diff --git a/src/api/client_server/sso.rs b/src/api/client_server/sso.rs index c5e3b0e3..bb7719bc 100644 --- a/src/api/client_server/sso.rs +++ b/src/api/client_server/sso.rs @@ -122,7 +122,7 @@ pub async fn get_sso_redirect_with_provider_route( AuthorizationRequestData::new( provider.config.client_id.clone(), provider.config.scopes.clone(), - redirect_url, + callback, ), &mut StdRng::from_entropy(), ) @@ -130,6 +130,7 @@ pub async fn get_sso_redirect_with_provider_route( let signed = services().globals.sign_claims(&ValidationData::new( Borrow::::borrow(provider).to_owned(), + redirect_url.to_string(), validation_data, )); @@ -139,7 +140,7 @@ pub async fn get_sso_redirect_with_provider_route( utils::build_cookie( SSO_SESSION_COOKIE, &signed, - "/_conduit/client/sso/callback", + CALLBACK_PATH, Some(SSO_AUTH_EXPIRATION_SECS), ) .to_string(), @@ -181,6 +182,7 @@ async fn handle_callback_helper(req: axum::extract::Request) -> Result Result Result Result Result> { @@ -16,7 +16,7 @@ impl service::sso::Data for KeyValueDatabase { key.push(0xff); key.extend_from_slice(subject.as_bytes()); - self.subject_userid.get(&key)?.map_or(Ok(None), |bytes| { + self.providersubjectid_userid.get(&key)?.map_or(Ok(None), |bytes| { Some( UserId::parse(utils::string_from_bytes(&bytes).map_err(|_| { Error::bad_database("User ID in claim_userid is invalid unicode.") diff --git a/src/database/mod.rs b/src/database/mod.rs index 39550a93..a52fb637 100644 --- a/src/database/mod.rs +++ b/src/database/mod.rs @@ -49,8 +49,6 @@ pub struct KeyValueDatabase { pub(super) userdeviceid_metadata: Arc, // This is also used to check if a device exists pub(super) userid_devicelistversion: Arc, // DevicelistVersion = u64 pub(super) token_userdeviceid: Arc, - pub(super) subject_userid: Arc, - pub(super) onetimekeyid_onetimekeys: Arc, // OneTimeKeyId = UserId + DeviceKeyId pub(super) userid_lastonetimekeyupdate: Arc, // LastOneTimeKeyUpdate = Count pub(super) keychangeid_userid: Arc, // KeyChangeId = UserId/RoomId + Count @@ -290,8 +288,6 @@ impl KeyValueDatabase { userdeviceid_metadata: builder.open_tree("userdeviceid_metadata")?, userid_devicelistversion: builder.open_tree("userid_devicelistversion")?, token_userdeviceid: builder.open_tree("token_userdeviceid")?, - subject_userid: builder.open_tree("subject_userid")?, - onetimekeyid_onetimekeys: builder.open_tree("onetimekeyid_onetimekeys")?, userid_lastonetimekeyupdate: builder.open_tree("userid_lastonetimekeyupdate")?, keychangeid_userid: builder.open_tree("keychangeid_userid")?, diff --git a/src/main.rs b/src/main.rs index c3ad4c1e..15b59be4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -283,7 +283,10 @@ fn routes(config: &Config) -> Router { .ruma_route(client_server::get_sso_redirect_with_provider_route) // The specification will likely never introduce any endpoint for handling authorization callbacks. // As a workaround, we use custom path that redirects the user to the default login handler. - .route(CALLBACK_PATH, get(client_server::handle_callback_route)) + .route( + &format!("/{CALLBACK_PATH}"), + get(client_server::handle_callback_route), + ) .ruma_route(client_server::get_capabilities_route) .ruma_route(client_server::get_pushrules_all_route) .ruma_route(client_server::set_pushrule_route) diff --git a/src/service/sso/mod.rs b/src/service/sso/mod.rs index 31c9c3ab..242d92cc 100644 --- a/src/service/sso/mod.rs +++ b/src/service/sso/mod.rs @@ -152,13 +152,14 @@ impl LoginToken { #[derive(Clone, Debug, Deserialize, Serialize)] pub struct ValidationData { pub provider: String, + pub redirect_url: String, #[serde(flatten, with = "AuthorizationValidationDataDef")] pub inner: AuthorizationValidationData, } impl ValidationData { - pub fn new(provider: String, inner: AuthorizationValidationData) -> Self { - Self { provider, inner } + pub fn new(provider: String, redirect_url: String, inner: AuthorizationValidationData) -> Self { + Self { provider, redirect_url, inner } } }