Wait to create access token until we impersonate a user
Nathan Sobo
created 3 years ago
We need to wait to create the token until we decide on whether we're impersonating a different user, otherwise we'll create the token for the original user and the impersonated user won't be able to authenticate.
Change summary
crates/server/src/api.rs | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Detailed changes
@@ -111,7 +111,6 @@ async fn create_access_token(request: Request) -> tide::Result {
.get_user_by_github_login(request.param("github_login")?)
.await?
.ok_or_else(|| surf::Error::from_str(StatusCode::NotFound, "user not found"))?;
- let access_token = auth::create_access_token(request.db().as_ref(), user.id).await?;
#[derive(Deserialize)]
struct QueryParams {
@@ -123,9 +122,6 @@ async fn create_access_token(request: Request) -> tide::Result {
surf::Error::from_str(StatusCode::UnprocessableEntity, "invalid query params")
})?;
- let encrypted_access_token =
- auth::encrypt_access_token(&access_token, query_params.public_key.clone())?;
-
let mut user_id = user.id;
if let Some(impersonate) = query_params.impersonate {
if user.admin {
@@ -151,6 +147,10 @@ async fn create_access_token(request: Request) -> tide::Result {
}
}
+ let access_token = auth::create_access_token(request.db().as_ref(), user_id).await?;
+ let encrypted_access_token =
+ auth::encrypt_access_token(&access_token, query_params.public_key.clone())?;
+
Ok(tide::Response::builder(StatusCode::Ok)
.body(json!({"user_id": user_id, "encrypted_access_token": encrypted_access_token}))
.build())