mirror/lldap
1
0
Fork 0
mirror of https://github.com/nitnelave/lldap.git synced 2023-04-12 14:25:13 +00:00
Code Issues Projects Releases Wiki Activity

Fix clippy warnings

Browse Source
This commit is contained in:
Valentin Tolmer 2021-06-23 10:57:34 +02:00
parent eec0903052
commit 2f7019433d
11 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/src/api.rs
View File

@ -46,7 +46,7 @@ where
R: serde::ser::Serialize, R: serde::ser::Serialize,
{ {
fn from(request: &'a R) -> Self { fn from(request: &'a R) -> Self {
Self(Json(&request)) Self(Json(request))
} }
} }
@ -92,7 +92,7 @@ impl HostService {
pub fn login_start( pub fn login_start(
request: login::ClientLoginStartRequest, request: login::ClientLoginStartRequest,
callback: Callback<Result<login::ServerLoginStartResponse>>, callback: Callback<Result<Box<login::ServerLoginStartResponse>>>,
) -> Result<FetchTask> { ) -> Result<FetchTask> {
call_server( call_server(
"/auth/opaque/login/start", "/auth/opaque/login/start",

6
app/src/login.rs
View File

@ -23,7 +23,7 @@ pub struct Props {
pub enum Msg { pub enum Msg {
Submit, Submit,
AuthenticationStartResponse(Result<login::ServerLoginStartResponse>), AuthenticationStartResponse(Result<Box<login::ServerLoginStartResponse>>),
AuthenticationFinishResponse(Result<String>), AuthenticationFinishResponse(Result<String>),
} }
@ -57,9 +57,9 @@ impl LoginForm {
match msg { match msg {
Msg::Submit => { Msg::Submit => {
let username = get_form_field("username") let username = get_form_field("username")
.ok_or(anyhow!("Could not get username from form"))?; .ok_or_else(|| anyhow!("Could not get username from form"))?;
let password = get_form_field("password") let password = get_form_field("password")
.ok_or(anyhow!("Could not get password from form"))?; .ok_or_else(|| anyhow!("Could not get password from form"))?;
let mut rng = rand::rngs::OsRng; let mut rng = rand::rngs::OsRng;
let login_start_request = let login_start_request =
opaque::client::login::start_login(&password, &mut rng) opaque::client::login::start_login(&password, &mut rng)

