rustauth-sso 0.3.0

Single sign-on support for RustAuth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;

use serde::{Deserialize, Serialize};

type AuditEventFuture = Pin<Box<dyn Future<Output = ()> + Send>>;

#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
/// Severity level for SSO audit events.
pub enum SsoAuditSeverity {
    /// Informational event.
    Info,
    /// Suspicious or recoverable condition.
    Warn,
    /// Failed security-sensitive operation.
    Error,
}

#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
/// SSO audit event kind emitted by provider, domain, SAML, and SLO flows.
pub enum SsoAuditEventKind {
    /// A provider was registered.
    ProviderRegistered,
    /// A provider was updated.
    ProviderUpdated,
    /// A provider was deleted.
    ProviderDeleted,
    /// A domain verification token was requested.
    DomainVerificationRequested,
    /// Domain verification succeeded.
    DomainVerificationSucceeded,
    /// Domain verification failed.
    DomainVerificationFailed,
    /// A previously verified provider domain was revoked by an update.
    DomainVerificationRevoked,
    /// A replayed SAML assertion was rejected.
    SamlReplayRejected,
    /// SAML signature validation failed.
    SamlSignatureFailed,
    /// A SAML SLO flow deleted a local session.
    SamlSloSessionDeleted,
}

#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
/// Audit event emitted by the SSO plugin.
pub struct SsoAuditEvent {
    /// Event kind.
    pub kind: SsoAuditEventKind,
    /// Event severity.
    pub severity: SsoAuditSeverity,
    /// Provider id related to the event, when available.
    pub provider_id: Option<String>,
    /// User id related to the event, when available.
    pub user_id: Option<String>,
    /// Organization id related to the event, when available.
    pub organization_id: Option<String>,
    /// Human-readable reason or stable error code.
    pub reason: Option<String>,
}

impl SsoAuditEvent {
    /// Create an audit event with no optional context.
    pub fn new(kind: SsoAuditEventKind, severity: SsoAuditSeverity) -> Self {
        Self {
            kind,
            severity,
            provider_id: None,
            user_id: None,
            organization_id: None,
            reason: None,
        }
    }

    #[must_use]
    /// Attach a provider id to the event.
    pub fn provider_id(mut self, provider_id: impl Into<String>) -> Self {
        self.provider_id = Some(provider_id.into());
        self
    }

    #[must_use]
    /// Attach a user id to the event.
    pub fn user_id(mut self, user_id: impl Into<String>) -> Self {
        self.user_id = Some(user_id.into());
        self
    }

    #[must_use]
    /// Attach an organization id to the event.
    pub fn organization_id(mut self, organization_id: impl Into<String>) -> Self {
        self.organization_id = Some(organization_id.into());
        self
    }

    #[must_use]
    /// Attach a reason or stable error code to the event.
    pub fn reason(mut self, reason: impl Into<String>) -> Self {
        self.reason = Some(reason.into());
        self
    }
}

#[derive(Clone)]
/// Async sink for SSO audit events.
pub struct SsoAuditEventResolver {
    resolver: Arc<dyn Fn(SsoAuditEvent) -> AuditEventFuture + Send + Sync>,
}

impl SsoAuditEventResolver {
    /// Create an audit event sink from an async function.
    pub fn new<F, Fut>(resolver: F) -> Self
    where
        F: Fn(SsoAuditEvent) -> Fut + Send + Sync + 'static,
        Fut: Future<Output = ()> + Send + 'static,
    {
        Self {
            resolver: Arc::new(move |event| Box::pin(resolver(event))),
        }
    }

    /// Emit an audit event.
    pub async fn resolve(&self, event: SsoAuditEvent) {
        (self.resolver)(event).await;
    }
}

impl std::fmt::Debug for SsoAuditEventResolver {
    fn fmt(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        formatter.write_str("SsoAuditEventResolver(..)")
    }
}

impl PartialEq for SsoAuditEventResolver {
    fn eq(&self, _other: &Self) -> bool {
        true
    }
}

impl Eq for SsoAuditEventResolver {}