updates

Author: parmesant

src/handlers/http/middleware.rs

@@ -23,7 +23,7 @@ use actix_web::{
     Error, HttpMessage, HttpRequest, Route,
     dev::{Service, ServiceRequest, ServiceResponse, Transform, forward_ready},
     error::{ErrorBadRequest, ErrorForbidden, ErrorUnauthorized},
-    http::header::{self, HeaderName, HeaderValue},
+    http::header::{self, HeaderMap, HeaderName, HeaderValue},
 };
 use argon2::{Argon2, PasswordHash, PasswordVerifier};
 use chrono::{Duration, TimeDelta, Utc};
@@ -194,7 +194,7 @@ where
         }
 
         let auth_result: Result<_, Error> = (self.auth_method)(&mut req, self.action);
-
+        let headers = req.headers().clone();
         let fut = self.service.call(req);
         Box::pin(async move {
             let Ok(key) = key else {
@@ -209,7 +209,7 @@ where
 
             // if session is expired, refresh token
             if sessions().is_session_expired(&key) {
-                refresh_token(user_and_tenant_id, &key).await?;
+                refresh_token(user_and_tenant_id, &key, headers).await?;
             }
 
             match auth_result? {
@@ -296,6 +296,7 @@ fn get_user_and_tenant(
 pub async fn refresh_token(
     user_and_tenant_id: Result<(Result<String, RBACError>, Option<String>), RBACError>,
     key: &SessionKey,
+    headers: HeaderMap,
 ) -> Result<(), Error> {
     let oidc_client = OIDC_CLIENT.get();
 
@@ -320,7 +321,7 @@ pub async fn refresh_token(
             let refreshed_token = match client
                 .read()
                 .await
-                .refresh_token(&oauth_data, Some(PARSEABLE.options.scope.as_str()))
+                .refresh_token(&oauth_data, Some(PARSEABLE.options.scope.as_str()), headers)
                 .await
             {
                 Ok(bearer) => bearer,
@@ -570,6 +571,10 @@ where
                             header::COOKIE,
                             HeaderValue::from_str(&format!("session={}", id)).unwrap(),
                         );
+
+                        // remove basic auth header
+                        req.headers_mut().remove(header::AUTHORIZATION);
+
                         let session = SessionKey::SessionId(id);
                         req.extensions_mut().insert(session.clone());
                         Users.new_session(&user, session, TimeDelta::seconds(20));

src/oauth/oidc_client.rs

@@ -1,3 +1,4 @@
+use actix_web::http::header::HeaderMap;
 use async_trait::async_trait;
 use openid::{Bearer, Options, Token};
 use url::Url;
@@ -119,6 +120,7 @@ impl OAuthProvider for GlobalClient {
         &self,
         oauth: &OAuth,
         scope: Option<&str>,
+        _headers: HeaderMap,
     ) -> Result<Bearer, anyhow::Error> {
         // Box the clone so we can pass it to the openid client.
         let boxed: Box<OAuth> = Box::new(oauth.clone());

src/oauth/provider.rs

@@ -3,6 +3,7 @@ use std::{
     collections::{HashMap, HashSet},
 };
 
+use actix_web::http::header::HeaderMap;
 use async_trait::async_trait;
 use openid::Bearer;
 use url::Url;
@@ -34,6 +35,7 @@ pub trait OAuthProvider: Send + Sync + Any {
         &self,
         oauth: &OAuth,
         scope: Option<&str>,
+        headers: HeaderMap,
     ) -> Result<Bearer, anyhow::Error>;
 
     /// Return the provider's logout / end-session URL, if one exists.

src/parseable/mod.rs

@@ -1073,18 +1073,18 @@ impl Parseable {
 
     pub async fn suspend_tenant_service(
         &self,
-        tenant_id: String,
-        service: Service,
+        tenant_id: &str,
+        service: &Service,
     ) -> Result<(), anyhow::Error> {
-        TENANT_METADATA.suspend_service(&tenant_id, service.clone());
+        TENANT_METADATA.suspend_service(tenant_id, service);
 
         // write to disk
-        let tenant_id = &Some(tenant_id);
+        let tenant_id = &Some(tenant_id.to_owned());
         let mut meta = get_metadata(tenant_id).await?;
         if let Some(sus) = meta.suspended_services.as_mut() {
-            sus.insert(service);
+            sus.insert(service.clone());
         } else {
-            meta.suspended_services = Some(HashSet::from_iter([service]));
+            meta.suspended_services = Some(HashSet::from_iter([service.clone()]));
         }
 
         put_remote_metadata(&meta, tenant_id).await?;
@@ -1093,16 +1093,16 @@ impl Parseable {
 
     pub async fn resume_tenant_service(
         &self,
-        tenant_id: String,
-        service: Service,
+        tenant_id: &str,
+        service: &Service,
     ) -> Result<(), anyhow::Error> {
-        TENANT_METADATA.resume_service(&tenant_id, service.clone());
+        TENANT_METADATA.resume_service(tenant_id, service);
 
         // write to disk
-        let tenant_id = &Some(tenant_id);
+        let tenant_id = &Some(tenant_id.to_owned());
         let mut meta = get_metadata(tenant_id).await?;
         if let Some(sus) = meta.suspended_services.as_mut() {
-            sus.remove(&service);
+            sus.remove(service);
         }
 
         put_remote_metadata(&meta, tenant_id).await?;

src/tenants/mod.rs

@@ -90,16 +90,16 @@ impl TenantMetadata {
         }
     }
 
-    pub fn suspend_service(&self, tenant_id: &str, service: Service) {
+    pub fn suspend_service(&self, tenant_id: &str, service: &Service) {
         if let Some(mut tenant) = self.tenants.get_mut(tenant_id) {
-            tenant.suspended_services.insert(service);
+            tenant.suspended_services.insert(service.clone());
             tenant.meta.suspended_services = Some(tenant.suspended_services.clone());
         }
     }
 
-    pub fn resume_service(&self, tenant_id: &str, service: Service) {
+    pub fn resume_service(&self, tenant_id: &str, service: &Service) {
         if let Some(mut tenant) = self.tenants.get_mut(tenant_id) {
-            tenant.suspended_services.remove(&service);
+            tenant.suspended_services.remove(service);
             tenant.meta.suspended_services = if tenant.suspended_services.is_empty() {
                 None
             } else {