21
model/src/opaque.rs
View File

@ -9,7 +9,7 @@ pub enum AuthenticationError {
pub type AuthenticationResult<T> = std::result::Result<T, AuthenticationError>; pub type AuthenticationResult<T> = std::result::Result<T, AuthenticationError>;
pub use opaque_ke::keypair::{PublicKey, PrivateKey}; pub use opaque_ke::keypair::{PrivateKey, PublicKey};
pub type KeyPair = opaque_ke::keypair::KeyPair<<DefaultSuite as CipherSuite>::Group>; pub type KeyPair = opaque_ke::keypair::KeyPair<<DefaultSuite as CipherSuite>::Group>;
/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait. /// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
@ -64,8 +64,10 @@ pub mod client {
pub mod registration { pub mod registration {
pub use super::*; pub use super::*;
pub type ClientRegistration = opaque_ke::ClientRegistration<DefaultSuite>; pub type ClientRegistration = opaque_ke::ClientRegistration<DefaultSuite>;
pub type ClientRegistrationStartResult = opaque_ke::ClientRegistrationStartResult<DefaultSuite>; pub type ClientRegistrationStartResult =
pub type ClientRegistrationFinishResult = opaque_ke::ClientRegistrationFinishResult<DefaultSuite>; opaque_ke::ClientRegistrationStartResult<DefaultSuite>;
pub type ClientRegistrationFinishResult =
opaque_ke::ClientRegistrationFinishResult<DefaultSuite>;
pub type RegistrationResponse = opaque_ke::RegistrationResponse<DefaultSuite>; pub type RegistrationResponse = opaque_ke::RegistrationResponse<DefaultSuite>;
pub use opaque_ke::ClientRegistrationFinishParameters; pub use opaque_ke::ClientRegistrationFinishParameters;
/// Initiate the registration negotiation. /// Initiate the registration negotiation.
@ -73,10 +75,7 @@ pub mod client {
password: &str, password: &str,
rng: &mut R, rng: &mut R,
) -> AuthenticationResult<ClientRegistrationStartResult> { ) -> AuthenticationResult<ClientRegistrationStartResult> {
Ok(ClientRegistration::start( Ok(ClientRegistration::start(rng, password.as_bytes())?)
rng,
password.as_bytes(),
)?)
} }
/// Finalize the registration negotiation. /// Finalize the registration negotiation.
@ -101,10 +100,7 @@ pub mod client {
pub type ClientLoginStartResult = opaque_ke::ClientLoginStartResult<DefaultSuite>; pub type ClientLoginStartResult = opaque_ke::ClientLoginStartResult<DefaultSuite>;
pub type CredentialResponse = opaque_ke::CredentialResponse<DefaultSuite>; pub type CredentialResponse = opaque_ke::CredentialResponse<DefaultSuite>;
pub type CredentialFinalization = opaque_ke::CredentialFinalization<DefaultSuite>; pub type CredentialFinalization = opaque_ke::CredentialFinalization<DefaultSuite>;
pub use opaque_ke::{ pub use opaque_ke::{ClientLoginFinishParameters, ClientLoginStartParameters};
ClientLoginFinishParameters,
ClientLoginStartParameters,
};
/// Initiate the login negotiation. /// Initiate the login negotiation.
pub fn start_login<R: RngCore + CryptoRng>( pub fn start_login<R: RngCore + CryptoRng>(
@ -139,7 +135,8 @@ pub mod server {
pub use super::*; pub use super::*;
pub type RegistrationRequest = opaque_ke::RegistrationRequest<DefaultSuite>; pub type RegistrationRequest = opaque_ke::RegistrationRequest<DefaultSuite>;
pub type RegistrationUpload = opaque_ke::RegistrationUpload<DefaultSuite>; pub type RegistrationUpload = opaque_ke::RegistrationUpload<DefaultSuite>;
pub type ServerRegistrationStartResult = opaque_ke::ServerRegistrationStartResult<DefaultSuite>; pub type ServerRegistrationStartResult =
opaque_ke::ServerRegistrationStartResult<DefaultSuite>;
/// Start a registration process, from a request sent by the client. /// Start a registration process, from a request sent by the client.
/// ///
/// The result must be kept for the next step. /// The result must be kept for the next step.

5
src/domain/error.rs
View File

@ -1,7 +1,8 @@
use thiserror::Error; use thiserror::Error;
#[allow(clippy::enum_variant_names)]
#[derive(Error, Debug)] #[derive(Error, Debug)]
pub enum Error { pub enum DomainError {
#[error("Authentication error for `{0}`")] #[error("Authentication error for `{0}`")]
AuthenticationError(String), AuthenticationError(String),
#[error("Database error: `{0}`")] #[error("Database error: `{0}`")]
@ -12,4 +13,4 @@ pub enum Error {
InternalError(String), InternalError(String),
} }
pub type Result<T> = std::result::Result<T, Error>; pub type Result<T> = std::result::Result<T, DomainError>;

4
src/domain/sql_backend_handler.rs
View File

@ -173,8 +173,8 @@ impl BackendHandler for SqlBackendHandler {
// Transform it into a single result (the first error if any), and group the group_ids // Transform it into a single result (the first error if any), and group the group_ids
// into a HashSet. // into a HashSet.
.collect::<sqlx::Result<HashSet<_>>>() .collect::<sqlx::Result<HashSet<_>>>()
// Map the sqlx::Error into a domain::Error. // Map the sqlx::Error into a DomainError.
.map_err(Error::DatabaseError) .map_err(DomainError::DatabaseError)
} }
async fn create_user(&self, request: CreateUserRequest) -> Result<()> { async fn create_user(&self, request: CreateUserRequest) -> Result<()> {

