1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
use async_trait::async_trait;
use shield::{
Action, ActionMethod, Form, MethodSession, Request, Response, ResponseType, SessionAction,
ShieldError, SignOutAction, erased_action,
};
use crate::{provider::OidcProvider, session::OidcSession};
pub struct OidcSignOutAction;
#[async_trait]
impl Action<OidcProvider, OidcSession> for OidcSignOutAction {
fn id(&self) -> String {
SignOutAction::id()
}
fn name(&self) -> String {
SignOutAction::name()
}
fn openapi_summary(&self) -> &'static str {
"Sign out with OpenID Connect"
}
fn openapi_description(&self) -> &'static str {
"Sign out with OpenID Connect."
}
fn method(&self) -> ActionMethod {
ActionMethod::Post
}
fn condition(
&self,
provider: &OidcProvider,
session: &MethodSession<OidcSession>,
) -> Result<bool, ShieldError> {
SignOutAction::condition(provider, session)
}
async fn forms(&self, provider: OidcProvider) -> Result<Vec<Form>, ShieldError> {
SignOutAction::forms(provider).await
}
async fn call(
&self,
_provider: OidcProvider,
_session: &MethodSession<OidcSession>,
_request: Request,
) -> Result<Response, ShieldError> {
// TODO: See [`OidcProvider::oidc_client`].
// let provider = match request.provider_id {
// Some(provider_id) => self.oidc_provider_by_id_or_slug(&provider_id).await?,
// None => return Err(ProviderError::ProviderMissing.into()),
// };
// let connection_id = {
// let session_data = session.data();
// let session_data = session_data
// .lock()
// .map_err(|err| SessionError::Lock(err.to_string()))?;
// session_data.oidc_connection_id.clone()
// };
// if let Some(connection_id) = connection_id {
// if let Some(connection) = self.storage.oidc_connection_by_id(&connection_id).await? {
// debug!("revoking access token {:?}", connection.access_token);
// let token = AccessToken::new(connection.access_token);
// let client = subprovider.oidc_client().await?;
// let revocation_request = match client.revoke_token(token.into()) {
// Ok(revocation_request) => Some(revocation_request),
// Err(openidconnect::ConfigurationError::MissingUrl("revocation")) => None,
// Err(err) => return Err(ConfigurationError::Invalid(err.to_string()).into()),
// };
// if let Some(revocation_request) = revocation_request {
// let mut revocation_request = revocation_request;
// if let Some(revocation_url_params) = subprovider.revocation_url_params {
// let params =
// parse(revocation_url_params.trim_start_matches('?').as_bytes());
// for (name, value) in params {
// revocation_request = revocation_request
// .add_extra_param(name.into_owned(), value.into_owned());
// }
// }
// revocation_request
// .request_async(async_http_client)
// .await
// .map_err(|err| ShieldError::Request(err.to_string()))?;
// }
// }
// }
Ok(Response::new(ResponseType::Default).session_action(SessionAction::Unauthenticate))
}
}
erased_action!(OidcSignOutAction);