Move OIDC callback handler to standalone function

lovasoa · lovasoa · commit bf2160f0ba22 · 2025-07-29T22:48:04.000+02:00
diff --git a/src/webserver/oidc.rs b/src/webserver/oidc.rs
@@ -252,29 +252,19 @@ where
             }
         })
     }
+}
 
-    fn handle_authenticated_oidc_callback(
-        request: ServiceRequest,
-    ) -> LocalBoxFuture<Result<ServiceResponse<BoxBody>, Error>> {
-        Box::pin(async move {
-            log::debug!("Handling OIDC callback for already authenticated user");
-
-            // Try to get the initial URL from the state cookie
-            let redirect_url = match get_state_from_cookie(&request) {
-                Ok(state) => {
-                    log::debug!("Found initial URL in state: {}", state.initial_url);
-                    state.initial_url
-                }
-                Err(e) => {
-                    log::debug!("Could not get state from cookie (user might have been redirected from elsewhere): {e}. Redirecting to /");
-                    "/".to_string()
-                }
-            };
-
-            let response = build_redirect_response(redirect_url);
-            Ok(request.into_response(response))
-        })
-    }
+/// When an user has already authenticated (potentially in another tab), we ignore the callback and redirect to the initial URL.
+fn handle_authenticated_oidc_callback(
+    request: ServiceRequest,
+) -> LocalBoxFuture<Result<ServiceResponse<BoxBody>, Error>> {
+    let redirect_url = match get_state_from_cookie(&request) {
+        Ok(state) => state.initial_url,
+        Err(_) => "/".to_string(),
+    };
+    log::debug!("OIDC callback received for authenticated user. Redirecting to {redirect_url}");
+    let response = request.into_response(build_redirect_response(redirect_url));
+    Box::pin(ready(Ok(response)))
 }
 
 impl<S> Service<ServiceRequest> for OidcService<S>
@@ -294,14 +284,11 @@ where
         let oidc_client = Arc::clone(&self.oidc_state.client);
         match get_authenticated_user_info(&oidc_client, &request) {
             Ok(Some(claims)) => {
-                log::trace!("Storing authenticated user info in request extensions: {claims:?}");
-                request.extensions_mut().insert(claims);
-
-                // Handle OIDC callback URL for authenticated users
                 if request.path() == SQLPAGE_REDIRECT_URI {
-                    log::debug!("The request is the OIDC callback for an authenticated user");
-                    return Self::handle_authenticated_oidc_callback(request);
+                    return handle_authenticated_oidc_callback(request);
                 }
+                log::trace!("Storing authenticated user info in request extensions: {claims:?}");
+                request.extensions_mut().insert(claims);
             }
             Ok(None) => {
                 log::trace!("No authenticated user found");
