Merge branch 'dev' into release/1.4-alpha

Author: j-chmielewski

proto

@@ -16,6 +16,7 @@ use crate::{
     http::AppState,
     proto::{
         core_request, core_response, AuthCallbackRequest, AuthCallbackResponse, AuthInfoRequest,
+        DeviceInfo,
     },
 };
 
@@ -49,6 +50,7 @@ impl AuthInfo {
 #[instrument(level = "debug", skip(state))]
 async fn auth_info(
     State(state): State<AppState>,
+    device_info: DeviceInfo,
     private_cookies: PrivateCookieJar,
 ) -> Result<(PrivateCookieJar, Json<AuthInfo>), ApiError> {
     debug!("Getting auth info for OAuth2/OpenID login");
@@ -59,7 +61,7 @@ async fn auth_info(
 
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::AuthInfo(request)), None)?;
+        .send(core_request::Payload::AuthInfo(request), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::AuthInfo(response) = payload {
         debug!("Received auth info {response:?}");
@@ -105,6 +107,7 @@ struct CallbackResponseData {
 #[instrument(level = "debug", skip(state))]
 async fn auth_callback(
     State(state): State<AppState>,
+    device_info: DeviceInfo,
     mut private_cookies: PrivateCookieJar,
     Json(payload): Json<AuthenticationResponse>,
 ) -> Result<(PrivateCookieJar, Json<CallbackResponseData>), ApiError> {
@@ -135,7 +138,7 @@ async fn auth_callback(
 
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::AuthCallback(request)), None)?;
+        .send(core_request::Payload::AuthCallback(request), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::AuthCallback(AuthCallbackResponse { url, token }) = payload {
         debug!("Received auth callback response {url:?} {token:?}");

src/enterprise/handlers/openid_login.rs

@@ -44,15 +44,15 @@ impl ProxyServer {
     #[instrument(name = "send_grpc_message", level = "debug", skip(self))]
     pub(crate) fn send(
         &self,
-        payload: Option<core_request::Payload>,
-        device_info: Option<DeviceInfo>,
+        payload: core_request::Payload,
+        device_info: DeviceInfo,
     ) -> Result<oneshot::Receiver<core_response::Payload>, ApiError> {
         if let Some(client_tx) = self.clients.lock().unwrap().values().next() {
             let id = self.current_id.fetch_add(1, Ordering::Relaxed);
             let res = CoreRequest {
                 id,
-                device_info,
-                payload,
+                device_info: Some(device_info),
+                payload: Some(payload),
             };
             if let Err(err) = client_tx.send(Ok(res)) {
                 error!("Failed to send CoreRequest: {err}");

src/grpc.rs

@@ -19,12 +19,12 @@ pub(crate) fn router() -> Router<AppState> {
 #[instrument(level = "debug", skip(state))]
 async fn start_client_mfa(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     Json(req): Json<ClientMfaStartRequest>,
 ) -> Result<Json<ClientMfaStartResponse>, ApiError> {
     info!("Starting desktop client authorization {req:?}");
     let rx = state.grpc_server.send(
-        Some(core_request::Payload::ClientMfaStart(req.clone())),
+        core_request::Payload::ClientMfaStart(req.clone()),
         device_info,
     )?;
     let payload = get_core_response(rx).await?;
@@ -41,14 +41,13 @@ async fn start_client_mfa(
 #[instrument(level = "debug", skip(state))]
 async fn finish_client_mfa(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     Json(req): Json<ClientMfaFinishRequest>,
 ) -> Result<Json<ClientMfaFinishResponse>, ApiError> {
     info!("Finishing desktop client authorization");
-    let rx = state.grpc_server.send(
-        Some(core_request::Payload::ClientMfaFinish(req)),
-        device_info,
-    )?;
+    let rx = state
+        .grpc_server
+        .send(core_request::Payload::ClientMfaFinish(req), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::ClientMfaFinish(response) = payload {
         info!("Finished desktop client authorization");

src/handlers/desktop_client_mfa.rs

@@ -23,6 +23,7 @@ pub(crate) fn router() -> Router<AppState> {
 #[instrument(level = "debug", skip(state))]
 async fn start_enrollment_process(
     State(state): State<AppState>,
+    device_info: DeviceInfo,
     mut private_cookies: PrivateCookieJar,
     Json(req): Json<EnrollmentStartRequest>,
 ) -> Result<(PrivateCookieJar, Json<EnrollmentStartResponse>), ApiError> {
@@ -40,7 +41,7 @@ async fn start_enrollment_process(
     debug!("Sending the enrollment process request to core service.");
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::EnrollmentStart(req)), None)?;
+        .send(core_request::Payload::EnrollmentStart(req), device_info)?;
     let payload = get_core_response(rx).await?;
     debug!("Receving payload from the core service. Try to set private cookie for starting enrollment process.");
     if let core_response::Payload::EnrollmentStart(response) = payload {
@@ -62,7 +63,7 @@ async fn start_enrollment_process(
 #[instrument(level = "debug", skip(state))]
 async fn activate_user(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     mut private_cookies: PrivateCookieJar,
     Json(mut req): Json<ActivateUserRequest>,
 ) -> Result<PrivateCookieJar, ApiError> {
@@ -78,7 +79,7 @@ async fn activate_user(
     debug!("Sending the activate user request to core service.");
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::ActivateUser(req)), device_info)?;
+        .send(core_request::Payload::ActivateUser(req), device_info)?;
     let payload = get_core_response(rx).await?;
     debug!("Receving payload from the core service. Trying to remove private cookie...");
     if let core_response::Payload::Empty(()) = payload {
@@ -97,7 +98,7 @@ async fn activate_user(
 #[instrument(level = "debug", skip(state))]
 async fn create_device(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     private_cookies: PrivateCookieJar,
     Json(mut req): Json<NewDevice>,
 ) -> Result<Json<DeviceConfigResponse>, ApiError> {
@@ -111,7 +112,7 @@ async fn create_device(
 
