From 6a1be11aa63fc0ddbdd782fd14de3c19d1a36edf Mon Sep 17 00:00:00 2001 From: Nathan Sobo Date: Mon, 4 Apr 2022 15:07:55 -0600 Subject: [PATCH] Wait to create access token until we impersonate a user We need to wait to create the token until we decide on whether we're impersonating a different user, otherwise we'll create the token for the original user and the impersonated user won't be able to authenticate. --- crates/server/src/api.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crates/server/src/api.rs b/crates/server/src/api.rs index 69b60fe9ec4ae21359e5cdfe932d244b1aea67f6..c909650f26e7466e09ab845b6174da062747da95 100644 --- a/crates/server/src/api.rs +++ b/crates/server/src/api.rs @@ -111,7 +111,6 @@ async fn create_access_token(request: Request) -> tide::Result { .get_user_by_github_login(request.param("github_login")?) .await? .ok_or_else(|| surf::Error::from_str(StatusCode::NotFound, "user not found"))?; - let access_token = auth::create_access_token(request.db().as_ref(), user.id).await?; #[derive(Deserialize)] struct QueryParams { @@ -123,9 +122,6 @@ async fn create_access_token(request: Request) -> tide::Result { surf::Error::from_str(StatusCode::UnprocessableEntity, "invalid query params") })?; - let encrypted_access_token = - auth::encrypt_access_token(&access_token, query_params.public_key.clone())?; - let mut user_id = user.id; if let Some(impersonate) = query_params.impersonate { if user.admin { @@ -151,6 +147,10 @@ async fn create_access_token(request: Request) -> tide::Result { } } + let access_token = auth::create_access_token(request.db().as_ref(), user_id).await?; + let encrypted_access_token = + auth::encrypt_access_token(&access_token, query_params.public_key.clone())?; + Ok(tide::Response::builder(StatusCode::Ok) .body(json!({"user_id": user_id, "encrypted_access_token": encrypted_access_token})) .build())