Changeset View
Changeset View
Standalone View
Standalone View
services/identity/src/client_service.rs
Show First 20 Lines • Show All 690 Lines • ▼ Show 20 Lines | ) -> Result<tonic::Response<AuthResponse>, tonic::Status> { | ||||
let user_id = message.user_id; | let user_id = message.user_id; | ||||
let device_id = flattened_device_key_upload.device_id_key.clone(); | let device_id = flattened_device_key_upload.device_id_key.clone(); | ||||
let NonceChallenge { nonce } = | let NonceChallenge { nonce } = | ||||
challenge_response.verify_and_get_message(&device_id)?; | challenge_response.verify_and_get_message(&device_id)?; | ||||
self.verify_and_remove_nonce(&nonce).await?; | self.verify_and_remove_nonce(&nonce).await?; | ||||
let user_identifier = self | |||||
.client | |||||
.get_user_identifier(&user_id) | |||||
.await | |||||
.map_err(handle_db_error)? | |||||
.ok_or_else(|| tonic::Status::not_found("user not found"))?; | |||||
let Some(device_list) = self | let Some(device_list) = self | ||||
.client | .client | ||||
.get_current_device_list(&user_id) | .get_current_device_list(&user_id) | ||||
.await | .await | ||||
.map_err(handle_db_error)? | .map_err(handle_db_error)? | ||||
else { | else { | ||||
warn!("User {} does not have valid device list. Secondary device auth impossible.", user_id); | warn!("User {} does not have valid device list. Secondary device auth impossible.", user_id); | ||||
return Err(tonic::Status::aborted("device list error")); | return Err(tonic::Status::aborted("device list error")); | ||||
}; | }; | ||||
if !device_list.device_ids.contains(&device_id) { | if !device_list.device_ids.contains(&device_id) { | ||||
return Err(tonic::Status::permission_denied( | return Err(tonic::Status::permission_denied( | ||||
"device not in device list", | "device not in device list", | ||||
)); | )); | ||||
} | } | ||||
let login_time = chrono::Utc::now(); | let login_time = chrono::Utc::now(); | ||||
let user_identifier = self | |||||
.client | |||||
.get_user_identifier(&user_id) | |||||
.await | |||||
.map_err(handle_db_error)?; | |||||
let token = AccessTokenData::with_created_time( | let token = AccessTokenData::with_created_time( | ||||
user_id.clone(), | user_id.clone(), | ||||
device_id, | device_id, | ||||
login_time, | login_time, | ||||
user_identifier.into(), | user_identifier.into(), | ||||
&mut OsRng, | &mut OsRng, | ||||
); | ); | ||||
let access_token = token.access_token.clone(); | let access_token = token.access_token.clone(); | ||||
▲ Show 20 Lines • Show All 371 Lines • Show Last 20 Lines |