Move get_optional to config, make it type-agnostic, and allow scopes as array

48e74427 · Nik | Klampfradler · eca0fbcc · 48e74427 · 48e74427 · 48e74427
Verified Commit 48e74427 authored 4 years ago by Nik | Klampfradler
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,6 +21,7 @@ lazy_static = "^1.3.0"
 oauth2 = "^4.0.0"
 reqwest = "^0.11.3"
 config = "^0.11.0"
+serde = "^1.0.125"
 log = "^0.4.11"
 syslog = "^5.0.0"

--- a/src/config.rs
+++ b/src/config.rs
@@ -13,6 +13,8 @@
 * limitations under the License.
 */
+use serde::de::Deserialize;
 extern crate config;
 const DEFAULT_CONFIG_FILE: &str = "/etc/nss_pam_oidc";
@@ -54,3 +56,10 @@ pub fn argv_to_config(argv: &Vec<String>) -> config::Config {
    }
    return conf;
 }
+pub fn get_optional<'de, T: Deserialize<'de>>(conf: &config::Config, key: &str) -> Option<T> {
+    match conf.get(key) {
+        Ok(v) => Some(v),
+        Err(_) => None,
+    }
+}
--- a/src/pam.rs
+++ b/src/pam.rs
@@ -15,10 +15,13 @@
 use crate::config::{
    argv_to_config,
-    get_config
+    get_config,
+    get_optional
 };
 use config::Config;
+use serde::de::Deserialize;
 use crate::logging::setup_log;
 use oauth2::{
@@ -40,32 +43,19 @@ use oauth2::reqwest::http_client;
 use pamsm::{PamServiceModule, Pam, PamFlag, PamError, PamLibExt};
-fn get_or_pam_error(config: &Config, key: &str) -> Result<String, PamError> {
+fn get_or_pam_error<'de, T: Deserialize<'de>>(config: &Config, key: &str) -> Result<T, PamError> {
-    match config.get_str(key) {
+    match get_optional(config, key) {
-        Ok(v) => {
+        Some(v) => {
-            debug!("Configuration key found: {} = {}", key, v);
+            debug!("Configuration key found: {}", key);
            return Ok(v);
        },
-        Err(_) => {
+        None => {
            error!("Configuration key not found: {}", key);
            return Err(PamError::SERVICE_ERR);
        },
    }
 }
-fn get_optional(config: &Config, key: &str) -> Option<String> {
-    match config.get_str(key) {
-        Ok(v) => {
-            debug!("Configuration key found: {} = {}", key, v);
-            return Some(v);
-        },
-        Err(_) => {
-            debug!("Configuration key not found (optional): {}", key);
-            return None;
-        },
-    }
-}
 fn do_legacy_auth(username: String, password: String, config: Config) -> Result<BasicTokenResponse, PamError> {
    let client_id = ClientId::new(get_or_pam_error(&config, "pam.client_id")?);
    let client_secret = match get_optional(&config, "pam.client_secret") {
@@ -89,16 +79,18 @@ fn do_legacy_auth(username: String, password: String, config: Config) -> Result<
        },
        None => None,
    };
-    let scope = get_or_pam_error(&config, "pam.scope")?;
+    let scopes: Vec<&str> = get_or_pam_error(&config, "pam.scopes")?;
+    let res_username = ResourceOwnerUsername::new(username);
+    let res_password = ResourceOwnerPassword::new(password);
    let client = BasicClient::new(client_id, client_secret, auth_url, token_url);
-    let result = client
+    let mut request = client.exchange_password(&res_username, &res_password);
-        .exchange_password(
+    for scope in scopes {
-            &ResourceOwnerUsername::new(username),
+        request = request.add_scope(Scope::new(scope.to_string()));
-            &ResourceOwnerPassword::new(password)
+    }
-        )
+    let result = request.request(http_client);
-        .add_scope(Scope::new(scope.to_string()))
-        .request(http_client);
    match result {
            Ok(t) => Ok(t),
            Err(e) => match e {