From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 692EB1FF164 for ; Wed, 9 Oct 2024 13:30:53 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F2457362D1; Wed, 9 Oct 2024 13:31:20 +0200 (CEST) Date: Wed, 9 Oct 2024 13:30:47 +0200 From: Christoph Heiss To: Markus Frank Message-ID: References: <20240624090850.4683-1-m.frank@proxmox.com> <20240624090850.4683-3-m.frank@proxmox.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240624090850.4683-3-m.frank@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.030 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pmg-devel] [PATCH proxmox-perl-rs v3 2/8] move openid code from pve-rs to common X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: pmg-devel@lists.proxmox.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pmg-devel-bounces@lists.proxmox.com Sender: "pmg-devel" Patch unfortunately does not apply anymore, so needs to be rebased, as well as the next/other one for proxmox-perl-rs. On Mon, Jun 24, 2024 at 11:08:44AM GMT, Markus Frank wrote: > Change pve-rs functions to be wrapper functions for common. > > Signed-off-by: Markus Frank > --- > common/pkg/Makefile | 1 + > common/src/mod.rs | 1 + > common/src/openid/mod.rs | 63 ++++++++++++++++++++++++++++++++++++++++ > pmg-rs/Cargo.toml | 1 + > pmg-rs/debian/control | 1 + > pve-rs/src/openid/mod.rs | 32 +++++--------------- > 6 files changed, 75 insertions(+), 24 deletions(-) > create mode 100644 common/src/openid/mod.rs > > diff --git a/common/pkg/Makefile b/common/pkg/Makefile > index 78f2d64..a31264f 100644 > --- a/common/pkg/Makefile > +++ b/common/pkg/Makefile > @@ -24,6 +24,7 @@ PERLMOD_PACKAGES := \ > Proxmox::RS::APT::Repositories \ > Proxmox::RS::CalendarEvent \ > Proxmox::RS::Notify \ > + Proxmox::RS::OpenId \ > Proxmox::RS::Subscription > > PERLMOD_PACKAGE_FILES := $(addsuffix .pm,$(subst ::,/,$(PERLMOD_PACKAGES))) > diff --git a/common/src/mod.rs b/common/src/mod.rs > index c3574f4..8c22a46 100644 > --- a/common/src/mod.rs > +++ b/common/src/mod.rs > @@ -2,4 +2,5 @@ pub mod apt; > mod calendar_event; > pub mod logger; > pub mod notify; > +pub mod openid; > mod subscription; > diff --git a/common/src/openid/mod.rs b/common/src/openid/mod.rs > new file mode 100644 > index 0000000..13bbaab > --- /dev/null > +++ b/common/src/openid/mod.rs > @@ -0,0 +1,63 @@ > +#[perlmod::package(name = "Proxmox::RS::OpenId")] > +pub mod export { > + use std::sync::Mutex; > + > + use anyhow::Error; > + > + use perlmod::{to_value, Value}; > + > + use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState}; > + > + perlmod::declare_magic!(Box : &OpenId as "Proxmox::RS::OpenId"); > + > + /// An OpenIdAuthenticator client instance. > + pub struct OpenId { > + inner: Mutex, > + } > + > + /// Create a new OpenId client instance > + #[export(raw_return)] > + pub fn discover( > + #[raw] class: Value, > + config: OpenIdConfig, > + redirect_url: &str, > + ) -> Result { > + let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?; > + Ok(perlmod::instantiate_magic!