2023-10-09 10:46:12 +00:00
|
|
|
use crate::{context::LemmyContext, sensitive::Sensitive};
|
|
|
|
use actix_web::{http::header::USER_AGENT, HttpRequest};
|
|
|
|
use chrono::Utc;
|
|
|
|
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
|
|
|
|
use lemmy_db_schema::{
|
|
|
|
newtypes::LocalUserId,
|
|
|
|
source::login_token::{LoginToken, LoginTokenCreateForm},
|
|
|
|
};
|
2024-01-19 16:21:43 +00:00
|
|
|
use lemmy_utils::error::{LemmyErrorExt, LemmyErrorType, LemmyResult};
|
2023-10-09 10:46:12 +00:00
|
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
|
2024-02-11 05:32:14 +00:00
|
|
|
#[derive(Debug, Serialize, Deserialize, Clone, PartialEq, Eq, Hash)]
|
2023-10-09 10:46:12 +00:00
|
|
|
pub struct Claims {
|
|
|
|
/// local_user_id, standard claim by RFC 7519.
|
|
|
|
pub sub: String,
|
|
|
|
pub iss: String,
|
|
|
|
/// Time when this token was issued as UNIX-timestamp in seconds
|
|
|
|
pub iat: i64,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Claims {
|
|
|
|
pub async fn validate(jwt: &str, context: &LemmyContext) -> LemmyResult<LocalUserId> {
|
|
|
|
let mut validation = Validation::default();
|
|
|
|
validation.validate_exp = false;
|
|
|
|
validation.required_spec_claims.remove("exp");
|
|
|
|
let jwt_secret = &context.secret().jwt_secret;
|
|
|
|
let key = DecodingKey::from_secret(jwt_secret.as_ref());
|
2024-01-19 16:21:43 +00:00
|
|
|
let claims =
|
|
|
|
decode::<Claims>(jwt, &key, &validation).with_lemmy_type(LemmyErrorType::NotLoggedIn)?;
|
2023-10-09 10:46:12 +00:00
|
|
|
let user_id = LocalUserId(claims.claims.sub.parse()?);
|
|
|
|
let is_valid = LoginToken::validate(&mut context.pool(), user_id, jwt).await?;
|
|
|
|
if !is_valid {
|
|
|
|
Err(LemmyErrorType::NotLoggedIn)?
|
|
|
|
} else {
|
|
|
|
Ok(user_id)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn generate(
|
|
|
|
user_id: LocalUserId,
|
|
|
|
req: HttpRequest,
|
|
|
|
context: &LemmyContext,
|
|
|
|
) -> LemmyResult<Sensitive<String>> {
|
|
|
|
let hostname = context.settings().hostname.clone();
|
|
|
|
let my_claims = Claims {
|
|
|
|
sub: user_id.0.to_string(),
|
|
|
|
iss: hostname,
|
|
|
|
iat: Utc::now().timestamp(),
|
|
|
|
};
|
|
|
|
|
|
|
|
let secret = &context.secret().jwt_secret;
|
|
|
|
let key = EncodingKey::from_secret(secret.as_ref());
|
|
|
|
let token = encode(&Header::default(), &my_claims, &key)?;
|
|
|
|
let ip = req
|
|
|
|
.connection_info()
|
|
|
|
.realip_remote_addr()
|
|
|
|
.map(ToString::to_string);
|
|
|
|
let user_agent = req
|
|
|
|
.headers()
|
|
|
|
.get(USER_AGENT)
|
|
|
|
.and_then(|ua| ua.to_str().ok())
|
|
|
|
.map(ToString::to_string);
|
|
|
|
let form = LoginTokenCreateForm {
|
|
|
|
token: token.clone(),
|
|
|
|
user_id,
|
|
|
|
ip,
|
|
|
|
user_agent,
|
|
|
|
};
|
|
|
|
LoginToken::create(&mut context.pool(), form).await?;
|
|
|
|
Ok(Sensitive::new(token))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
#![allow(clippy::unwrap_used)]
|
|
|
|
#![allow(clippy::indexing_slicing)]
|
|
|
|
|
|
|
|
use crate::{claims::Claims, context::LemmyContext};
|
|
|
|
use actix_web::test::TestRequest;
|
|
|
|
use lemmy_db_schema::{
|
|
|
|
source::{
|
|
|
|
instance::Instance,
|
|
|
|
local_user::{LocalUser, LocalUserInsertForm},
|
|
|
|
person::{Person, PersonInsertForm},
|
|
|
|
secret::Secret,
|
|
|
|
},
|
|
|
|
traits::Crud,
|
|
|
|
utils::build_db_pool_for_tests,
|
|
|
|
};
|
2023-10-19 13:31:51 +00:00
|
|
|
use lemmy_utils::rate_limit::RateLimitCell;
|
2024-01-04 09:47:18 +00:00
|
|
|
use pretty_assertions::assert_eq;
|
2023-10-09 10:46:12 +00:00
|
|
|
use reqwest::Client;
|
|
|
|
use reqwest_middleware::ClientBuilder;
|
|
|
|
use serial_test::serial;
|
|
|
|
|
|
|
|
#[tokio::test]
|
|
|
|
#[serial]
|
|
|
|
async fn test_should_not_validate_user_token_after_password_change() {
|
|
|
|
let pool_ = build_db_pool_for_tests().await;
|
|
|
|
let pool = &mut (&pool_).into();
|
|
|
|
let secret = Secret::init(pool).await.unwrap();
|
|
|
|
let context = LemmyContext::create(
|
|
|
|
pool_.clone(),
|
|
|
|
ClientBuilder::new(Client::default()).build(),
|
|
|
|
secret,
|
2023-10-19 13:31:51 +00:00
|
|
|
RateLimitCell::with_test_config(),
|
2023-10-09 10:46:12 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string())
|
|
|
|
.await
|
|
|
|
.unwrap();
|
|
|
|
|
|
|
|
let new_person = PersonInsertForm::builder()
|
|
|
|
.name("Gerry9812".into())
|
|
|
|
.public_key("pubkey".to_string())
|
|
|
|
.instance_id(inserted_instance.id)
|
|
|
|
.build();
|
|
|
|
|
|
|
|
let inserted_person = Person::create(pool, &new_person).await.unwrap();
|
|
|
|
|
|
|
|
let local_user_form = LocalUserInsertForm::builder()
|
|
|
|
.person_id(inserted_person.id)
|
|
|
|
.password_encrypted("123456".to_string())
|
|
|
|
.build();
|
|
|
|
|
|
|
|
let inserted_local_user = LocalUser::create(pool, &local_user_form).await.unwrap();
|
|
|
|
|
|
|
|
let req = TestRequest::default().to_http_request();
|
|
|
|
let jwt = Claims::generate(inserted_local_user.id, req, &context)
|
|
|
|
.await
|
|
|
|
.unwrap();
|
|
|
|
|
|
|
|
let valid = Claims::validate(&jwt, &context).await;
|
|
|
|
assert!(valid.is_ok());
|
|
|
|
|
|
|
|
let num_deleted = Person::delete(pool, inserted_person.id).await.unwrap();
|
|
|
|
assert_eq!(1, num_deleted);
|
|
|
|
}
|
|
|
|
}
|