mirror/phylum
1
0
Fork 0
mirror of https://codeberg.org/shroff/phylum.git synced 2026-01-05 19:21:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

[server][auth] Tweak api key description

Browse Source
This commit is contained in:
Abhishek Shroff
2025-08-04 23:52:16 +05:30
parent 6af103613b
commit dc7ba98d48
4 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/internal/auth/openid.go
View File

@@ -25,7 +25,7 @@ const (
)
func OpenIDStart(db db.Handler, providerName, redirectURI string, clientType OpenIDClientType) (string, error) {
if clientID, endpoint, err := openid.GetProviderDetails(providerName); err != nil {
if clientID, endpoint, err := openid.GetClientDetails(providerName); err != nil {
return "", err
} else {
codeVerifier, codeChallenge := generateOpenIDPKCEChallenge()

10
server/internal/auth/openid/openid.go
View File

@@ -41,7 +41,15 @@ func Providers() []Provider {
return p
}
func GetProviderDetails(providerName string) (string, string, error) {
func GetProviderName(providerName string) (string, error) {
if c, ok := clients[providerName]; !ok {
return "", errors.New("OpenID provider not registered: " + providerName)
} else {
return c.Name, nil
}
}
func GetClientDetails(providerName string) (string, string, error) {
if c, ok := clients[providerName]; !ok {
return "", "", errors.New("OpenID provider not registered: " + providerName)
} else if config, err := getProviderConfig(c.IssuerURL); err != nil {

2
server/internal/auth/password_reset.go
View File

@@ -76,7 +76,7 @@ func ResetUserPassword(db db.TxHandler, email, resetToken, password string) (aut
}
auth = NewSUAuth(user)
_, _, apiToken, err = GenerateAPIKey(db, auth, "Login - Password Reset")
_, _, apiToken, err = GenerateAPIKey(db, auth, "Password Reset Login")
return
}

17
server/internal/auth/token.go
View File

@@ -6,6 +6,7 @@ import (
"strings"
"time"
"codeberg.org/shroff/phylum/server/internal/auth/openid"
"codeberg.org/shroff/phylum/server/internal/core"
"codeberg.org/shroff/phylum/server/internal/db"
"github.com/google/uuid"
@@ -53,7 +54,7 @@ func CreateLoginToken(db db.TxHandler, email string) (core.User, string, error)
}
func performTokenLogin(db db.TxHandler, tokenID uuid.UUID, token []byte) (auth *Auth, apiToken string, err error) {
const q = "DELETE FROM pending_logins WHERE token_id = @token_id AND token_hash = @token_hash AND user_id IS NOT NULL RETURNING user_id, expires"
const q = "DELETE FROM pending_logins WHERE token_id = @token_id AND token_hash = @token_hash AND user_id IS NOT NULL RETURNING user_id, expires, oidc_provider"
hash := sha256.Sum256([]byte(token))
args := pgx.NamedArgs{
"token_id": tokenID,
@@ -63,8 +64,9 @@ func performTokenLogin(db db.TxHandler, tokenID uuid.UUID, token []byte) (auth *
var user core.User
var userID int32
var expires time.Time
var oidcProvider string
row := db.QueryRow(q, args)
if err = row.Scan(&userID, &expires); err != nil {
if err = row.Scan(&userID, &expires, &oidcProvider); err != nil {
if errors.Is(err, pgx.ErrNoRows) {
err = ErrTokenInvalid
}
@@ -76,7 +78,16 @@ func performTokenLogin(db db.TxHandler, tokenID uuid.UUID, token []byte) (auth *
return
} else {
auth = NewSUAuth(user)
_, _, apiToken, err = GenerateAPIKey(db, auth, "Login - Token")
description := "Magic Link Login"
if oidcProvider != "" {
var p string
if p, err = openid.GetProviderName(oidcProvider); err != nil {
return
} else {
description = "OAuth Login (via " + p + ")"
}
}
_, _, apiToken, err = GenerateAPIKey(db, auth, description)
return
}
}