diff options
Diffstat (limited to 'ozone/src/auth.rs')
| -rw-r--r-- | ozone/src/auth.rs | 106 |
1 files changed, 25 insertions, 81 deletions
diff --git a/ozone/src/auth.rs b/ozone/src/auth.rs index 0ca96ad..cb905af 100644 --- a/ozone/src/auth.rs +++ b/ozone/src/auth.rs @@ -1,75 +1,21 @@ mod types; mod msa; mod mcservices; +pub mod error; -use std::error::Error; -use std::fmt::{Display, Formatter}; use std::future::Future; -use std::time::{Duration, SystemTime}; +use std::time::Duration; use chrono::{DateTime, TimeDelta, Utc}; use log::debug; -use oauth2::{AccessToken, DeviceAuthorizationUrl, DeviceCodeErrorResponse, EndpointNotSet, EndpointSet, HttpClientError, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, TokenResponse, TokenUrl}; +use oauth2::{AccessToken, DeviceAuthorizationUrl, EndpointNotSet, EndpointSet, RequestTokenError, Scope, StandardDeviceAuthorizationResponse, StandardRevocableToken, TokenResponse, TokenUrl}; use oauth2::basic::{BasicErrorResponse, BasicErrorResponseType, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse, BasicTokenResponse}; use reqwest::{IntoUrl, Method, RequestBuilder}; + pub use types::*; +use crate::auth::error::{AuthError, AuthErrorKind}; use self::msa::{XSTS_RP_MINECRAFT_SERVICES, XSTS_RP_XBOX_LIVE}; use crate::util; -#[derive(Debug)] -pub enum AuthError { - // An unexpected error happened while performing a request - Request { what: &'static str, error: reqwest::Error }, - OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> }, - OAuthRequestDeviceCode { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, DeviceCodeErrorResponse> }, - - // Some internal auth error (unrecoverable) - Internal(String), - - // Device code auth was cancelled - Cancel(Option<Box<dyn Error>>), - - // Device code auth timed out - Timeout, - - // Requires interactive authentication - RequireInteractive(&'static str), - - // XSTS error - AuthXError { what: &'static str, x_error: u64, message: Option<String> }, - - // You don't own the game! - EntitlementError -} - -impl Display for AuthError { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - match self { - AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error), - AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"), - AuthError::OAuthRequestDeviceCode { what, error } => write!(f, "oauth error with device code ({what}): {error}"), - AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg), - AuthError::Cancel(Some(error)) => write!(f, "operation cancelled: {error}"), - AuthError::Cancel(None) => f.write_str("operation cancelled"), - AuthError::Timeout => f.write_str("interactive authentication timed out"), - AuthError::RequireInteractive(why) => write!(f, "user must log in interactively: {why}"), - AuthError::AuthXError { what, x_error, message } => write!(f, "XSTS error: {what} ({x_error} -> {})", message.as_ref().map_or("<no message>", |s| s.as_str())), - AuthError::EntitlementError => f.write_str("no minecraft entitlement (do you own the game?)") - } - } -} - -impl Error for AuthError { - fn source(&self) -> Option<&(dyn Error + 'static)> { - match self { - AuthError::Request { error, .. } => Some(error), - AuthError::OAuthRequestToken { error, .. } => Some(error), - AuthError::OAuthRequestDeviceCode { error, .. } => Some(error), - AuthError::Cancel(Some(error)) => Some(error.as_ref()), - _ => None - } - } -} - impl Token { fn is_expired(&self, now: DateTime<Utc>) -> bool { self.expire.is_some_and(|exp| now >= exp) @@ -110,9 +56,9 @@ impl MsaAccount { let to_scope = |f: &&str| Scope::new(String::from(*f)); if self.is_azure_client_id { - AZURE_LOGIN_SCOPES.iter().map(to_scope) + AZURE_LOGIN_SCOPES.into_iter().map(to_scope) } else { - NON_AZURE_LOGIN_SCOPES.iter().map(to_scope) + NON_AZURE_LOGIN_SCOPES.into_iter().map(to_scope) } } @@ -136,7 +82,14 @@ impl MsaAccount { .add_scopes(self.scopes_iter()) .add_extra_param("response_type", "device_code") .request_async(client) - .