about summary refs log tree commit diff
path: root/web/converse/src
diff options
context:
space:
mode:
Diffstat (limited to 'web/converse/src')
-rw-r--r--web/converse/src/errors.rs16
-rw-r--r--web/converse/src/main.rs3
-rw-r--r--web/converse/src/oidc.rs48
3 files changed, 44 insertions, 23 deletions
diff --git a/web/converse/src/errors.rs b/web/converse/src/errors.rs
index 6b22f8d39aa5..b079f41c4fff 100644
--- a/web/converse/src/errors.rs
+++ b/web/converse/src/errors.rs
@@ -31,7 +31,6 @@ use actix_web;
 use askama;
 use diesel;
 use r2d2;
-use reqwest;
 use tokio_timer;
 
 pub type Result<T> = result::Result<T, ConverseError>;
@@ -62,6 +61,9 @@ pub enum ConverseError {
     #[fail(display = "thread {} is closed and can not be responded to", id)]
     ThreadClosed { id: i32 },
 
+    #[fail(display = "JSON serialisation failed: {}", error)]
+    Serialisation { error: serde_json::Error },
+
     // This variant is used as a catch-all for wrapping
     // actix-web-compatible response errors, such as the errors it
     // throws itself.
@@ -103,10 +105,16 @@ impl From<actix_web::Error> for ConverseError {
     }
 }
 
-impl From<reqwest::Error> for ConverseError {
-    fn from(error: reqwest::Error) -> ConverseError {
+impl From<serde_json::Error> for ConverseError {
+    fn from(error: serde_json::Error) -> ConverseError {
+        ConverseError::Serialisation { error }
+    }
+}
+
+impl From<curl::Error> for ConverseError {
+    fn from(error: curl::Error) -> ConverseError {
         ConverseError::InternalError {
-            reason: format!("Failed to make HTTP request: {}", error),
+            reason: format!("error during HTTP request: {}", error),
         }
     }
 }
diff --git a/web/converse/src/main.rs b/web/converse/src/main.rs
index 061cfa6e7baf..177bdf025ede 100644
--- a/web/converse/src/main.rs
+++ b/web/converse/src/main.rs
@@ -35,6 +35,8 @@ extern crate actix;
 extern crate actix_web;
 extern crate chrono;
 extern crate comrak;
+extern crate crimp;
+extern crate curl;
 extern crate env_logger;
 extern crate futures;
 extern crate hyper;
@@ -42,7 +44,6 @@ extern crate md5;
 extern crate mime_guess;
 extern crate r2d2;
 extern crate rand;
-extern crate reqwest;
 extern crate serde;
 extern crate serde_json;
 extern crate tokio;
diff --git a/web/converse/src/oidc.rs b/web/converse/src/oidc.rs
index baa6e626c0ac..9f566c04a71a 100644
--- a/web/converse/src/oidc.rs
+++ b/web/converse/src/oidc.rs
@@ -23,10 +23,11 @@
 //! this has so far only been tested with Office365.
 
 use actix::prelude::*;
-use reqwest;
+use crate::errors::*;
+use crimp::Request;
 use url::Url;
 use url_serde;
-use crate::errors::*;
+use curl::easy::Form;
 
 /// This structure represents the contents of an OIDC discovery
 /// document.
@@ -111,26 +112,37 @@ impl Handler<RetrieveToken> for OidcExecutor {
 
     fn handle(&mut self, msg: RetrieveToken, _: &mut Self::Context) -> Self::Result {
         debug!("Received OAuth2 code, requesting access_token");
-        let client = reqwest::Client::new();
-        let params: [(&str, &str); 5] = [
-            ("client_id", &self.client_id),
-            ("client_secret", &self.client_secret),
-            ("grant_type", "authorization_code"),
-            ("code", &msg.0.code),
-            ("redirect_uri", &self.redirect_uri),
-        ];
-
-        let mut response = client.post(&self.oidc_config.token_endpoint)
-            .form(&params)
+
+        let mut form = Form::new();
+        form.part("client_id").contents(&self.client_id.as_bytes())
+            .add().expect("critical error: invalid form data");
+
+        form.part("client_secret").contents(&self.client_secret.as_bytes())
+            .add().expect("critical error: invalid form data");
+
+        form.part("grant_type").contents("authorization_code".as_bytes())
+            .add().expect("critical error: invalid form data");
+
+        form.part("code").contents(&msg.0.code.as_bytes())
+            .add().expect("critical error: invalid form data");
+
+        form.part("redirect_uri").contents(&self.redirect_uri.as_bytes())
+            .add().expect("critical error: invalid form data");
+
+        let response = Request::post(&self.oidc_config.token_endpoint)
+            .user_agent(concat!("converse-", env!("CARGO_PKG_VERSION")))?
+            .form(form)
             .send()?;
 
         debug!("Received token response: {:?}", response);
-        let token: TokenResponse = response.json()?;
+        let token: TokenResponse = response.as_json()?.body;
 
-        let user: Userinfo = client.get(&self.oidc_config.userinfo_endpoint)
-            .header("Authorization", format!("Bearer {}", token.access_token ))
+        let bearer = format!("Bearer {}", token.access_token);
+        let user: Userinfo = Request::get(&self.oidc_config.userinfo_endpoint)
+            .user_agent(concat!("converse-", env!("CARGO_PKG_VERSION")))?
+            .header("Authorization", &bearer)?
             .send()?
-            .json()?;
+            .as_json()?.body;
 
         Ok(Author {
             name: user.name,
@@ -142,6 +154,6 @@ impl Handler<RetrieveToken> for OidcExecutor {
 /// Convenience function to attempt loading an OIDC discovery document
 /// from a specified URL:
 pub fn load_oidc(url: &str) -> Result<OidcConfig> {
-    let config: OidcConfig = reqwest::get(url)?.json()?;
+    let config: OidcConfig = Request::get(url).send()?.as_json()?.body;
     Ok(config)
 }