Get expiry time out of access token & propagate

2025-01-18 02:40:13 +00:00 · 2021-12-03 11:32:29 -08:00 · 2021-12-03 11:32:29 -08:00 · 43c528fdb6
commit 43c528fdb6
parent da4b9922d4
5 changed files with 139 additions and 17 deletions
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@ -340,6 +340,15 @@ public:
 		_config.authenticationURL[strlen(url)] = 0;
 	}

+	uint64_t getExpiryTime() {
+		if (_idc == nullptr) {
+			fprintf(stderr, "idc is null\n");
+			return 0;
+		}
+
+		return zeroidc::zeroidc_get_exp_time(_idc);
+	}
+
 private:
 	unsigned int _webPort;
 	std::shared_ptr<EthernetTap> _tap;
@ -463,7 +472,7 @@ static void _networkToJson(nlohmann::json &nj,NetworkState &ns)
 		const char* authURL = ns.getAuthURL();
 		fprintf(stderr, "Auth URL: %s\n", authURL);
 		nj["authenticationURL"] = authURL;
-		nj["authenticationExpiryTime"] = ns.config().authenticationExpiryTime;
+		nj["authenticationExpiryTime"] = (ns.getExpiryTime()*1000);
 		nj["ssoEnabled"] = ns.config().ssoEnabled;
 	}
 }
--- a/zeroidc/Cargo.lock
+++ b/zeroidc/Cargo.lock
@ -28,6 +28,12 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"

+[[package]]
+name = "base64"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"
+
 [[package]]
 name = "base64"
 version = "0.13.0"
@ -102,6 +108,7 @@ dependencies = [
 "num-integer",
 "num-traits",
 "serde",
+ "time",
 "winapi",
 ]

@ -450,6 +457,20 @@ dependencies = [
 "wasm-bindgen",
 ]

+[[package]]
+name = "jsonwebtoken"
+version = "7.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "afabcc15e437a6484fc4f12d0fd63068fe457bf93f1c148d3d9649c60b103f32"
+dependencies = [
+ "base64 0.12.3",
+ "pem",
+ "ring",
+ "serde",
+ "serde_json",
+ "simple_asn1",
+]
+
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@ -538,6 +559,17 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "num-bigint"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-bigint"
 version = "0.4.3"
@ -584,7 +616,7 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "80e47cfc4c0a1a519d9a025ebfbac3a2439d1b5cdf397d72dcb79b11d9920dab"
 dependencies = [
- "base64",
+ "base64 0.13.0",
 "chrono",
 "getrandom",
 "http",
@ -616,12 +648,12 @@ version = "2.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d523cf32bdf7696f36bc4198a42c34b65f0227b97f2f501ebfbe016baa5bc52"
 dependencies = [
- "base64",
+ "base64 0.13.0",
 "chrono",
 "http",
 "itertools",
 "log",
- "num-bigint",
+ "num-bigint 0.4.3",
 "oauth2",
 "rand",
 "ring",
@ -677,6 +709,17 @@ dependencies = [
 "num-traits",
 ]

+[[package]]
+name = "pem"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb"
+dependencies = [
+ "base64 0.13.0",
+ "once_cell",
+ "regex",
+]
+
 [[package]]
 name = "percent-encoding"
 version = "2.1.0"
@ -774,6 +817,21 @@ dependencies = [
 "bitflags",
 ]

+[[package]]
+name = "regex"
+version = "1.5.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461"
+dependencies = [
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.6.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b"
+
 [[package]]
 name = "remove_dir_all"
 version = "0.5.3"
@ -789,7 +847,7 @@ version = "0.11.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5"
 dependencies = [
- "base64",
+ "base64 0.13.0",
 "bytes",
 "encoding_rs",
 "futures-core",
@ -856,7 +914,7 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
 dependencies = [
- "base64",
+ "base64 0.13.0",
 ]

 [[package]]
@ -983,6 +1041,17 @@ dependencies = [
 "opaque-debug",
 ]

+[[package]]
+name = "simple_asn1"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b"
+dependencies = [
+ "chrono",
+ "num-bigint 0.2.6",
+ "num-traits",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.5"
@ -1065,6 +1134,16 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "time"
+version = "0.1.43"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
 [[package]]
 name = "tinyvec"
 version = "1.5.0"
@ -1404,9 +1483,11 @@ dependencies = [
 name = "zeroidc"
 version = "0.1.0"
 dependencies = [
- "base64",
+ "base64 0.13.0",
 "cbindgen",
+ "jsonwebtoken",
 "openidconnect",
 "reqwest",
+ "serde",
 "url",
 ]
--- a/zeroidc/Cargo.toml
+++ b/zeroidc/Cargo.toml
@ -16,6 +16,8 @@ openidconnect = "2.1.2"
 base64 = "0.13.0"
 url = "2.2.2"
 reqwest = "0.11.7"
+jsonwebtoken = "7.2.0"
+serde = "1.0.130"

