mas_handlers/oauth2/device/
link.rs

1// Copyright 2024, 2025 New Vector Ltd.
2// Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
3//
4// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
5// Please see LICENSE files in the repository root for full details.
6
7use axum::{
8    extract::State,
9    response::{Html, IntoResponse},
10};
11use axum_extra::extract::Query;
12use mas_axum_utils::{InternalError, cookies::CookieJar};
13use mas_data_model::BoxClock;
14use mas_router::UrlBuilder;
15use mas_storage::BoxRepository;
16use mas_templates::{
17    DeviceLinkContext, DeviceLinkFormField, FieldError, FormState, TemplateContext, Templates,
18};
19use serde::{Deserialize, Serialize};
20
21use crate::PreferredLanguage;
22
23#[derive(Serialize, Deserialize)]
24pub struct Params {
25    #[serde(default)]
26    code: Option<String>,
27}
28
29#[tracing::instrument(name = "handlers.oauth2.device.link.get", skip_all)]
30pub(crate) async fn get(
31    clock: BoxClock,
32    mut repo: BoxRepository,
33    PreferredLanguage(locale): PreferredLanguage,
34    State(templates): State<Templates>,
35    State(url_builder): State<UrlBuilder>,
36    cookie_jar: CookieJar,
37    Query(query): Query<Params>,
38) -> Result<impl IntoResponse, InternalError> {
39    let mut form_state = FormState::from_form(&query);
40
41    // If we have a code in query, find it in the database
42    if let Some(code) = &query.code {
43        // Find the code in the database
44        let code = code.to_uppercase();
45        let grant = repo
46            .oauth2_device_code_grant()
47            .find_by_user_code(&code)
48            .await?
49            // XXX: We should have different error messages for already exchanged and expired
50            .filter(|grant| grant.is_pending())
51            .filter(|grant| grant.expires_at > clock.now());
52
53        if let Some(grant) = grant {
54            // This is a valid code, redirect to the consent page
55            // This will in turn redirect to the login page if the user is not logged in
56            let destination = url_builder.redirect(&mas_router::DeviceCodeConsent::new(grant.id));
57
58            return Ok((cookie_jar, destination).into_response());
59        }
60
61        // The code isn't valid, set an error on the form
62        form_state = form_state.with_error_on_field(DeviceLinkFormField::Code, FieldError::Invalid);
63    }
64
65    // Rendre the form
66    let ctx = DeviceLinkContext::new()
67        .with_form_state(form_state)
68        .with_language(locale);
69
70    let content = templates.render_device_link(&ctx)?;
71
72    Ok((cookie_jar, Html(content)).into_response())
73}