diff options
author | Martin Fischer <martin@push-f.com> | 2021-01-25 14:47:47 +0100 |
---|---|---|
committer | Martin Fischer <martin@push-f.com> | 2021-01-25 15:06:48 +0100 |
commit | 9fa7442e41bc11ab3d62f43f5f6e90b59e160da2 (patch) | |
tree | c61b9dee4e03037f31d3761a17c8805ccade9cdd /src | |
parent | 76e92d7281b45ce506046a8946b7fde3355c485d (diff) |
simplify CSRF API
This commit gets rid of the CsrfToken type,
simplifying submission handling:
// before
let csrf_token = req.csrf_token(&mut response);
let msg: FormData = body.into_form_csrf(&csrf_token).await?;
// after
let msg: FormData = body.into_form_csrf(req).await?;
As well as HTML input retrieval:
// before
req.csrf_token(&mut response).html_input();
// after
req.csrf_html_input(&mut response);
This commit also merges the CsrfError type into CsrfProtectedFormError.
bump version to 0.3.1
Diffstat (limited to 'src')
-rw-r--r-- | src/request.rs | 75 | ||||
-rw-r--r-- | src/security.rs | 35 |
2 files changed, 45 insertions, 65 deletions
diff --git a/src/request.rs b/src/request.rs index 1166ef2..509e2e7 100644 --- a/src/request.rs +++ b/src/request.rs @@ -2,14 +2,16 @@ use cookie::Cookie; use mime::Mime; -use rand::{Rng, distributions::Alphanumeric}; -use security::CsrfToken; use serde::{Deserialize, de::DeserializeOwned}; -use hyper::{body::Bytes, header}; +use hyper::{body::Bytes, header, http::{request::Parts, response::Builder}}; use time::Duration; use std::{collections::HashMap, sync::Arc}; +use rand::{Rng, distributions::Alphanumeric}; +use async_trait::async_trait; -use crate::{response::SputnikBuilder, security}; +use crate::response::SputnikBuilder; + +const CSRF_COOKIE_NAME : &str = "csrf"; pub trait SputnikParts { /// Parses the query string of the request into a given struct. @@ -18,12 +20,14 @@ pub trait SputnikParts { /// Parses the cookies of the request. fn cookies(&mut self) -> Arc<HashMap<String, Cookie<'static>>>; - /// Retrieves the CSRF token from a `csrf` cookie or generates - /// a new token and stores it as a cookie if it doesn't exist. - fn csrf_token(&mut self, builder: &mut dyn SputnikBuilder) -> CsrfToken; - /// Enforces a specific Content-Type. fn enforce_content_type(&self, mime: Mime) -> Result<(), WrongContentTypeError>; + + /// Retrievs the CSRF token from a cookie or generates + /// a new token and stores it as a cookie if it doesn't exist. + /// Returns a hidden HTML input to be embedded in forms that are received + /// with [`crate::request::SputnikBody::into_form_csrf`]. + fn csrf_html_input(&mut self, builder: &mut Builder) -> String; } impl SputnikParts for hyper::http::request::Parts { @@ -55,18 +59,6 @@ impl SputnikParts for hyper::http::request::Parts { cookies } - fn csrf_token(&mut self, builder: &mut dyn SputnikBuilder) -> CsrfToken { - if let Some(cookie) = self.cookies().get("csrf") { - return CsrfToken{token: cookie.value().to_string(), from_client: true} - } - let val: String = rand::thread_rng().sample_iter(Alphanumeric).take(16).collect(); - let mut c = Cookie::new("csrf", val.clone()); - c.set_secure(Some(true)); - c.set_max_age(Some(Duration::hours(1))); - builder.set_cookie(c); - CsrfToken{token: val, from_client: false} - } - fn enforce_content_type(&self, mime: Mime) -> Result<(), WrongContentTypeError> { if let Some(content_type) = self.headers.get(header::CONTENT_TYPE) { if *content_type == mime.to_string() { @@ -75,9 +67,19 @@ impl SputnikParts for hyper::http::request::Parts { } Err(WrongContentTypeError{expected: mime, received: self.headers.get(header::CONTENT_TYPE).as_ref().and_then(|h| h.to_str().ok().map(|s| s.to_owned()))}) } -} -use async_trait::async_trait; + fn csrf_html_input(&mut self, builder: &mut Builder) -> String { + let token = csrf_token_from_cookies(self).unwrap_or_else(|| { + let token: String = rand::thread_rng().sample_iter(Alphanumeric).take(16).collect(); + let mut c = Cookie::new(CSRF_COOKIE_NAME, token.clone()); + c.set_secure(Some(true)); + c.set_max_age(Some(Duration::hours(1))); + builder.set_cookie(c); + token + }); + format!