actix-web-security 0.1.0

Basic-Auth / OAuth2 easy-to-use authentication modules for actix web
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

use actix_web::dev::Service;
use actix_web::http::header;
use actix_web::{get, test, App, HttpResponse, Responder};
use async_trait::async_trait;
use jsonwebtoken::{decode, encode, Algorithm, DecodingKey, EncodingKey, Header, Validation};

use actix_web_security::authentication::endpoint_matcher::AllEndpointsMatcher;
use actix_web_security::authentication::error::error_type::AuthenticationError;
use actix_web_security::authentication::middleware::HttpAuthenticationMiddleware;
use actix_web_security::authentication::scheme::bearer::jwt::authentication_provider::JwtAuthenticationProvider;
use actix_web_security::authentication::scheme::bearer::jwt::default_jwt::DefaultJwt;
use actix_web_security::authentication::scheme::bearer::jwt::header_extractor::BearerAuthenticationExtractor;
use actix_web_security::authentication::scheme::bearer::jwt::token::decoder::TokenDecoder;
use actix_web_security::authentication::scheme::bearer::jwt::token::Claims;
use actix_web_security::authentication::scheme::bearer::jwt::user_details_service::JwtUserDetailsService;
use actix_web_security::authentication::ProviderManager;
use actix_web_security::user_details::UserDetails;

use common::deserialize_json;
use common::User;

mod common;

#[derive(Clone)]
struct JwtUserDetailsServiceImpl {}

#[async_trait]
impl JwtUserDetailsService for JwtUserDetailsServiceImpl {
    async fn find_user(&self, token: &Box<dyn Claims>) -> Option<Box<dyn UserDetails>> {
        if token.is::<DefaultJwt>() {
            if let Some(claims) = token.downcast_ref::<DefaultJwt>() {
                if let Some(sub) = &claims.sub {
                    if sub == &"test".to_string() {
                        return Some(Box::new(User {
                            username: sub.clone(),
                        }));
                    }
                }
            }
        }
        None
    }
}

#[get("/test")]
async fn test_endpoint(user: User) -> impl Responder {
    HttpResponse::Ok().json(user)
}

fn init_middleware(
) -> HttpAuthenticationMiddleware<BearerAuthenticationExtractor<DefaultJwt>, AllEndpointsMatcher> {
    let user_details_service = JwtUserDetailsServiceImpl {};

    let authentication_provider = JwtAuthenticationProvider::new(Box::new(user_details_service));

    let provider_manager = ProviderManager::new(vec![Box::new(authentication_provider)]);

    let jwt_decoder = SimpleTokenDecoder {};

    let authentication_extractor = BearerAuthenticationExtractor::new(vec![Box::new(jwt_decoder)]);

    let authentication_middleware = HttpAuthenticationMiddleware::new(
        provider_manager,
        Box::new(authentication_extractor),
        Box::new(AllEndpointsMatcher::new()),
    );

    authentication_middleware
}

#[actix_rt::test]
async fn validate_bearer_auth_succeeds() {
    let claims = DefaultJwt {
        iss: None,
        sub: Some("test".to_string()),
        aud: None,
        exp: Some(10000000000),
        nbf: None,
        iat: None,
        jti: None,
    };
    let key = &EncodingKey::from_secret("secret".as_ref());
    let token = encode(&Header::default(), &claims, key).expect("Token couldn't be encoded");

    let mut service =
        test::init_service(App::new().wrap(init_middleware()).service(test_endpoint)).await;

    let req = test::TestRequest::get()
        .uri("/test")
        .header(header::AUTHORIZATION, format!("Bearer {}", token))
        .to_request();

    match service.call(req).await {
        Ok(mut service_response) => {
            assert!(&service_response.status().is_success());
            assert_eq!(
                User {
                    username: "test".to_string()
                },
                deserialize_json(&mut service_response.take_body()).await
            );
        }
        Err(e) => panic!("Error occurred: {}", e),
    }
}

#[actix_rt::test]
async fn validate_bearer_auth_invalid_credentials() {
    let claims = DefaultJwt {
        iss: None,
        sub: Some("unknown".to_string()),
        aud: None,
        exp: Some(10000000000),
        nbf: None,
        iat: None,
        jti: None,
    };
    let token = encode(
        &Header::new(Algorithm::default()),
        &claims,
        &EncodingKey::from_secret("secret".as_ref()),
    )
    .expect("Token couldn't be encoded");

    let mut service =
        test::init_service(App::new().wrap(init_middleware()).service(test_endpoint)).await;

    let req = test::TestRequest::get()
        .uri("/test")
        .header(header::AUTHORIZATION, format!("Bearer {}", token))
        .to_request();

    match service.call(req).await {
        Ok(service_response) => panic!("Error expected: {:?}", service_response),
        Err(e) => assert_eq!(
            &AuthenticationError::UsernameNotFound,
            e.as_error().expect("error expected")
        ),
    }
}

#[derive(Clone)]
struct SimpleTokenDecoder {}

impl TokenDecoder<DefaultJwt> for SimpleTokenDecoder {
    fn decode_token(&self, token: &str) -> Result<Box<DefaultJwt>, AuthenticationError> {
        let key = &DecodingKey::from_secret("secret".as_ref());
        match decode::<DefaultJwt>(&token, key, &Validation::default()) {
            Ok(token_data) => Ok(Box::new(token_data.claims)),
            Err(_) => Err(AuthenticationError::InvalidToken),
        }
    }
}