Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/* Copyright 2021 Dominik George <dominik.george@teckids.org>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
use crate::config::{
get_or_error,
get_optional
};
use config::Config;
use oauth2::{
AuthUrl,
ClientId,
ClientSecret,
RequestTokenError,
ResourceOwnerUsername,
ResourceOwnerPassword,
Scope,
TokenUrl
};
use oauth2::basic::{
BasicClient,
BasicTokenResponse
};
use oauth2::reqwest::http_client;
fn full_key(prefix: &str, key: &str) -> String {
let parts = vec![prefix.to_string(), key.to_string()];
let full_key = parts.join(".");
return full_key;
}
fn get_client<E: Copy>(conf: Config, prefix: &str, error_value: E) -> Result<BasicClient, E> {
let client_id = ClientId::new(get_or_error(&conf, &full_key(prefix, "client_secret"), error_value)?);
let client_secret = match get_optional(&conf, &full_key(prefix, "client_secret")) {
Some(v) => Some(ClientSecret::new(v)),
None => None,
};
let auth_url = match AuthUrl::new(get_or_error(&conf, &full_key(prefix, "auth_url"), error_value)?) {
Ok(u) => u,
_ => {
error!("Could not parse authorization URL");
return Err(error_value);
},
};
let token_url = match get_optional(&conf, &full_key(prefix, "token_url")) {
Some(v) => match TokenUrl::new(v) {
Ok(u) => Some(u),
Err(_) => {
error!("Could not parse token URL");
return Err(error_value);
}
},
None => None,
};
let client = BasicClient::new(client_id, client_secret, auth_url, token_url);
return Ok(client);
}
pub fn get_access_token<E: Copy>(conf: Config, prefix: &str, error_value: E, unauth_value: E) -> Result<BasicTokenResponse, E> {
let scopes: Vec<&str> = get_or_error(&conf, &full_key(prefix, "scopes"), error_value)?;
let client = get_client(conf, prefix, error_value)?;
let mut request = client.exchange_client_credentials();
for scope in scopes {
request = request.add_scope(Scope::new(scope.to_string()));
}
let result = request.request(http_client);
match result {
Ok(t) => Ok(t),
Err(e) => match e {
RequestTokenError::ServerResponse(t) => {
error!("Authorization server returned error: {}", t);
return Err(unauth_value);
},
_ => {
error!("Error fetchin access token: {}", e);
return Err(error_value);
},
},
}
}
pub fn get_access_token_password<E: Copy>(conf: Config, prefix: &str, username: String, password: String, error_value: E, unauth_value: E) -> Result<String, E> {
let scopes: Vec<&str> = get_or_error(&conf, &full_key(prefix, "scopes"), error_value)?;
let res_username = ResourceOwnerUsername::new(username);
let res_password = ResourceOwnerPassword::new(password);
let client = get_client(conf, prefix, error_value)?;
let mut request = client.exchange_password(&res_username, &res_password);
for scope in scopes {
request = request.add_scope(Scope::new(scope.to_string()));
}
let result = request.request(http_client);
match result {
Ok(t) => Ok("".to_string()),
Err(e) => match e {
RequestTokenError::ServerResponse(t) => {
error!("Authorization server returned error: {}", t);
return Err(unauth_value);
},
_ => {
error!("Error fetchin access token: {}", e);
return Err(error_value);
},
},
}
}
fn do_json_request<E: Copy>(conf: Config, url: String, error_value: E, unauth_value: E) -> Result<String, E> {
let token = get_access_token(conf, "nss", error_value, unauth_value)?;
Ok("".to_string())
}