fix(auth): remove JWT cookie when it's invalid
This commit is contained in:
parent
f0fad9a90a
commit
d70d622e04
2 changed files with 20 additions and 4 deletions
7
TODO.md
7
TODO.md
|
|
@ -28,8 +28,13 @@
|
||||||
|
|
||||||
- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
|
- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
|
||||||
|
|
||||||
- [ ] Redirect to login when JWT expire
|
- [ ] UserWebGUI: Redirect to login when JWT expire
|
||||||
|
- [ ] UserWebGUI: Show user authorizations.
|
||||||
|
- [ ] UserWebGUI: Show available apps
|
||||||
|
- [ ] UserWebGUI: Direct user grant flow, User can login to the target app/client, event if it did
|
||||||
|
not started here.
|
||||||
- [ ] Add admin panel via API
|
- [ ] Add admin panel via API
|
||||||
|
- [ ] AdminWebGUI: Ability to create invitation links
|
||||||
- [ ] Add admin CLI
|
- [ ] Add admin CLI
|
||||||
|
|
||||||
- [ ] add TOTP
|
- [ ] add TOTP
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,10 @@
|
||||||
|
use axum::{
|
||||||
use axum::{extract::{OriginalUri, Request, State}, http::StatusCode, middleware::Next, response::{Html, IntoResponse, Redirect, Response}, Extension};
|
extract::{OriginalUri, Request, State},
|
||||||
|
http::{HeaderMap, HeaderValue, StatusCode},
|
||||||
|
middleware::Next,
|
||||||
|
response::{Html, IntoResponse, Redirect, Response},
|
||||||
|
Extension
|
||||||
|
};
|
||||||
use axum_extra::extract::CookieJar;
|
use axum_extra::extract::CookieJar;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
|
@ -12,6 +17,7 @@ use crate::{
|
||||||
/// add optional auth to the extension data
|
/// add optional auth to the extension data
|
||||||
pub async fn auth_middleware(
|
pub async fn auth_middleware(
|
||||||
State(app_state): State<AppState>,
|
State(app_state): State<AppState>,
|
||||||
|
OriginalUri(original_uri): OriginalUri,
|
||||||
cookies: CookieJar,
|
cookies: CookieJar,
|
||||||
mut req: Request,
|
mut req: Request,
|
||||||
next: Next,
|
next: Next,
|
||||||
|
|
@ -26,8 +32,13 @@ pub async fn auth_middleware(
|
||||||
let token_claims: UserTokenClaims = match verify_token(&app_state.secrets, jwt) {
|
let token_claims: UserTokenClaims = match verify_token(&app_state.secrets, jwt) {
|
||||||
Ok(val) => val,
|
Ok(val) => val,
|
||||||
Err(_e) => {
|
Err(_e) => {
|
||||||
|
// UserWebGUI: delete invalid JWT cookie
|
||||||
|
let mut headers = HeaderMap::new();
|
||||||
|
let jwt_cookie = "minauth_jwt=deleted; SameSite=Lax; Max-Age=0".to_string();
|
||||||
|
headers.insert("Set-Cookie", HeaderValue::from_str(&jwt_cookie).unwrap());
|
||||||
|
headers.insert("Location", HeaderValue::from_str(&original_uri.to_string()).unwrap());
|
||||||
return Err(
|
return Err(
|
||||||
(StatusCode::UNAUTHORIZED, Html("Unauthorized: The provided JWT is invalid."))
|
(StatusCode::SEE_OTHER, headers, Html("Unauthorized: Invalid JWT cookie."))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue