diff options
| author | benj <benj@rse8.com> | 2023-06-19 17:18:21 -0700 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2023-06-19 17:18:21 -0700 |
| commit | ab6d5cefbea1e8ddf41f385dd85918f651958287 (patch) | |
| tree | ac3a6b45b1a0e6a833a627307d07e94a95ba3c23 /crates/secd/src/lib.rs | |
| parent | 3406b370fe290559ff2445097a380d6f48d0f9af (diff) | |
| download | secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.gz secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.bz2 secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.lz secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.xz secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.zst secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.zip | |
hack to allow impersonator to impersonate target
Diffstat (limited to 'crates/secd/src/lib.rs')
| -rw-r--r-- | crates/secd/src/lib.rs | 85 |
1 files changed, 51 insertions, 34 deletions
diff --git a/crates/secd/src/lib.rs b/crates/secd/src/lib.rs index c84ce44..7fa1755 100644 --- a/crates/secd/src/lib.rs +++ b/crates/secd/src/lib.rs @@ -41,9 +41,7 @@ pub type AddressId = Uuid; pub type AddressValidationId = Uuid; pub type CredentialId = Uuid; pub type IdentityId = Uuid; -pub type MotifId = Uuid; pub type PhoneNumber = String; -pub type RefId = Uuid; #[derive(Debug, derive_more::Display, thiserror::Error)] pub enum SecdError { @@ -60,10 +58,15 @@ pub enum SecdError { CrypterError(#[from] CrypterError), + CfgMissingSpiceSecret, + CfgMissingSpiceServer, + TooManyIdentities, IdentityNotFound, IdentityAlreadyExists, + ImpersonatorAlreadyExists, + EmailMessengerError(#[from] EmailMessengerError), InvalidEmaillAddress(#[from] email_address::Error), @@ -103,43 +106,40 @@ struct Cfg { email_signup_message_asset_loc: Option<String>, email_signin_message: Option<String>, email_signup_message: Option<String>, - spice_secret: String, - spice_server: String, + spice_secret: Option<String>, + spice_server: Option<String>, } #[async_trait] pub trait Authentication { - async fn validate_address( - &self, - address_type: AddressType, - identity_id: Option<IdentityId>, - ) -> Result<AddressValidation, SecdError>; - - async fn complete_address_validation( - &self, - validation_id: &AddressValidationId, - plaintext_token: Option<String>, - plaintext_code: Option<String>, - ) -> Result<AddressValidation, SecdError>; - + async fn check_credential(&self, t: &CredentialType) -> Result<Credential, SecdError>; async fn create_credential( &self, t: &CredentialType, identity_id: Option<IdentityId>, - ) -> Result<IdentityId, SecdError>; - // async fn update_credential(&self, t: &CredentialType) -> Result<(), SecdError>; - async fn reset_credential( + expires_at: Option<OffsetDateTime>, + ) -> Result<Identity, SecdError>; + async fn create_identity( &self, + i: &Identity, t: &CredentialType, - address: &AddressType, + md: Option<String>, + ) -> Result<Identity, SecdError>; + async fn impersonate( + &self, + impersonator: &Identity, + target: &Identity, ) -> Result<Credential, SecdError>; - async fn validate_credential(&self, t: &CredentialType) -> Result<Credential, SecdError>; - - // async fn expire_session_chain(&self, t: &SessionToken) -> Result<(), SecdError>; - // async fn expire_sessions(&self, i: &IdentityId) -> Result<(), SecdError>; - + async fn revoke_credential(&self, credential_id: &CredentialId) -> Result<Identity, SecdError>; + async fn send_address_validation(&self, t: AddressType) + -> Result<AddressValidation, SecdError>; + async fn validate_address( + &self, + v_id: &AddressValidationId, + plaintext_token: Option<String>, + plaintext_code: Option<String>, + ) -> Result<AddressValidation, SecdError>; // async fn get_identity(&self, t: &SessionToken) -> Result<Identity, SecdError>; - // async fn get_session(&self, t: &SessionToken) -> Result<Session, SecdError>; } #[async_trait] @@ -151,7 +151,6 @@ pub trait Authorization { subj: &Subject, relation: &Relation, ) -> Result<Vec<Uuid>, SecdError>; - async fn check_list_subjects(&self) -> Result<Vec<i32>, SecdError>; async fn write(&self, relationships: &[Relationship]) -> Result<(), SecdError>; } @@ -218,7 +217,7 @@ pub enum AddressType { } #[serde_as] -#[derive(Debug, Serialize)] +#[derive(Clone, Debug, Serialize)] pub struct Credential { pub id: CredentialId, pub identity_id: IdentityId, @@ -263,6 +262,15 @@ pub struct Identity { pub deleted_at: Option<OffsetDateTime>, } +#[serde_with::skip_serializing_none] +#[derive(Debug, Serialize)] +pub struct Impersonator { + pub impersonator: Identity, + pub target: Identity, + #[serde(with = "time::serde::timestamp")] + pub created_at: OffsetDateTime, +} + impl Cfg { fn resolve(&mut self) -> Result<(), SecdError> { if let Some(path) = &self.email_signin_message_asset_loc { @@ -313,8 +321,8 @@ impl Secd { CRYPTER_SECRET_KEY_DEFAULT.to_string() }); - info!("starting client with auth_store: {:?}", auth_store); - info!("starting client with email_messenger: {:?}", auth_store); + info!("init with auth_store: {:?}", auth_store); + info!("init with email_messenger: {:?}", email_messenger); let store = match auth_store { AuthStore::Sqlite { conn } => { @@ -340,7 +348,7 @@ impl Secd { .connect(&conn) .await .map_err(|e| { - SecdError::StoreInitFailure(format!("failed to init sqlite: {}", e)) + SecdError::StoreInitFailure(format!("failed to init postgres: {}", e)) })?, ) .await @@ -366,8 +374,17 @@ impl Secd { let spice = match z_schema { Some(schema) => { - let c: Arc<Spice> = - Arc::new(Spice::new(cfg.spice_secret.clone(), cfg.spice_server.clone()).await); + let c: Arc<Spice> = Arc::new( + Spice::new( + cfg.spice_secret + .clone() + .ok_or(SecdError::CfgMissingSpiceSecret)?, + cfg.spice_server + .clone() + .ok_or(SecdError::CfgMissingSpiceServer)?, + ) + .await, + ); c.write_schema(schema) .await .unwrap_or_else(|_| panic!("{}", "failed to write authorization schema")); |