diff --git a/server/core/src/https/views/reset.rs b/server/core/src/https/views/reset.rs index 73ce55c32..2caa70cbe 100644 --- a/server/core/src/https/views/reset.rs +++ b/server/core/src/https/views/reset.rs @@ -24,6 +24,7 @@ use kanidm_proto::internal::{ CredentialDetail, OperationError, PasskeyDetail, PasswordFeedback, TotpAlgo, UserAuthToken, COOKIE_CU_SESSION_TOKEN, }; +use kanidmd_lib::prelude::ClientAuthInfo; use super::constants::Urls; use super::navbar::NavbarCtx; @@ -204,11 +205,41 @@ impl Display for PasskeyClass { } } +/// When the credential update session is ended through a commit or discard of the changes +/// we need to redirect the user to a relevant location. This location depends on the sessions +/// current authentication state. If they are authenticated, they are sent to their profile. If +/// they are not authenticated, they are sent to the login screen. +async fn end_session_response( + state: ServerState, + kopid: KOpId, + client_auth_info: ClientAuthInfo, + jar: CookieJar, +) -> axum::response::Result { + let is_logged_in = state + .qe_r_ref + .handle_auth_valid(client_auth_info, kopid.eventid) + .await + .is_ok(); + + let redirect_location = if is_logged_in { + Urls::Profile.as_ref() + } else { + Urls::Login.as_ref() + }; + + Ok(( + jar, + HxLocation::from(Uri::from_static(redirect_location)), + "", + ) + .into_response()) +} + pub(crate) async fn commit( State(state): State, Extension(kopid): Extension, HxRequest(_hx_request): HxRequest, - VerifiedClientInformation(_client_auth_info): VerifiedClientInformation, + VerifiedClientInformation(client_auth_info): VerifiedClientInformation, DomainInfo(domain_info): DomainInfo, jar: CookieJar, ) -> axum::response::Result { @@ -223,14 +254,14 @@ pub(crate) async fn commit( // No longer need the cookie jar. let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state); - Ok((jar, HxLocation::from(Uri::from_static("/ui")), "").into_response()) + end_session_response(state, kopid, client_auth_info, jar).await } pub(crate) async fn cancel_cred_update( State(state): State, Extension(kopid): Extension, HxRequest(_hx_request): HxRequest, - VerifiedClientInformation(_client_auth_info): VerifiedClientInformation, + VerifiedClientInformation(client_auth_info): VerifiedClientInformation, DomainInfo(domain_info): DomainInfo, jar: CookieJar, ) -> axum::response::Result { @@ -245,12 +276,7 @@ pub(crate) async fn cancel_cred_update( // No longer need the cookie jar. let jar = cookies::destroy(jar, COOKIE_CU_SESSION_TOKEN, &state); - Ok(( - jar, - HxLocation::from(Uri::from_static(Urls::Profile.as_ref())), - "", - ) - .into_response()) + end_session_response(state, kopid, client_auth_info, jar).await } pub(crate) async fn cancel_mfareg( @@ -782,7 +808,7 @@ pub(crate) async fn view_reset_get( State(state): State, Extension(kopid): Extension, HxRequest(_hx_request): HxRequest, - VerifiedClientInformation(_client_auth_info): VerifiedClientInformation, + VerifiedClientInformation(client_auth_info): VerifiedClientInformation, DomainInfo(domain_info): DomainInfo, Query(params): Query, mut jar: CookieJar, @@ -791,7 +817,7 @@ pub(crate) async fn view_reset_get( let cookie = jar.get(COOKIE_CU_SESSION_TOKEN); let is_logged_in = state .qe_r_ref - .handle_auth_valid(_client_auth_info.clone(), kopid.eventid) + .handle_auth_valid(client_auth_info.clone(), kopid.eventid) .await .is_ok(); diff --git a/server/core/templates/credentials_reset_form.html b/server/core/templates/credentials_reset_form.html index ec37c7be7..ae7d6700b 100644 --- a/server/core/templates/credentials_reset_form.html +++ b/server/core/templates/credentials_reset_form.html @@ -56,10 +56,9 @@ Return to the home page diff --git a/server/core/templates/credentials_update_primary.html b/server/core/templates/credentials_update_primary.html index 52e1263d1..7aefda358 100644 --- a/server/core/templates/credentials_update_primary.html +++ b/server/core/templates/credentials_update_primary.html @@ -42,7 +42,7 @@
-
diff --git a/unix_integration/resolver/src/resolver.rs b/unix_integration/resolver/src/resolver.rs index d892086d8..756878530 100644 --- a/unix_integration/resolver/src/resolver.rs +++ b/unix_integration/resolver/src/resolver.rs @@ -228,6 +228,8 @@ impl Resolver { debug!("get_cached_usertoken {:?}", err); })?; + drop(dbtxn); + match r { Some((ut, ex)) => { // Are we expired? @@ -276,6 +278,8 @@ impl Resolver { let mut dbtxn = self.db.write().await; let r = dbtxn.get_group(grp_id).map_err(|_| ())?; + drop(dbtxn); + match r { Some((ut, ex)) => { // Are we expired?