mirror/phylum
1
0
Fork 0
mirror of https://codeberg.org/shroff/phylum.git synced 2026-01-05 19:21:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

[server] Update schema to refer to generalized login token

Browse Source
This commit is contained in:
Abhishek Shroff
2025-06-29 12:24:33 +05:30
parent 5482f52ab9
commit dce623b2a6
3 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
server/internal/auth/openid.go
View File

@@ -25,10 +25,10 @@ func OpenIDStart(db db.Handler, providerName, redirectURI string, clientType Ope
if clientID, endpoint, err := openid.GetProviderDetails(providerName); err != nil {
return "", err
} else {
sessionID := generateRandomString(openidLoginSessionIDLength)
_, err := db.Exec("INSERT INTO openid_sessions(id, provider, client_type) VALUES ($1, $2, $3)", sessionID, providerName, clientType)
token := generateRandomString(openidLoginSessionIDLength)
_, err := db.Exec("INSERT INTO pending_logins(token, oidc_provider, oidc_client_type) VALUES ($1, $2, $3)", token, providerName, clientType)
if err != nil {
return "", errors.New("failed to insert openid session: " + err.Error())
return "", errors.New("failed to create login token: " + err.Error())
}
authURL, err := url.Parse(endpoint)
if err != nil {
@@ -38,20 +38,20 @@ func OpenIDStart(db db.Handler, providerName, redirectURI string, clientType Ope
q.Add("client_id", clientID)
q.Add("response_type", "code")
q.Add("scope", "openid email profile")
q.Add("state", sessionID)
q.Add("state", token)
q.Add("redirect_uri", redirectURI)
authURL.RawQuery = q.Encode()
return authURL.String(), nil
}
}
func OpenIDValidateAuthCode(d db.Handler, sessionID, authCode, redirecURI string) (OpenIDClientType, error) {
row := d.QueryRow("SELECT provider, client_type FROM openid_sessions WHERE id = $1 AND user_id IS NULL", sessionID)
func OpenIDValidateAuthCode(d db.Handler, token, authCode, redirecURI string) (OpenIDClientType, error) {
row := d.QueryRow("SELECT oidc_provider, oidc_client_type FROM pending_logins WHERE token = $1 AND user_id IS NULL", token)
var providerName string
var clientType OpenIDClientType
if err := row.Scan(&providerName, &clientType); err != nil {
if errors.Is(err, pgx.ErrNoRows) {
err = errors.New("state token invalid")
err = errors.New("login token invalid")
}
return OpenIDClientNone, err
} else if idToken, err := openid.GetIDToken(providerName, authCode, redirecURI); err != nil {
@@ -69,13 +69,13 @@ func OpenIDValidateAuthCode(d db.Handler, sessionID, authCode, redirecURI string
if err != nil {
return err
}
_, err = db.Exec("UPDATE openid_sessions SET user_id = $2 WHERE id = $1", sessionID, user.ID)
_, err = db.Exec("UPDATE pending_logins SET user_id = $2 WHERE token = $1", token, user.ID)
return err
})
if err != nil {
// This session ID is no longer valid, since we've already used the auth code once
d.Exec("DELETE FROM openid_sessions WHERE id = $1", sessionID)
d.Exec("DELETE FROM pending_logins WHERE token = $1", token)
return OpenIDClientNone, err
}
return clientType, nil

6
server/internal/auth/token.go
View File

@@ -8,12 +8,12 @@ import (
"github.com/jackc/pgx/v5"
)
func PerformTokenLogin(db db.TxHandler, loginToken string) (core.User, string, error) {
row := db.QueryRow("DELETE FROM openid_sessions WHERE id = $1 AND user_id IS NOT NULL RETURNING user_id", loginToken)
func PerformTokenLogin(db db.TxHandler, token string) (core.User, string, error) {
row := db.QueryRow("DELETE FROM pending_logins WHERE token = $1 AND user_id IS NOT NULL RETURNING user_id", token)
var userID int32
if err := row.Scan(&userID); err != nil {
if errors.Is(err, pgx.ErrNoRows) {
err = errors.New("state token invalid")
err = errors.New("login token invalid")
}
return core.User{}, "", err
} else if user, err := core.UserByID(db, userID); err != nil {

14
server/internal/db/migrations/data/015_openid_sessions.sql
View File

@@ -1,12 +1,12 @@
CREATE UNLOGGED TABLE openid_sessions(
id TEXT PRIMARY KEY,
provider TEXT NOT NULL,
client_type SMALLINT NOT NULL,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
user_id INTEGER REFERENCES users(id) ON DELETE CASCADE
CREATE UNLOGGED TABLE pending_logins(
token TEXT PRIMARY KEY,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
user_id INTEGER REFERENCES users(id) ON DELETE CASCADE,
oidc_provider TEXT,
oidc_client_type SMALLINT
);
---- create above / drop below ----
DROP TABLE openid_sessions;
DROP TABLE pending_logins;