("<input name=csrf type=hidden value=\"{}\">", token) + } +} #[async_trait] pub trait SputnikBody { @@ -92,9 +94,12 @@ pub trait SputnikBody { /// Parses a `application/x-www-form-urlencoded` request body into a given struct. /// Protects from CSRF by checking that the request body contains the same token retrieved from the cookies. /// - /// The CSRF parameter is expected as the `csrf` parameter in the request body. - /// This means for HTML forms you need to embed the token as a hidden input. - async fn into_form_csrf<T: DeserializeOwned>(self, csrf_token: &security::CsrfToken) -> Result<T, CsrfProtectedFormError>; + /// The HTML form must embed a hidden input generated with [`crate::request::SputnikParts::csrf_html_input`]. + async fn into_form_csrf<T: DeserializeOwned>(self, req: &mut Parts) -> Result<T, CsrfProtectedFormError>; +} + +fn csrf_token_from_cookies(req: &mut Parts) -> Option<String> { + req.cookies().get(CSRF_COOKIE_NAME).map(|c| c.value().to_string()) } #[async_trait] @@ -108,11 +113,17 @@ impl SputnikBody for hyper::Body { Ok(serde_urlencoded::from_bytes::<T>(&full_body)?) } - async fn into_form_csrf<T: DeserializeOwned>(self, csrf_token: &CsrfToken) -> Result<T, CsrfProtectedFormError> { + async fn into_form_csrf<T: DeserializeOwned>(self, req: &mut Parts) -> Result<T, CsrfProtectedFormError> { let full_body = self.into_bytes().await?; let csrf_data = serde_urlencoded::from_bytes::<CsrfData>(&full_body).map_err(|_| CsrfProtectedFormError::NoCsrf)?; - csrf_token.matches(csrf_data.csrf)?; - serde_urlencoded::from_bytes::<T>(&full_body).map_err(CsrfProtectedFormError::Deserialize) + match csrf_token_from_cookies(req) { + Some(token) => if token == csrf_data.csrf { + Ok(serde_urlencoded::from_bytes::<T>(&full_body)?) + } else { + Err(CsrfProtectedFormError::Mismatch) + } + None => Err(CsrfProtectedFormError::NoCookie) + } } } @@ -121,7 +132,6 @@ struct CsrfData { csrf: String, } -use crate::security::CsrfError; #[derive(thiserror::Error, Debug)] #[error("query deserialize error: {0}")] pub struct QueryError(pub serde_urlencoded::de::Error); @@ -157,6 +167,9 @@ pub enum CsrfProtectedFormError { #[error("no csrf token in form data")] NoCsrf, - #[error("{0}")] - Csrf(#[from] CsrfError), + #[error("no csrf cookie")] + NoCookie, + + #[error("csrf parameter doesn't match csrf cookie")] + Mismatch, }
\ No newline at end of file diff --git a/src/security.rs b/src/security.rs index 5247d9e..0ffa7a0 100644 --- a/src/security.rs +++ b/src/security.rs @@ -1,42 +1,9 @@ -//! [`CsrfToken`], [`Key`] and functions to encode & decode expiring claims. +//! [`Key`] and functions to encode & decode expiring claims. use time::OffsetDateTime; -use thiserror::Error; pub use crate::signed::Key; -/// A cookie-based CSRF token to be used with [`crate::request::SputnikBody::into_form_csrf`]. -pub struct CsrfToken { - pub(crate) token: String, - pub(crate) from_client: bool, -} - -#[derive(Error, Debug)] -pub enum CsrfError { - #[error("expected csrf cookie")] - NoCookie, - - #[error("csrf parameter doesn't match csrf cookie")] - Mismatch, -} - -impl CsrfToken { - /// Wraps the token in a hidden HTML input. - pub fn html_input(&self) -> String { - format!("<input name=csrf type=hidden value=\"{}\">", self.token) - } - - pub(crate) fn matches(&self, str: String) -> Result<(), CsrfError> { - if !self.from_client { - return Err(CsrfError::NoCookie) - } - if self.token != str { - return Err(CsrfError::Mismatch) - } - Ok(()) - } -} - /// Join a string and an expiry date together into a string. pub fn encode_expiring_claim(claim: &str, expiry_date: OffsetDateTime) -> String { format!("{}:{}", claim, expiry_date.unix_timestamp()) |