Add support for Organization token

This is a WIP for adding organization token login support. It has basic token login and verification support, but that's about it. This branch is a refresh of the previous version, and will contain code from a PR based upon my previous branch.
2025-08-25 20:23:21 +00:00 · 2023-06-02 21:36:15 +02:00 · 2023-06-02 21:36:15 +02:00 · 4219249e11
commit 4219249e11
parent bd883de70e
15 changed files with 272 additions and 18 deletions
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@ -93,7 +93,9 @@ pub fn routes() -> Vec<Route> {
        put_reset_password_enrollment,
        get_reset_password_details,
        put_reset_password,
-        get_org_export
+        get_org_export,
+        api_key,
+        rotate_api_key,
    ]
 }

@ -2891,3 +2893,57 @@ async fn get_org_export(org_id: &str, headers: AdminHeaders, mut conn: DbConn) -
        }))
    }
 }
+
+async fn _api_key(
+    org_id: String,
+    data: JsonUpcase<PasswordData>,
+    rotate: bool,
+    headers: AdminHeaders,
+    conn: DbConn,
+) -> JsonResult {
+    let data: PasswordData = data.into_inner().data;
+    let user = headers.user;
+
+    // Validate the admin users password
+    if !user.check_valid_password(&data.MasterPasswordHash) {
+        err!("Invalid password")
+    }
+
+    let org_api_key = match OrganizationApiKey::find_by_org_uuid(&org_id, &conn).await {
+        Some(mut org_api_key) => {
+            if rotate {
+                org_api_key.api_key = crate::crypto::generate_api_key();
+                org_api_key.revision_date = chrono::Utc::now().naive_utc();
+                org_api_key.save(&conn).await.expect("Error rotating organization API Key");
+            }
+            org_api_key
+        }
+        None => {
+            let api_key = crate::crypto::generate_api_key();
+            let new_org_api_key = OrganizationApiKey::new(org_id, api_key);
+            new_org_api_key.save(&conn).await.expect("Error creating organization API Key");
+            new_org_api_key
+        }
+    };
+
+    Ok(Json(json!({
+      "ApiKey": org_api_key.api_key,
+      "RevisionDate": crate::util::format_date(&org_api_key.revision_date),
+      "Object": "apiKey",
+    })))
+}
+
+#[post("/organizations/<org_id>/api-key", data = "<data>")]
+async fn api_key(org_id: String, data: JsonUpcase<PasswordData>, headers: AdminHeaders, conn: DbConn) -> JsonResult {
+    _api_key(org_id, data, false, headers, conn).await
+}
+
+#[post("/organizations/<org_id>/rotate-api-key", data = "<data>")]
+async fn rotate_api_key(
+    org_id: String,
+    data: JsonUpcase<PasswordData>,
+    headers: AdminHeaders,
+    conn: DbConn,
+) -> JsonResult {
+    _api_key(org_id, data, true, headers, conn).await
+}