void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 12:33:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

a little cleanup

Browse source
This commit is contained in:
Grant Limberg 2022-01-03 08:36:16 -08:00
parent 057356a725
commit cf411efd1d
No known key found for this signature in database
GPG key ID: 2BA62CCABBB4095A
1 changed files with 61 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

116
zeroidc/src/lib.rs
View file

@ -22,7 +22,7 @@ use bytes::Bytes;
use jsonwebtoken::{dangerous_insecure_decode}; use jsonwebtoken::{dangerous_insecure_decode};
use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType}; use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
use openidconnect::reqwest::http_client; use openidconnect::reqwest::http_client;
use openidconnect::{AccessToken, AccessTokenHash, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, NonceVerifier, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse}; use openidconnect::{AccessToken, AccessTokenHash, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::str::from_utf8; use std::str::from_utf8;
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
@ -72,6 +72,7 @@ fn nonce_func(nonce: String) -> Box<dyn Fn() -> Nonce> {
return Box::new(move || Nonce::new(nonce.to_string())); return Box::new(move || Nonce::new(nonce.to_string()));
} }
#[cfg(debug_assertions)]
fn systemtime_strftime<T>(dt: T, format: &str) -> String fn systemtime_strftime<T>(dt: T, format: &str) -> String
where T: Into<OffsetDateTime> where T: Into<OffsetDateTime>
{ {
@ -244,82 +245,87 @@ impl ZeroIDC {
return true; return true;
}); });
match verified { let v = match verified {
Some(verified) => { Some(verified) => {
if !verified { if !verified {
println!("not verified."); println!("not verified.");
(*inner_local.lock().unwrap()).running = false; (*inner_local.lock().unwrap()).running = false;
break; false
} else {
true
} }
}, },
None => { None => {
println!("no verification performed?"); println!("no verification performed?");
(*inner_local.lock().unwrap()).running = false; (*inner_local.lock().unwrap()).running = false;
break; false
} }
} };
if v {
match res.id_token() {
Some(id_token) => {
let params = [("id_token", id_token.to_string()),("state", "refresh".to_string())];
#[cfg(debug_assertions)] {
println!("New ID token: {}", id_token.to_string());
}
let client = reqwest::blocking::Client::new();
let r = client.post((*inner_local.lock().unwrap()).auth_endpoint.clone())
.form(&params)
.send();
match res.id_token() { match r {
Some(id_token) => { Ok(r) => {
let params = [("id_token", id_token.to_string()),("state", "refresh".to_string())]; if r.status().is_success() {
#[cfg(debug_assertions)] { #[cfg(debug_assertions)] {
println!("New ID token: {}", id_token.to_string()); println!("hit url: {}", r.url().as_str());
} println!("status: {}", r.status());
let client = reqwest::blocking::Client::new(); }
let r = client.post((*inner_local.lock().unwrap()).auth_endpoint.clone())
.form(&params)
.send();
match r { let access_token = res.access_token();
Ok(r) => { let at = access_token.secret();
if r.status().is_success() { // yes this function is called `dangerous_insecure_decode`
#[cfg(debug_assertions)] { // and it doesn't validate the jwt token signature,
// but if we've gotten this far, our claims have already
// been validated up above
let exp = dangerous_insecure_decode::<Exp>(&at);
if let Ok(e) = exp {
(*inner_local.lock().unwrap()).exp_time = e.claims.exp
}
(*inner_local.lock().unwrap()).access_token = Some(access_token.clone());
if let Some(t) = res.refresh_token() {
// println!("New Refresh Token: {}", t.secret());
(*inner_local.lock().unwrap()).refresh_token = Some(t.clone());
}
#[cfg(debug_assertions)] {
println!("Central post succeeded");
}
} else {
println!("Central post failed: {}", r.status().to_string());
println!("hit url: {}", r.url().as_str()); println!("hit url: {}", r.url().as_str());
println!("status: {}", r.status()); println!("Status: {}", r.status());
(*inner_local.lock().unwrap()).exp_time = 0;
(*inner_local.lock().unwrap()).running = false;
} }
},
let access_token = res.access_token(); Err(e) => {
let at = access_token.secret();
// yes this function is called `dangerous_insecure_decode`
// and it doesn't validate the jwt token signature,
// but if we've gotten this far, our claims have already
// been validated up above
let exp = dangerous_insecure_decode::<Exp>(&at);
if let Ok(e) = exp { println!("Central post failed: {}", e.to_string());
(*inner_local.lock().unwrap()).exp_time = e.claims.exp println!("hit url: {}", e.url().unwrap().as_str());
} println!("Status: {}", e.status().unwrap());
(*inner_local.lock().unwrap()).access_token = Some(access_token.clone());
if let Some(t) = res.refresh_token() {
// println!("New Refresh Token: {}", t.secret());
(*inner_local.lock().unwrap()).refresh_token = Some(t.clone());
}
#[cfg(debug_assertions)] {
println!("Central post succeeded");
}
} else {
println!("Central post failed: {}", r.status().to_string());
println!("hit url: {}", r.url().as_str());
println!("Status: {}", r.status());
(*inner_local.lock().unwrap()).exp_time = 0; (*inner_local.lock().unwrap()).exp_time = 0;
(*inner_local.lock().unwrap()).running = false; (*inner_local.lock().unwrap()).running = false;
} }
},
Err(e) => {
println!("Central post failed: {}", e.to_string());
println!("hit url: {}", e.url().unwrap().as_str());
println!("Status: {}", e.status().unwrap());
(*inner_local.lock().unwrap()).exp_time = 0;
(*inner_local.lock().unwrap()).running = false;
} }
},
None => {
println!("no id token?!?");
} }
},
None => {
println!("no id token?!?");
} }
} else {
println!("claims not verified");
} }
}, },
Err(e) => { Err(e) => {