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?; + .await.map_err(|e| match e { + RequestTokenError::ServerResponse(res) + if match res.error() { + BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => true, + _ => false + } => AuthError::raw_msg(AuthErrorKind::InteractionRequired, "microsoft requested interactive login"), + _ => AuthError::internal_msg_src("refresh", e) + })?; self.refresh_token = tokenres.refresh_token().cloned(); @@ -154,14 +107,14 @@ impl MsaAccount { .add_scopes(self.scopes_iter()) .add_extra_param("response_type", "device_code") .request_async(client) - .await.map_err(|e| AuthError::OAuthRequestToken { what: "device code", error: e })?; + .await.map_err(|e| AuthError::internal_msg_src("device code", e))?; handle_device(device_auth.clone()).await; let tokenres = oauth_client.exchange_device_access_token(&device_auth) .set_max_backoff_interval(Duration::from_secs(20u64)) .request_async(client, tokio::time::sleep, None) - .await.map_err(|e| AuthError::OAuthRequestDeviceCode { what: "device access code", error: e })?; + .await.map_err(|e| AuthError::internal_msg_src("device access code", e))?; self.refresh_token = tokenres.refresh_token().cloned(); @@ -180,20 +133,11 @@ impl MsaAccount { } if self.refresh_token.is_none() { - return Err(AuthError::RequireInteractive("no refresh token")); + return Err(AuthError::raw_msg(AuthErrorKind::InteractionRequired, "refresh token missing")); } debug!("XBL token expired. Trying to refresh it."); - self.xbl_login_refresh(client).await - .map_err(|e| match &e { - AuthError::OAuthRequestToken { error: RequestTokenError::ServerResponse(res), .. } => match res.error() { - BasicErrorResponseType::Extension(s) if s == "interaction_required" || s == "consent_required" => { - AuthError::RequireInteractive("msa requested interactive logon") - }, - _ => e - }, - _ => e - })?; + self.xbl_login_refresh(client).await?; self.mc_token = None; @@ -215,7 +159,7 @@ impl MsaAccount { let (user_hash, mc_xsts_tok) = match msa::xsts_request(client, xbl_token, XSTS_RP_MINECRAFT_SERVICES).await? { msa::XSTSAuthResponse::Success(res) => { let user_hash = res.get_user_hash() - .map_or(Err(AuthError::Internal("malformed response: no user hash".into())), |h| Ok(h.to_owned()))?; + .map_or(Err(AuthError::internal_msg("malformed response: no user hash")), |h| Ok(h.to_owned()))?; (user_hash, res.into_token()) }, msa::XSTSAuthResponse::Error(e) => return Err(e.into()) @@ -237,7 +181,7 @@ impl MsaAccount { }; let Some(xuid) = res.get_xuid() else { - return Err(AuthError::Internal("missing xuid for user".into())); + return Err(AuthError::internal_msg("missing xuid for user")); }; self.xuid = Some(xuid.to_owned()); @@ -255,13 +199,13 @@ impl MsaAccount { debug!("Checking if you own the game..."); if !mcservices::owns_the_game(client, mc_token).await? { - return Err(AuthError::EntitlementError); + return Err(AuthErrorKind::NotEntitled.into()); } debug!("Getting your profile info..."); let player_info = mcservices::get_player_info(client, mc_token).await?; let player_profile = mcservices::get_player_profile(client, player_info.id).await - .map_err(|e| AuthError::Request { what: "looking up profile", error: e })?; + .map_err(|e| AuthError::internal_msg_src("looking up profile", e))?; self.player_info = Some(player_info); self.player_profile = Some(player_profile); @@ -315,8 +259,8 @@ mod test { loop { match user.log_in_silent(&client).await { Ok(_) => break, - Err(AuthError::RequireInteractive(s)) => { - debug!("Requires interactive auth: {s}") + Err(e) if e.kind() == AuthErrorKind::InteractionRequired => { + debug!("Requires interactive auth: {e}") }, Err(e) => { panic!("{}", e); |