mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed serialization of oauth2 token scope (#1930)

Browse source
This commit is contained in:
Sebastiano Tocci 2023-08-02 01:50:57 +02:00 committed by GitHub
parent de45732322
commit d50373e64b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
proto/Cargo.toml
View file

@ -22,6 +22,7 @@ num_enum = { workspace = true }
scim_proto = { workspace = true } scim_proto = { workspace = true }
serde = { workspace = true, features = ["derive"] } serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true } serde_json = { workspace = true }
serde_with = "3.1.0"
time = { workspace = true, features = ["serde", "std"] } time = { workspace = true, features = ["serde", "std"] }
tracing = { workspace = true } tracing = { workspace = true }
url = { workspace = true, features = ["serde"] } url = { workspace = true, features = ["serde"] }

8
proto/src/oauth2.rs
View file

@ -2,6 +2,8 @@ use std::collections::{BTreeMap, BTreeSet};
use base64urlsafedata::Base64UrlSafeData; use base64urlsafedata::Base64UrlSafeData;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_with::formats::SpaceSeparator;
use serde_with::{serde_as, skip_serializing_none, StringWithSeparator};
use url::Url; use url::Url;
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Clone, Copy)] #[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Clone, Copy)]
@ -77,6 +79,9 @@ pub enum AuthorisationResponse {
Permitted, Permitted,
} }
#[serde_as]
#[skip_serializing_none]
// this is the equivalent of serde(skip_serializing_if = "Option::is_none") applied to ALL the options
#[derive(Serialize, Deserialize, Debug)] #[derive(Serialize, Deserialize, Debug)]
#[serde(tag = "grant_type", rename_all = "snake_case")] #[serde(tag = "grant_type", rename_all = "snake_case")]
pub enum GrantTypeReq { pub enum GrantTypeReq {
@ -85,12 +90,11 @@ pub enum GrantTypeReq {
code: String, code: String,
// Must be the same as the original redirect uri. // Must be the same as the original redirect uri.
redirect_uri: Url, redirect_uri: Url,
#[serde(skip_serializing_if = "Option::is_none")]
code_verifier: Option<String>, code_verifier: Option<String>,
}, },
RefreshToken { RefreshToken {
refresh_token: String, refresh_token: String,
#[serde(skip_serializing_if = "Option::is_none")] #[serde_as(as = "Option<StringWithSeparator::<SpaceSeparator, String>>")]
scope: Option<BTreeSet<String>>, scope: Option<BTreeSet<String>>,
}, },
} }

14
server/lib/src/idm/oauth2.rs
View file

@ -4762,4 +4762,18 @@ mod tests {
// Success! // Success!
} }
#[test] // I know this looks kinda dumb but at some point someone pointed out that our scope syntax wasn't compliant with rfc6749
//(https://datatracker.ietf.org/doc/html/rfc6749#section-3.3), so I'm just making sure that we don't break it again.
fn compliant_serialization_test() {
let token_req: Result<AccessTokenRequest, serde_json::Error> = serde_json::from_str(
r#"
{
"grant_type": "refresh_token",
"refresh_token": "some_dumb_refresh_token",
"scope": "invalid_scope vasd asd"
}
"#,
);
assert!(token_req.is_ok());
}
} }