user(org_id: String, userId: String, mut conn: DbConn) -> JsonResult {
async fn list_policies_invited_user(org_id: &str, userId: &str, mut conn: DbConn) -> JsonResult {
if userId.is_empty() {
err!("userId must not be empty");
}

let user_orgs = UserOrganization::find_invited_by_user(&userId, &mut conn).await;
let user_orgs = UserOrganization::find_invited_by_user(userId, &mut conn).await;
let policies_json: Vec<Value> = if user_orgs.into_iter().any(|user_org| user_org.org_uuid == org_id) {
let policies = OrgPolicy::find_by_org(&org_id, &mut conn).await;
let policies = OrgPolicy::find_by_org(org_id, &mut conn).await;
policies.iter().map(OrgPolicy::to_json).collect()
} else {
vec![]
Expand Down
12 changes: 5 additions & 7 deletions src/api/identity.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,7 @@ async fn authenticated_response(
"KdfIterations": user.client_kdf_iter,
"KdfMemory": user.client_kdf_memory,
"KdfParallelism": user.client_kdf_parallelism,
"ResetMasterPassword": user.password_hash.is_empty(),
"ResetMasterPassword": false,// TODO: Same as above
"scope": scope,
"unofficialServer": true,
"UserDecryptionOptions": {
Expand Down Expand Up @@ -782,17 +782,16 @@ fn _check_is_some<T>(value: &Option<T>, msg: &str) -> EmptyResult {
}

#[get("/account/prevalidate")]
#[allow(non_snake_case)]
fn prevalidate() -> JsonResult {
let claims = generate_ssotoken_claims();
let ssotoken = encode_jwt(&claims);
let sso_token = encode_jwt(&claims);
Ok(Json(json!({
"token": ssotoken,
"token": sso_token,
})))
}

#[get("/connect/oidc-signin?<code>")]
fn oidcsignin(code: String, jar: &CookieJar<'_>, _conn: DbConn) -> ApiResult<CustomRedirect> {
fn oidcsignin(code: String, jar: &CookieJar<'_>) -> ApiResult<CustomRedirect> {
let cookiemanager = CookieManager::new(jar);
let redirect_uri = cookiemanager
.get_cookie("redirect_uri".to_string())
Expand All @@ -815,7 +814,6 @@ fn oidcsignin(code: String, jar: &CookieJar<'_>, _conn: DbConn) -> ApiResult<Cus
}

#[derive(FromForm)]
#[allow(non_snake_case)]
struct AuthorizeData {
#[allow(unused)]
#[field(name = uncased("client_id"))]
Expand Down Expand Up @@ -847,7 +845,7 @@ struct AuthorizeData {
domain_hint: Option<String>,
#[allow(unused)]
#[field(name = uncased("ssoToken"))]
ssoToken: Option<String>,
sso_token: Option<String>,
}

#[get("/connect/authorize?<data..>")]
Expand Down
2 changes: 1 addition & 1 deletion src/static/templates/email/send_org_invite.hbs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ Click here to join: {{url}}/#/accept-organization/?organizationId={{org_id}}&org


If you do not wish to join this organization, you can safely ignore this email.
{{> email/email_footer_text }}
{{> email/email_footer_text }}

0 comments on commit 53a0d65

Please sign in to comment.