14
src/domain/sql_opaque_handler.rs
View File

@ -52,7 +52,7 @@ impl LoginHandler for SqlBackendHandler {
return Ok(()); return Ok(());
} else { } else {
debug!(r#"Invalid password for LDAP bind user"#); debug!(r#"Invalid password for LDAP bind user"#);
return Err(Error::AuthenticationError(request.name)); return Err(DomainError::AuthenticationError(request.name));
} }
} }
let query = Query::select() let query = Query::select()
@ -65,7 +65,7 @@ impl LoginHandler for SqlBackendHandler {
row.get::<Option<Vec<u8>>, _>(&*Users::PasswordHash.to_string()) row.get::<Option<Vec<u8>>, _>(&*Users::PasswordHash.to_string())
{ {
if let Err(e) = passwords_match( if let Err(e) = passwords_match(
&&password_hash, &password_hash,
&request.password, &request.password,
self.config.get_server_keys().private(), self.config.get_server_keys().private(),
) { ) {
@ -79,7 +79,7 @@ impl LoginHandler for SqlBackendHandler {
} else { } else {
debug!(r#"No user found for "{}""#, request.name); debug!(r#"No user found for "{}""#, request.name);
} }
Err(Error::AuthenticationError(request.name)) Err(DomainError::AuthenticationError(request.name))
} }
} }
@ -101,11 +101,11 @@ impl OpaqueHandler for SqlOpaqueHandler {
.await? .await?
.get::<Option<Vec<u8>>, _>(&*Users::PasswordHash.to_string()) .get::<Option<Vec<u8>>, _>(&*Users::PasswordHash.to_string())
// If no password, always fail. // If no password, always fail.
.ok_or_else(|| Error::AuthenticationError(request.username.clone()))? .ok_or_else(|| DomainError::AuthenticationError(request.username.clone()))?
}; };
let password_file = opaque::server::ServerRegistration::deserialize(&password_file_bytes) let password_file = opaque::server::ServerRegistration::deserialize(&password_file_bytes)
.map_err(|_| { .map_err(|_| {
Error::InternalError(format!("Corrupted password file for {}", request.username)) DomainError::InternalError(format!("Corrupted password file for {}", request.username))
})?; })?;
let mut rng = rand::rngs::OsRng; let mut rng = rand::rngs::OsRng;
@ -163,7 +163,7 @@ impl OpaqueHandler for SqlOpaqueHandler {
&row.get::<Vec<u8>, _>(&*LoginAttempts::ServerLoginData.to_string()), &row.get::<Vec<u8>, _>(&*LoginAttempts::ServerLoginData.to_string()),
) )
.map_err(|_| { .map_err(|_| {
Error::InternalError(format!( DomainError::InternalError(format!(
"Corrupted login data for user `{}` [id `{}`]", "Corrupted login data for user `{}` [id `{}`]",
username, request.login_key username, request.login_key
)) ))
@ -248,7 +248,7 @@ impl OpaqueHandler for SqlOpaqueHandler {
&row.get::<Vec<u8>, _>(&*RegistrationAttempts::ServerRegistrationData.to_string()), &row.get::<Vec<u8>, _>(&*RegistrationAttempts::ServerRegistrationData.to_string()),
) )
.map_err(|_| { .map_err(|_| {
Error::InternalError(format!( DomainError::InternalError(format!(
"Corrupted registration data for user `{}` [id `{}`]", "Corrupted registration data for user `{}` [id `{}`]",
username, request.registration_key username, request.registration_key
)) ))

