Serve and check cookies on login route

2023-08-22 19:29:40 +02:00 · 2023-08-22 19:29:40 +02:00 · c73f132421
commit c73f132421
parent 1667c3295b
6 changed files with 46 additions and 11 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -24,4 +24,5 @@ yunohost-api = { path = "yunohost-api", features = [ "axum" ] }
 axum_typed_multipart = "0.8"
 async-trait = "0.1"
 serde = { version = "1", features = [ "derive" ] }
-file-owner = { version = "0.1" }
+file-owner = { version = "0.1" }
+tower-cookies = "0.9"
--- a/src/error.rs
+++ b/src/error.rs
@ -1,3 +1,4 @@
+use axum::response::{IntoResponse, Response};
 use snafu::Snafu;

 use std::path::PathBuf;
@ -29,3 +30,9 @@ pub enum Error {
    #[snafu(display("Failed to set group on file {}", path.display()))]
    PermissionsChgrp { path: PathBuf, source: file_owner::FileOwnerError },
 }
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        self.to_string().into_response()
+    }
+}
--- a/src/routes/login.rs
+++ b/src/routes/login.rs
@ -1,13 +1,19 @@
 use axum::{
-    extract::{FromRequest, Form, Json, Query, State},
+    extract::{FromRequest, Form, Json, State},
    http::{self, Request, StatusCode},
    response::{IntoResponse, Response},
    RequestExt,
 };
 use axum_typed_multipart::{TryFromMultipart, TypedMultipart};
+use snafu::prelude::*;
+use tower_cookies::{Cookies, Cookie};
 use yunohost_api::{Username, Password};

-use crate::state::RoutableAppState;
+use crate::{
+    error::*,
+    routes::COOKIE_NAME,
+    state::RoutableAppState,
+};

 #[derive(Debug, TryFromMultipart, Deserialize)]
 pub struct LoginForm {
@ -55,10 +61,28 @@ where
 }

 #[debug_handler]
-pub async fn route(state: State<RoutableAppState>, form: LoginForm) -> String {
-	if state.check_login(&form.username, &form.password).await.unwrap() {
-        format!("Welcome {}", &form.username)
+pub async fn route(cookies: Cookies, state: State<RoutableAppState>, form: LoginForm) -> Result<String, Error> {
+    trace!("ROUTE: /login/");
+    if let Some(session_cookie) = cookies.get(COOKIE_NAME) {
+        trace!("User claims to have valid {} session: {}", COOKIE_NAME, &session_cookie);
+        if let Some(username) = state.sessions.verify_cookie(session_cookie.value()).await.context(SessionSnafu)? {
+            debug!("User claims were verified. They are identified as {}", &username);
+            return Ok(format!("Welcome back, {}! You were already logged in.", username));
+        }
+
+        debug!("User claims for a {} session were unfounded. Performing login again.", COOKIE_NAME);
+    }
+
+    debug!("Performing login attempt for user {}", &form.username);
+
+    // No cookie, or cookie is invalid. Perform login.
+    if state.check_login(&form.username, &form.password).await.unwrap() {
+        debug!("Login was successful for user {}. Saving cookie now.", &form.username);
+        let (cookie_name, cookie_value) = state.sessions.make_session(COOKIE_NAME, &form.username).await;
+        cookies.add(Cookie::new(cookie_name, cookie_value));
+        Ok(format!("Welcome {}", &form.username))
    } else {
-        format!("Invalid login for {}", &form.username)
+        debug!("Login failed for user {}", &form.username);
+        Ok(format!("Invalid login for {}", &form.username))
    }
 }
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@ -1,19 +1,22 @@
 use axum::{
-    extract::State,
    routing::{get, post},
    Router,
 };
+use tower_cookies::CookieManagerLayer;

 use crate::state::RoutableAppState;

 mod index;
 mod login;

+pub const COOKIE_NAME: &'static str = "yunohost.ssowat";
+
 /// Build a router for the application, in a specific subpath eg `/yunohost/sso/`
 pub fn router(subpath: Option<String>, state: RoutableAppState) -> Router {
    let app = Router::new()
        .route("/", get(index::route))
        .route("/login/", post(login::route))
+        .layer(CookieManagerLayer::new())
        .with_state(state);
    if let Some(p) = subpath {
        Router::new()
--- a/src/state/mod.rs
+++ b/src/state/mod.rs
@ -11,8 +11,8 @@ use sessions::SessionManager;
 pub type RoutableAppState = Arc<AppState>;

 pub struct AppState {
-    sessions: SessionManager,
-    users: YunohostUsers,
+    pub sessions: SessionManager,
+    pub users: YunohostUsers,
 }

 impl AppState {
--- a/src/state/sessions.rs
+++ b/src/state/sessions.rs
@ -89,7 +89,7 @@ impl SessionManager {
    /// Generates a new valid cookie inside the `SessionManager`, and returns:
    /// - the cookie name to be set
    /// - the cookie content that can be sent to a client
-    pub async fn make_session(&mut self, cookie_name: &str, username: &Username) -> (String, String) {
+    pub async fn make_session(&self, cookie_name: &str, username: &Username) -> (String, String) {
        let now = now();
        let signable_payload = format!("{now}:{cookie_name}:{username}");
        let signed_payload = hmac::sign(&self.secret, signable_payload.as_bytes()).as_ref().to_vec();