From e79ee4c6c5bedd341ff67b2aaced86589fac3a27 Mon Sep 17 00:00:00 2001 From: c0repwn3r Date: Mon, 6 Feb 2023 10:17:48 -0500 Subject: [PATCH] fix session authentication --- trifid-api/src/auth.rs | 18 +++++++++--------- trifid-api/src/main.rs | 5 ++++- trifid-api/src/routes/v1/auth/mod.rs | 2 ++ .../src/routes/v1/auth/verify_magic_link.rs | 8 ++++++++ trifid-api/src/tokens.rs | 2 +- 5 files changed, 24 insertions(+), 11 deletions(-) diff --git a/trifid-api/src/auth.rs b/trifid-api/src/auth.rs index 0bae614..0ee5793 100644 --- a/trifid-api/src/auth.rs +++ b/trifid-api/src/auth.rs @@ -14,7 +14,7 @@ pub struct PartialUserInfo { #[derive(Debug)] pub enum AuthenticationError { MissingToken, - InvalidToken, + InvalidToken(usize), DatabaseError, RequiresTOTP } @@ -31,16 +31,16 @@ impl<'r> FromRequest<'r> for PartialUserInfo { // parse bearer token let components = authorization.split(' ').collect::>(); - if components.len() != 2 || components.len() != 3 { + if components.len() != 2 && components.len() != 3 { return Outcome::Failure((Status::Unauthorized, AuthenticationError::MissingToken)); } if components[0] != "Bearer" { - return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken)); + return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken(0))); } - if components.len() == 2 && components[1].starts_with("st-") { - return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken)); + if components.len() == 2 && !components[1].starts_with("st-") { + return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken(1))); } let st: String; @@ -53,10 +53,10 @@ impl<'r> FromRequest<'r> for PartialUserInfo { st = components[1].to_string(); match validate_session_token(st.clone(), req.rocket().state().unwrap()).await { Ok(uid) => user_id = uid, - Err(_) => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken)) + Err(_) => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken(2))) } }, - _ => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken)) + _ => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken(3))) } if components.len() == 3 { @@ -66,10 +66,10 @@ impl<'r> FromRequest<'r> for PartialUserInfo { at = Some(components[2].to_string()); match validate_auth_token(at.clone().unwrap().clone(), st.clone(), req.rocket().state().unwrap()).await { Ok(_) => (), - Err(_) => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken)) + Err(_) => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken(4))) } }, - _ => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken)) + _ => return Outcome::Failure((Status::Unauthorized, AuthenticationError::InvalidToken(5))) } } else { at = None; diff --git a/trifid-api/src/main.rs b/trifid-api/src/main.rs index f0f029b..17c28d7 100644 --- a/trifid-api/src/main.rs +++ b/trifid-api/src/main.rs @@ -81,7 +81,10 @@ async fn main() -> Result<(), Box> { .mount("/", routes![ crate::routes::v1::auth::magic_link::magiclink_request, crate::routes::v1::signup::signup_request, - crate::routes::v1::auth::verify_magic_link::verify_magic_link + crate::routes::v1::auth::verify_magic_link::verify_magic_link, + + + crate::routes::v1::auth::check_auth, ]) .register("/", catchers![ crate::routes::handler_400, diff --git a/trifid-api/src/routes/v1/auth/mod.rs b/trifid-api/src/routes/v1/auth/mod.rs index aa16fd9..aad0904 100644 --- a/trifid-api/src/routes/v1/auth/mod.rs +++ b/trifid-api/src/routes/v1/auth/mod.rs @@ -1,2 +1,4 @@ +use crate::auth::PartialUserInfo; + pub mod verify_magic_link; pub mod magic_link; \ No newline at end of file diff --git a/trifid-api/src/routes/v1/auth/verify_magic_link.rs b/trifid-api/src/routes/v1/auth/verify_magic_link.rs index 3acab52..82cb0f8 100644 --- a/trifid-api/src/routes/v1/auth/verify_magic_link.rs +++ b/trifid-api/src/routes/v1/auth/verify_magic_link.rs @@ -53,6 +53,14 @@ pub async fn verify_magic_link(req: Json, db: &State (), + Err(e) => { + return Err((Status::InternalServerError, format!("{{\"errors\":[{{\"code\":\"{}\",\"message\":\"{} - {}\"}}]}}", "ERR_UNABLE_TO_ISSUE", "an error occured trying to issue a session token, please try again later", e))) + } + } + Ok((ContentType::JSON, Json(VerifyMagicLinkResponse { data: VerifyMagicLinkResponseData { session_token: token }, metadata: VerifyMagicLinkResponseMetadata {}, diff --git a/trifid-api/src/tokens.rs b/trifid-api/src/tokens.rs index b06dc98..f7b0232 100644 --- a/trifid-api/src/tokens.rs +++ b/trifid-api/src/tokens.rs @@ -22,7 +22,7 @@ pub async fn generate_session_token(user_id: i64, db: &PgPool, config: &TFConfig Ok(token) } pub async fn validate_session_token(token: String, db: &PgPool) -> Result> { - Ok(sqlx::query!("SELECT user_id FROM session_tokens WHERE id = $1 AND expires_on < $2", token, SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i32).fetch_one(db).await?.user_id as i64) + Ok(sqlx::query!("SELECT user_id FROM session_tokens WHERE id = $1 AND expires_on > $2", token, SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i32).fetch_one(db).await?.user_id as i64) } pub async fn generate_auth_token(user_id: i64, session_id: String, db: &PgPool, config: &TFConfig) -> Result> {