5
src/infra/auth_service.rs
View File

@ -1,5 +1,6 @@
use crate::{ use crate::{
domain::{ domain::{
error::DomainError,
handler::{BackendHandler, LoginHandler}, handler::{BackendHandler, LoginHandler},
opaque_handler::OpaqueHandler, opaque_handler::OpaqueHandler,
}, },
@ -191,7 +192,7 @@ where
// token. // token.
data.backend_handler data.backend_handler
.get_user_groups(name.to_string()) .get_user_groups(name.to_string())
.and_then(|g| async { Ok((g, data.backend_handler.create_refresh_token(&name).await?)) }) .and_then(|g| async { Ok((g, data.backend_handler.create_refresh_token(name).await?)) })
.await .await
.map(|(groups, (refresh_token, max_age))| { .map(|(groups, (refresh_token, max_age))| {
let token = create_jwt(&data.jwt_key, name.to_string(), groups); let token = create_jwt(&data.jwt_key, name.to_string(), groups);
@ -205,7 +206,7 @@ where
.finish(), .finish(),
) )
.cookie( .cookie(
Cookie::build("refresh_token", refresh_token + "+" + &name) Cookie::build("refresh_token", refresh_token + "+" + name)
.max_age(max_age.num_days().days()) .max_age(max_age.num_days().days())
.path("/auth") .path("/auth")
.http_only(true) .http_only(true)

2
src/infra/configuration.rs
View File

@ -33,7 +33,7 @@ pub struct Configuration {
impl ConfigurationBuilder { impl ConfigurationBuilder {
#[cfg(test)] #[cfg(test)]
pub fn build(self) -> Result<Configuration> { pub fn build(self) -> Result<Configuration> {
let server_keys = get_server_keys(&self.key_file.as_deref().unwrap_or("server_key"))?; let server_keys = get_server_keys(self.key_file.as_deref().unwrap_or("server_key"))?;
Ok(self.server_keys(server_keys).private_build()?) Ok(self.server_keys(server_keys).private_build()?)
} }

4
src/infra/tcp_api.rs
View File

@ -1,5 +1,5 @@
use crate::{ use crate::{
domain::handler::*, domain::{error::DomainError, handler::*},
infra::{ infra::{
tcp_backend_handler::*, tcp_backend_handler::*,
tcp_server::{error_to_http_response, AppState}, tcp_server::{error_to_http_response, AppState},
@ -54,7 +54,7 @@ where
let msg = err.to_string(); let msg = err.to_string();
actix_web::error::InternalError::from_response( actix_web::error::InternalError::from_response(
err, err,
HttpResponse::BadRequest().body(msg).into(), HttpResponse::BadRequest().body(msg),
) )
.into() .into()
}); });

1
src/infra/tcp_backend_handler.rs
View File

@ -1,7 +1,6 @@
use async_trait::async_trait; use async_trait::async_trait;
use std::collections::HashSet; use std::collections::HashSet;
pub type DomainError = crate::domain::error::Error;
pub type DomainResult<T> = crate::domain::error::Result<T>; pub type DomainResult<T> = crate::domain::error::Result<T>;
#[async_trait] #[async_trait]

3
src/infra/tcp_server.rs
View File

@ -1,5 +1,6 @@
use crate::{ use crate::{
domain::{ domain::{
error::DomainError,
handler::{BackendHandler, LoginHandler}, handler::{BackendHandler, LoginHandler},
opaque_handler::OpaqueHandler, opaque_handler::OpaqueHandler,
}, },
@ -48,7 +49,7 @@ fn http_config<Backend>(
{ {
cfg.data(AppState::<Backend> { cfg.data(AppState::<Backend> {
backend_handler, backend_handler,
jwt_key: Hmac::new_varkey(&jwt_secret.as_bytes()).unwrap(), jwt_key: Hmac::new_varkey(jwt_secret.as_bytes()).unwrap(),
jwt_blacklist: RwLock::new(jwt_blacklist), jwt_blacklist: RwLock::new(jwt_blacklist),
}) })
// Serve index.html and main.js, and default to index.html. // Serve index.html and main.js, and default to index.html.