matrix_sdk/authentication/
mod.rs

1// Copyright 2023 Kévin Commaille
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Types and functions related to authentication in Matrix.
16
17use std::{fmt, sync::Arc};
18
19use matrix_sdk_base::{locks::Mutex, SessionMeta};
20use serde::{Deserialize, Serialize};
21use tokio::sync::{broadcast, Mutex as AsyncMutex, OnceCell};
22
23pub mod matrix;
24pub mod oauth;
25
26use self::{
27    matrix::MatrixAuth,
28    oauth::{OAuth, OAuthAuthData, OAuthCtx},
29};
30use crate::{Client, RefreshTokenError, SessionChange};
31
32/// The tokens for a user session.
33#[derive(Clone, Hash, Eq, PartialEq, Serialize, Deserialize)]
34#[allow(missing_debug_implementations)]
35pub struct SessionTokens {
36    /// The access token used for this session.
37    pub access_token: String,
38
39    /// The token used for refreshing the access token, if any.
40    #[serde(default, skip_serializing_if = "Option::is_none")]
41    pub refresh_token: Option<String>,
42}
43
44#[cfg(not(tarpaulin_include))]
45impl fmt::Debug for SessionTokens {
46    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
47        f.debug_struct("SessionTokens").finish_non_exhaustive()
48    }
49}
50
51pub(crate) type SessionCallbackError = Box<dyn std::error::Error + Send + Sync>;
52pub(crate) type SaveSessionCallback =
53    dyn Fn(Client) -> Result<(), SessionCallbackError> + Send + Sync;
54pub(crate) type ReloadSessionCallback =
55    dyn Fn(Client) -> Result<SessionTokens, SessionCallbackError> + Send + Sync;
56
57/// All the data relative to authentication, and that must be shared between a
58/// client and all its children.
59pub(crate) struct AuthCtx {
60    pub(crate) oauth: OAuthCtx,
61
62    /// Whether to try to refresh the access token automatically when an
63    /// `M_UNKNOWN_TOKEN` error is encountered.
64    pub(crate) handle_refresh_tokens: bool,
65
66    /// Lock making sure we're only doing one token refresh at a time.
67    pub(crate) refresh_token_lock: Arc<AsyncMutex<Result<(), RefreshTokenError>>>,
68
69    /// Session change publisher. Allows the subscriber to handle changes to the
70    /// session such as logging out when the access token is invalid or
71    /// persisting updates to the access/refresh tokens.
72    pub(crate) session_change_sender: broadcast::Sender<SessionChange>,
73
74    /// Authentication data to keep in memory.
75    pub(crate) auth_data: OnceCell<AuthData>,
76
77    /// The current session tokens.
78    pub(crate) tokens: OnceCell<Mutex<SessionTokens>>,
79
80    /// A callback called whenever we need an absolute source of truth for the
81    /// current session tokens.
82    ///
83    /// This is required only in multiple processes setups.
84    pub(crate) reload_session_callback: OnceCell<Box<ReloadSessionCallback>>,
85
86    /// A callback to save a session back into the app's secure storage.
87    ///
88    /// This is always called, independently of the presence of a cross-process
89    /// lock.
90    ///
91    /// Internal invariant: this must be called only after `set_session_tokens`
92    /// has been called, not before.
93    pub(crate) save_session_callback: OnceCell<Box<SaveSessionCallback>>,
94}
95
96impl AuthCtx {
97    /// The current session tokens.
98    pub(crate) fn session_tokens(&self) -> Option<SessionTokens> {
99        Some(self.tokens.get()?.lock().clone())
100    }
101
102    /// The current access token.
103    pub(crate) fn access_token(&self) -> Option<String> {
104        Some(self.tokens.get()?.lock().access_token.clone())
105    }
106
107    /// Set the current session tokens.
108    pub(crate) fn set_session_tokens(&self, session_tokens: SessionTokens) {
109        if let Some(tokens) = self.tokens.get() {
110            *tokens.lock() = session_tokens;
111        } else {
112            let _ = self.tokens.set(Mutex::new(session_tokens));
113        }
114    }
115}
116
117/// An enum over all the possible authentication APIs.
118#[derive(Debug, Clone)]
119#[non_exhaustive]
120pub enum AuthApi {
121    /// The native Matrix authentication API.
122    Matrix(MatrixAuth),
123
124    /// The OAuth 2.0 API.
125    OAuth(OAuth),
126}
127
128/// A user session using one of the available authentication APIs.
129#[derive(Debug, Clone)]
130#[non_exhaustive]
131pub enum AuthSession {
132    /// A session using the native Matrix authentication API.
133    Matrix(matrix::MatrixSession),
134
135    /// A session using the OAuth 2.0 API.
136    OAuth(Box<oauth::OAuthSession>),
137}
138
139impl AuthSession {
140    /// Get the matrix user information of this session.
141    pub fn meta(&self) -> &SessionMeta {
142        match self {
143            AuthSession::Matrix(session) => &session.meta,
144            AuthSession::OAuth(session) => &session.user.meta,
145        }
146    }
147
148    /// Take the matrix user information of this session.
149    pub fn into_meta(self) -> SessionMeta {
150        match self {
151            AuthSession::Matrix(session) => session.meta,
152            AuthSession::OAuth(session) => session.user.meta,
153        }
154    }
155
156    /// Get the access token of this session.
157    pub fn access_token(&self) -> &str {
158        match self {
159            AuthSession::Matrix(session) => &session.tokens.access_token,
160            AuthSession::OAuth(session) => &session.user.tokens.access_token,
161        }
162    }
163
164    /// Get the refresh token of this session.
165    pub fn get_refresh_token(&self) -> Option<&str> {
166        match self {
167            AuthSession::Matrix(session) => session.tokens.refresh_token.as_deref(),
168            AuthSession::OAuth(session) => session.user.tokens.refresh_token.as_deref(),
169        }
170    }
171}
172
173impl From<matrix::MatrixSession> for AuthSession {
174    fn from(session: matrix::MatrixSession) -> Self {
175        Self::Matrix(session)
176    }
177}
178
179impl From<oauth::OAuthSession> for AuthSession {
180    fn from(session: oauth::OAuthSession) -> Self {
181        Self::OAuth(session.into())
182    }
183}
184
185/// Data for an authentication API.
186#[derive(Debug)]
187pub(crate) enum AuthData {
188    /// Data for the native Matrix authentication API.
189    Matrix,
190    /// Data for the OAuth 2.0 API.
191    OAuth(OAuthAuthData),
192}