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::NewDevice(req)), device_info)?;
+        .send(core_request::Payload::NewDevice(req), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::DeviceConfig(response) = payload {
         info!("Added new device {name} {pubkey}");
@@ -125,6 +126,7 @@ async fn create_device(
 #[instrument(level = "debug", skip(state))]
 async fn get_network_info(
     State(state): State<AppState>,
+    device_info: DeviceInfo,
     private_cookies: PrivateCookieJar,
     Json(mut req): Json<ExistingDevice>,
 ) -> Result<Json<DeviceConfigResponse>, ApiError> {
@@ -138,7 +140,7 @@ async fn get_network_info(
 
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::ExistingDevice(req)), None)?;
+        .send(core_request::Payload::ExistingDevice(req), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::DeviceConfig(response) = payload {
         info!("Got network info for device {pubkey}");

src/handlers/enrollment.rs

@@ -22,7 +22,7 @@ impl<S> FromRequestParts<S> for DeviceInfo
 where
     S: Send + Sync,
 {
-    type Rejection = ();
+    type Rejection = ApiError;
 
     async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
         let forwarded_for_ip = LeftmostXForwardedFor::from_request_parts(parts, state)
@@ -36,7 +36,10 @@ where
             .map(|v| v.to_string())
             .ok();
 
-        let ip_address = forwarded_for_ip.or(insecure_ip).map(|v| v.to_string()).ok();
+        let ip_address = forwarded_for_ip
+            .or(insecure_ip)
+            .map(|v| v.to_string())
+            .map_err(|_| ApiError::Unexpected("Missing client IP".to_string()))?;
 
         Ok(DeviceInfo {
             ip_address,

src/handlers/mod.rs

@@ -22,13 +22,13 @@ pub(crate) fn router() -> Router<AppState> {
 #[instrument(level = "debug", skip(state))]
 async fn request_password_reset(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     Json(req): Json<PasswordResetInitializeRequest>,
 ) -> Result<(), ApiError> {
     info!("Starting password reset request for {}", req.email);
 
     let rx = state.grpc_server.send(
-        Some(core_request::Payload::PasswordResetInit(req.clone())),
+        core_request::Payload::PasswordResetInit(req.clone()),
         device_info,
     )?;
     let payload = get_core_response(rx).await?;
@@ -44,7 +44,7 @@ async fn request_password_reset(
 #[instrument(level = "debug", skip(state))]
 async fn start_password_reset(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     mut private_cookies: PrivateCookieJar,
     Json(req): Json<PasswordResetStartRequest>,
 ) -> Result<(PrivateCookieJar, Json<PasswordResetStartResponse>), ApiError> {
@@ -58,10 +58,9 @@ async fn start_password_reset(
 
     let token = req.clone().token.clone();
 
-    let rx = state.grpc_server.send(
-        Some(core_request::Payload::PasswordResetStart(req)),
-        device_info,
-    )?;
+    let rx = state
+        .grpc_server
+        .send(core_request::Payload::PasswordResetStart(req), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::PasswordResetStart(response) = payload {
         // set session cookie
@@ -79,7 +78,7 @@ async fn start_password_reset(
 #[instrument(level = "debug", skip(state))]
 async fn reset_password(
     State(state): State<AppState>,
-    device_info: Option<DeviceInfo>,
+    device_info: DeviceInfo,
     mut private_cookies: PrivateCookieJar,
     Json(mut req): Json<PasswordResetRequest>,
 ) -> Result<PrivateCookieJar, ApiError> {
@@ -92,7 +91,7 @@ async fn reset_password(
 
     let rx = state
         .grpc_server
-        .send(Some(core_request::Payload::PasswordReset(req)), device_info)?;
+        .send(core_request::Payload::PasswordReset(req), device_info)?;
     let payload = get_core_response(rx).await?;
     if let core_response::Payload::Empty(()) = payload {
         if let Some(cookie) = private_cookies.get(PASSWORD_RESET_COOKIE_NAME) {

src/handlers/password_reset.rs

@@ -4,18 +4,20 @@ use crate::{
     error::ApiError,
     handlers::get_core_response,
     http::AppState,
-    proto::{core_request, core_response, InstanceInfoRequest, InstanceInfoResponse},
+    proto::{core_request, core_response, DeviceInfo, InstanceInfoRequest, InstanceInfoResponse},
 };
 
 #[instrument(level = "debug", skip(state))]
 pub(crate) async fn info(
     State(state): State<AppState>,
+    device_info: DeviceInfo,
     Json(req): Json<InstanceInfoRequest>,
 ) -> Result<Json<InstanceInfoResponse>, ApiError> {
     debug!("Retrieving info for polling request");
-    let rx = state
-        .grpc_server
-        .send(Some(core_request::Payload::InstanceInfo(req.clone())), None)?;
+    let rx = state.grpc_server.send(
+        core_request::Payload::InstanceInfo(req.clone()),
+        device_info,
+    )?;
     let payload = get_core_response(rx).await?;
 
     if let core_response::Payload::InstanceInfo(response) = payload {