 [build-dependencies]
 cbindgen = "0.20.0"
--- a/zeroidc/src/ext.rs
+++ b/zeroidc/src/ext.rs
@ -91,6 +91,16 @@ pub extern "C" fn zeroidc_is_running(ptr: *mut ZeroIDC) -> bool {
    idc.is_running()
 }

+#[no_mangle]
+pub extern "C" fn zeroidc_get_exp_time(ptr: *mut ZeroIDC) -> u64 {
+    let id = unsafe {
+        assert!(!ptr.is_null());
+        &mut *ptr
+    };
+
+    id.get_exp_time()
+}
+
 #[no_mangle]
 pub extern "C" fn zeroidc_process_form_post(ptr: *mut ZeroIDC, body: *const c_char) -> bool {
    let idc = unsafe {
--- a/zeroidc/src/lib.rs
+++ b/zeroidc/src/lib.rs
@ -7,17 +7,14 @@ extern crate url;
 use std::sync::{Arc, Mutex};
 use std::thread::{sleep, spawn, JoinHandle};
 use std::time::Duration;
-
+use serde::{Deserialize, Serialize};
 use openidconnect::core::{CoreClient, CoreProviderMetadata, CoreResponseType};
 use openidconnect::reqwest::http_client;
-use openidconnect::{AuthenticationFlow, PkceCodeVerifier, TokenResponse, OAuth2TokenResponse};
-use openidconnect::{AuthorizationCode, ClientId, CsrfToken, IssuerUrl, Nonce, PkceCodeChallenge, RedirectUrl, RequestTokenError, Scope};
-
-use reqwest::blocking::Client;
+use openidconnect::{AccessToken, AuthorizationCode, AuthenticationFlow, ClientId, CsrfToken, IssuerUrl, Nonce, OAuth2TokenResponse, PkceCodeChallenge, PkceCodeVerifier, RedirectUrl, RefreshToken, Scope, TokenResponse};
+use jsonwebtoken::{dangerous_insecure_decode};

 use url::Url;

-
 pub struct ZeroIDC {
    inner: Arc<Mutex<Inner>>,
 }
@ -28,6 +25,14 @@ struct Inner {
    auth_endpoint: String,
    oidc_thread: Option<JoinHandle<()>>,
    oidc_client: Option<openidconnect::core::CoreClient>,
+    access_token: Option<AccessToken>,
+    refresh_token: Option<RefreshToken>,
+    exp_time: u64,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Exp {
+    exp: u64
 }

 fn csrf_func(csrf_token: String) -> Box<dyn Fn() -> CsrfToken> {
@ -60,6 +65,9 @@ impl ZeroIDC {
                auth_endpoint: auth_ep.to_string(),
                oidc_thread: None,
                oidc_client: None,
+                access_token: None,
+                refresh_token: None,
+                exp_time: 0,
            })),
        };

@ -147,7 +155,11 @@ impl ZeroIDC {
    }

    fn get_network_id(&mut self) -> String {
-        return (*self.inner.lock().unwrap()).network_id.clone()
+        return (*self.inner.lock().unwrap()).network_id.clone();
+    }
+
+    fn get_exp_time(&mut self) -> u64 {
+        return (*self.inner.lock().unwrap()).exp_time;
    }

    fn do_token_exchange(&mut self, auth_info: &mut AuthInfo, code: &str) {
@ -185,6 +197,17 @@ impl ZeroIDC {
                    Ok(res) => {
                        println!("hit url: {}", res.url().as_str());
                        println!("Status: {}", res.status());
+
+                        let at = tok.access_token().secret();
+                        let exp = dangerous_insecure_decode::<Exp>(&at);
+                        if let Ok(e) = exp {
+                            (*self.inner.lock().unwrap()).exp_time = e.claims.exp
+                        }
+
+                        (*self.inner.lock().unwrap()).access_token = Some(tok.access_token().clone());
+                        if let Some(t) = tok.refresh_token() {
+                            (*self.inner.lock().unwrap()).refresh_token = Some(t.clone());
+                        }
                    },
                    Err(res) => {
                        println!("hit url: {}", res.url().unwrap().as_str());
@ -193,9 +216,6 @@ impl ZeroIDC {
                    }
                }

-                let claims = (*self.inner.lock().unwrap()).oidc_client.as_ref().map(|c| {
-
-                });
                let access_token = tok.access_token();
                println!("Access Token: {}", access_token.secret());