Fix OTP authentication for external accounts

2025-06-22 02:18:26 +00:00 · 2021-09-06 01:07:31 +02:00
parent 8158e36d40
commit 468ba90158
12 changed files with 95 additions and 46 deletions
--- a/modules/restserver/src/main/scala/docspell/restserver/Config.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/Config.scala
@ -78,8 +78,8 @@ object Config {
  object FullTextSearch {}

  final case class OpenIdConfig(
-    enabled: Boolean,
-    display: String,
+      enabled: Boolean,
+      display: String,
      collectiveKey: OpenId.UserInfo.Extractor,
      userKey: String,
      provider: ProviderConfig
--- a/modules/restserver/src/main/scala/docspell/restserver/auth/OpenId.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/auth/OpenId.scala
@ -54,7 +54,9 @@ object OpenId {

          extractColl match {
            case ExtractResult.Failure(message) =>
-              logger.warn(s"Can't retrieve user data using collective-key=${cfg.collectiveKey.asString}: $message") *>
+              logger.warn(
+                s"Can't retrieve user data using collective-key=${cfg.collectiveKey.asString}: $message"
+              ) *>
                TemporaryRedirect(location)

            case ExtractResult.Account(accountId) =>
@ -63,7 +65,9 @@ object OpenId {
            case ExtractResult.Identifier(coll) =>
              Extractor.Lookup(cfg.userKey).find(userJson) match {
                case ExtractResult.Failure(message) =>
-                  logger.warn(s"Can't retrieve user data using user-key=${cfg.userKey}: $message") *>
+                  logger.warn(
+                    s"Can't retrieve user data using user-key=${cfg.userKey}: $message"
+                  ) *>
                    TemporaryRedirect(location)

                case ExtractResult.Identifier(name) =>
@ -144,7 +148,15 @@ object OpenId {
      login <- backend.login.loginExternal(config.auth)(accountId)
      resp <- login match {
        case Login.Result.Ok(session, _) =>
-          TemporaryRedirect(location)
+          val loc =
+            if (session.requireSecondFactor)
+              location.copy(uri =
+                location.uri
+                  .withQueryParam("openid", "2")
+                  .withQueryParam("auth", session.asString)
+              )
+            else location
+          TemporaryRedirect(loc)
            .map(_.addCookie(CookieData(session).asCookie(baseUrl)))

        case failed =>
--- a/modules/restserver/src/main/scala/docspell/restserver/webapp/Flags.scala
+++ b/modules/restserver/src/main/scala/docspell/restserver/webapp/Flags.scala
@ -9,6 +9,7 @@ package docspell.restserver.webapp
 import docspell.backend.signup.{Config => SignupConfig}
 import docspell.common.{Ident, LenientUri}
 import docspell.restserver.{BuildInfo, Config}
+
 import io.circe._
 import io.circe.generic.semiauto._
 import yamusca.implicits._