diff --git a/Cargo.lock b/Cargo.lock index a7ed0ca..8ed284f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2829,7 +2829,7 @@ checksum = "9fc79f4a1e39857fc00c3f662cbf2651c771f00e9c15fe2abc341806bd46bd71" [[package]] name = "zauth" -version = "1.2.1" +version = "1.3.0" dependencies = [ "askama", "askama_rocket", diff --git a/src/controllers/oauth_controller.rs b/src/controllers/oauth_controller.rs index efa3477..baecf83 100644 --- a/src/controllers/oauth_controller.rs +++ b/src/controllers/oauth_controller.rs @@ -316,3 +316,33 @@ pub async fn token( })) } } + +#[derive(Serialize, Debug)] +pub struct IntrospectResp { + active: bool, +} + +#[derive(FromForm, Debug)] +pub struct IntrospectFormData { + token: String, + token_type_hint: Option, +} + +#[post("/oauth/introspect", data = "
")] +pub async fn introspect( + auth: Option, + form: Form, + db: DbConn, +) -> Result> { + let auth = auth + .map(|auth| (auth.user, auth.password)) + .ok_or(ZauthError::from(OAuthError::InvalidRequest))?; + + Client::find_and_authenticate(auth.0.to_string(), &auth.1, &db).await?; + + let IntrospectFormData { token, .. } = form.into_inner(); + let maybe_session = Session::find_by_key(token, &db).await; + Ok(Json(IntrospectResp { + active: maybe_session.is_ok(), + })) +} diff --git a/src/lib.rs b/src/lib.rs index 6ce9448..c50dbf4 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -101,6 +101,7 @@ fn assemble(rocket: Rocket) -> Rocket { oauth_controller::grant_get, oauth_controller::grant_post, oauth_controller::token, + oauth_controller::introspect, pages_controller::home_page, sessions_controller::create_session, sessions_controller::new_session, diff --git a/tests/oauth.rs b/tests/oauth.rs index 6d77814..7a5c807 100644 --- a/tests/oauth.rs +++ b/tests/oauth.rs @@ -170,6 +170,27 @@ async fn normal_flow() { assert_eq!(response.status(), Status::SeeOther); + let credentials = + base64::encode(&format!("{}:{}", client_id, client.secret)); + + let form_body = format!("token=1234"); + let req = http_client + .post("/oauth/introspect") + .header(ContentType::Form) + .header(Header::new( + "Authorization", + format!("Basic {}", credentials), + )) + .body(form_body); + + let response = req.dispatch().await; + assert_eq!(response.status(), Status::Ok); + let response_body = + response.into_string().await.expect("response body"); + let data: Value = + serde_json::from_str(&response_body).expect("response json values"); + assert_eq!(data["active"], false); + // 7a. Client requests access code while sending its credentials // trough HTTP Auth. let token_url = "/oauth/token"; @@ -178,9 +199,6 @@ async fn normal_flow() { authorization_code, redirect_uri ); - let credentials = - base64::encode(&format!("{}:{}", client_id, client.secret)); - let req = http_client .post(token_url) .header(ContentType::Form) @@ -256,6 +274,24 @@ async fn normal_flow() { assert_eq!(data["token_type"], "bearer"); let token = data["access_token"].as_str().expect("access token"); + let form_body = format!("token={}", token); + let req = http_client + .post("/oauth/introspect") + .header(ContentType::Form) + .header(Header::new( + "Authorization", + format!("Basic {}", credentials), + )) + .body(form_body); + + let response = req.dispatch().await; + assert_eq!(response.status(), Status::Ok); + let response_body = + response.into_string().await.expect("response body"); + let data: Value = + serde_json::from_str(&response_body).expect("response json values"); + assert_eq!(data["active"], true); + let response = http_client .get("/current_user") .header(Accept::JSON) @@ -276,6 +312,26 @@ async fn normal_flow() { assert!(data["id"].is_number()); assert_eq!(data["username"], user_username); + + http_client.post("/logout").dispatch().await; + + let form_body = format!("token=1234"); + let req = http_client + .post("/oauth/introspect") + .header(ContentType::Form) + .header(Header::new( + "Authorization", + format!("Basic {}", credentials), + )) + .body(form_body); + + let response = req.dispatch().await; + assert_eq!(response.status(), Status::Ok); + let response_body = + response.into_string().await.expect("response body"); + let data: Value = + serde_json::from_str(&response_body).expect("response json values"); + assert_eq!(data["active"], false); }) .await; }