( > + &class, > + MAGIC => Box::new(OpenId { > + inner: Mutex::new(open_id), > + }) > + )) > + } > + > + #[export] > + pub fn authorize_url( > + #[try_from_ref] this: &OpenId, > + state_dir: &str, > + realm: &str, > + ) -> Result { > + let open_id = this.inner.lock().unwrap(); > + open_id.authorize_url(state_dir, realm) > + } > + > + #[export] > + pub fn verify_public_auth_state( > + state_dir: &str, > + state: &str, > + ) -> Result<(String, PrivateAuthState), Error> { > + OpenIdAuthenticator::verify_public_auth_state(state_dir, state) > + } > + > + #[export(raw_return)] > + pub fn verify_authorization_code( > + #[try_from_ref] this: &OpenId, > + code: &str, > + private_auth_state: PrivateAuthState, > + ) -> Result { > + let open_id = this.inner.lock().unwrap(); > + let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?; > + > + Ok(to_value(&claims)?) > + } > +} > diff --git a/pmg-rs/Cargo.toml b/pmg-rs/Cargo.toml > index 6557605..4b9568f 100644 > --- a/pmg-rs/Cargo.toml > +++ b/pmg-rs/Cargo.toml > @@ -41,3 +41,4 @@ proxmox-subscription = "0.4" > proxmox-sys = "0.5" > proxmox-tfa = { version = "4.0.4", features = ["api"] } > proxmox-time = "2" > +proxmox-openid = "0.10.0" > diff --git a/pmg-rs/debian/control b/pmg-rs/debian/control > index 5a63b5d..dcc32eb 100644 > --- a/pmg-rs/debian/control > +++ b/pmg-rs/debian/control > @@ -24,6 +24,7 @@ Build-Depends: cargo:native , > librust-proxmox-http-error-0.1+default-dev, > librust-proxmox-notify-0.4+default-dev, > librust-proxmox-subscription-0.4+default-dev, > + librust-proxmox-openid-0.10+default-dev, > librust-proxmox-sys-0.5+default-dev, > librust-proxmox-tfa-4+api-dev (>= 4.0.4-~~), > librust-proxmox-tfa-4+default-dev (>= 4.0.4-~~), > diff --git a/pve-rs/src/openid/mod.rs b/pve-rs/src/openid/mod.rs > index 1fa7572..d3ad5a5 100644 > --- a/pve-rs/src/openid/mod.rs > +++ b/pve-rs/src/openid/mod.rs > @@ -1,19 +1,13 @@ > #[perlmod::package(name = "PVE::RS::OpenId", lib = "pve_rs")] > mod export { > - use std::sync::Mutex; > - > use anyhow::Error; > > - use perlmod::{to_value, Value}; > - > - use proxmox_openid::{OpenIdAuthenticator, OpenIdConfig, PrivateAuthState}; > + use perlmod::Value; > > - perlmod::declare_magic!(Box : &OpenId as "PVE::RS::OpenId"); > + use proxmox_openid::{OpenIdConfig, PrivateAuthState}; > > - /// An OpenIdAuthenticator client instance. > - pub struct OpenId { > - inner: Mutex, > - } > + use crate::common::openid::export as common; > + use crate::common::openid::export::OpenId as OpenId; > > /// Create a new OpenId client instance > #[export(raw_return)] > @@ -22,13 +16,7 @@ mod export { > config: OpenIdConfig, > redirect_url: &str, > ) -> Result { > - let open_id = OpenIdAuthenticator::discover(&config, redirect_url)?; > - Ok(perlmod::instantiate_magic!( > - &class, > - MAGIC => Box::new(OpenId { > - inner: Mutex::new(open_id), > - }) > - )) > + common::discover(class, config, redirect_url) > } > > #[export] > @@ -37,8 +25,7 @@ mod export { > state_dir: &str, > realm: &str, > ) -> Result { > - let open_id = this.inner.lock().unwrap(); > - open_id.authorize_url(state_dir, realm) > + common::authorize_url(this, state_dir, realm) > } > > #[export] > @@ -46,7 +33,7 @@ mod export { > state_dir: &str, > state: &str, > ) -> Result<(String, PrivateAuthState), Error> { > - OpenIdAuthenticator::verify_public_auth_state(state_dir, state) > + common::verify_public_auth_state(state_dir, state) > } > > #[export(raw_return)] > @@ -55,9 +42,6 @@ mod export { > code: &str, > private_auth_state: PrivateAuthState, > ) -> Result { > - let open_id = this.inner.lock().unwrap(); > - let claims = open_id.verify_authorization_code_simple(code, &private_auth_state)?; > - > - Ok(to_value(&claims)?) > + common::verify_authorization_code(this, code, private_auth_state) > } > } > -- > 2.39.2 > > > > _______________________________________________ > pmg-devel mailing list > pmg-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel > > _______________________________________________ pmg-devel mailing list pmg-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel