Compare commits
No commits in common. "deb3415c30df38df72f46c2250d46fdeb2199384" and "2c1c19690f7be12fb1257ea9dfe18672aa98a28e" have entirely different histories.
deb3415c30
...
2c1c19690f
|
@ -6,6 +6,9 @@ use std::{convert::Infallible, str::FromStr};
|
||||||
use thiserror::Error;
|
use thiserror::Error;
|
||||||
use uuid::{adapter::Hyphenated, Uuid};
|
use uuid::{adapter::Hyphenated, Uuid};
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
use crate::errors::maybe_fail;
|
||||||
|
|
||||||
#[derive(Debug, Error, PartialEq)]
|
#[derive(Debug, Error, PartialEq)]
|
||||||
pub enum AuthenticationError {
|
pub enum AuthenticationError {
|
||||||
#[error("username already exists")]
|
#[error("username already exists")]
|
||||||
|
@ -141,7 +144,7 @@ impl FromSql for Username {
|
||||||
pub trait AuthenticationDB: Send + Sync {
|
pub trait AuthenticationDB: Send + Sync {
|
||||||
fn create_user(&mut self, username: Username) -> AppResult<UserId, AuthenticationError>;
|
fn create_user(&mut self, username: Username) -> AppResult<UserId, AuthenticationError>;
|
||||||
|
|
||||||
fn create_invitation(&mut self, user: &UserId) -> AppResult<Invitation, AuthenticationError>;
|
fn create_invitation(&mut self, user: UserId) -> AppResult<Invitation, AuthenticationError>;
|
||||||
|
|
||||||
fn authenticate(
|
fn authenticate(
|
||||||
&mut self,
|
&mut self,
|
||||||
|
@ -176,9 +179,8 @@ pub struct MemoryAuth {
|
||||||
|
|
||||||
impl AuthenticationDB for MemoryAuth {
|
impl AuthenticationDB for MemoryAuth {
|
||||||
fn create_user(&mut self, username: Username) -> AppResult<UserId, AuthenticationError> {
|
fn create_user(&mut self, username: Username) -> AppResult<UserId, AuthenticationError> {
|
||||||
if self.users.contains_key(&username) {
|
#[cfg(test)]
|
||||||
return Ok(Err(AuthenticationError::DuplicateUsername));
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
||||||
}
|
|
||||||
|
|
||||||
let userid = UserId::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
let userid = UserId::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
||||||
self.users.insert(username.clone(), userid.clone());
|
self.users.insert(username.clone(), userid.clone());
|
||||||
|
@ -187,14 +189,17 @@ impl AuthenticationDB for MemoryAuth {
|
||||||
ok(userid)
|
ok(userid)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn create_invitation(&mut self, user: &UserId) -> AppResult<Invitation, AuthenticationError> {
|
fn create_invitation(&mut self, user: UserId) -> AppResult<Invitation, AuthenticationError> {
|
||||||
|
#[cfg(test)]
|
||||||
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
||||||
|
|
||||||
if !self.inverse_users.contains_key(&user) {
|
if !self.inverse_users.contains_key(&user) {
|
||||||
return error::<Invitation, AuthenticationError>(AuthenticationError::UserNotFound);
|
return error::<Invitation, AuthenticationError>(AuthenticationError::UserNotFound);
|
||||||
}
|
}
|
||||||
|
|
||||||
let invitation =
|
let invitation =
|
||||||
Invitation::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
Invitation::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
||||||
self.invitations.insert(invitation.clone(), user.clone());
|
self.invitations.insert(invitation.clone(), user);
|
||||||
ok(invitation)
|
ok(invitation)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -202,6 +207,9 @@ impl AuthenticationDB for MemoryAuth {
|
||||||
&mut self,
|
&mut self,
|
||||||
invitation: Invitation,
|
invitation: Invitation,
|
||||||
) -> AppResult<SessionToken, AuthenticationError> {
|
) -> AppResult<SessionToken, AuthenticationError> {
|
||||||
|
#[cfg(test)]
|
||||||
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
||||||
|
|
||||||
if let Some(user) = self.invitations.get(&invitation) {
|
if let Some(user) = self.invitations.get(&invitation) {
|
||||||
let session_token =
|
let session_token =
|
||||||
SessionToken::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
SessionToken::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
||||||
|
@ -214,6 +222,9 @@ impl AuthenticationDB for MemoryAuth {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_session(&mut self, session: SessionToken) -> AppResult<(), AuthenticationError> {
|
fn delete_session(&mut self, session: SessionToken) -> AppResult<(), AuthenticationError> {
|
||||||
|
#[cfg(test)]
|
||||||
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
||||||
|
|
||||||
if let Some(_) = self.sessions.remove(&session) {
|
if let Some(_) = self.sessions.remove(&session) {
|
||||||
ok(())
|
ok(())
|
||||||
} else {
|
} else {
|
||||||
|
@ -222,6 +233,9 @@ impl AuthenticationDB for MemoryAuth {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_invitation(&mut self, invitation: Invitation) -> AppResult<(), AuthenticationError> {
|
fn delete_invitation(&mut self, invitation: Invitation) -> AppResult<(), AuthenticationError> {
|
||||||
|
#[cfg(test)]
|
||||||
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
||||||
|
|
||||||
if let Some(_) = self.invitations.remove(&invitation) {
|
if let Some(_) = self.invitations.remove(&invitation) {
|
||||||
ok(())
|
ok(())
|
||||||
} else {
|
} else {
|
||||||
|
@ -230,6 +244,9 @@ impl AuthenticationDB for MemoryAuth {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn delete_user(&mut self, user: UserId) -> AppResult<(), AuthenticationError> {
|
fn delete_user(&mut self, user: UserId) -> AppResult<(), AuthenticationError> {
|
||||||
|
#[cfg(test)]
|
||||||
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
||||||
|
|
||||||
if let Some(username) = self.inverse_users.remove(&user) {
|
if let Some(username) = self.inverse_users.remove(&user) {
|
||||||
let _ = self.users.remove(&username);
|
let _ = self.users.remove(&username);
|
||||||
self.invitations = self
|
self.invitations = self
|
||||||
|
@ -289,11 +306,10 @@ impl AuthenticationDB for MemoryAuth {
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use super::*;
|
use super::*;
|
||||||
use std::panic;
|
|
||||||
|
|
||||||
fn with_memory_db<F>(test: F)
|
fn with_memory_db<F>(test: F)
|
||||||
where
|
where
|
||||||
F: Fn(Box<dyn AuthenticationDB>) -> () + panic::UnwindSafe,
|
F: Fn(Box<dyn AuthenticationDB>),
|
||||||
{
|
{
|
||||||
let authdb: Box<MemoryAuth> = Box::new(Default::default());
|
let authdb: Box<MemoryAuth> = Box::new(Default::default());
|
||||||
test(authdb);
|
test(authdb);
|
||||||
|
@ -311,7 +327,6 @@ mod test {
|
||||||
assert_eq!(authdb.get_username(&userid).unwrap(), Ok(username));
|
assert_eq!(authdb.get_username(&userid).unwrap(), Ok(username));
|
||||||
assert!(authdb.list_users().unwrap().unwrap().contains(&userid));
|
assert!(authdb.list_users().unwrap().unwrap().contains(&userid));
|
||||||
}
|
}
|
||||||
|
|
||||||
with_memory_db(test_case);
|
with_memory_db(test_case);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -331,197 +346,43 @@ mod test {
|
||||||
with_memory_db(test_case);
|
with_memory_db(test_case);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn it_exchanges_an_invitation_for_a_session() {
|
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
||||||
let username = Username::from("shephard");
|
|
||||||
let userid = authdb
|
|
||||||
.create_user(username.clone())
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("user to be created");
|
|
||||||
let invitation = authdb
|
|
||||||
.create_invitation(&userid)
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("invitation to be created");
|
|
||||||
let _ = authdb
|
|
||||||
.authenticate(invitation)
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("to receive a session token");
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn it_identifies_a_user_by_session() {
|
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
||||||
let shephard = Username::from("shephard");
|
|
||||||
let garrus = Username::from("garrus");
|
|
||||||
|
|
||||||
let (shephard_session, shephard_id) = {
|
|
||||||
let userid = authdb.create_user(shephard.clone()).unwrap().unwrap();
|
|
||||||
let invitation = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
(authdb.authenticate(invitation).unwrap().unwrap(), userid)
|
|
||||||
};
|
|
||||||
|
|
||||||
let (garrus_session, garrus_id) = {
|
|
||||||
let userid = authdb.create_user(garrus.clone()).unwrap().unwrap();
|
|
||||||
let invitation = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
(authdb.authenticate(invitation).unwrap().unwrap(), userid)
|
|
||||||
};
|
|
||||||
|
|
||||||
assert_eq!(
|
|
||||||
authdb.validate_session(shephard_session).unwrap().unwrap(),
|
|
||||||
(shephard, shephard_id)
|
|
||||||
);
|
|
||||||
assert_eq!(
|
|
||||||
authdb.validate_session(garrus_session).unwrap().unwrap(),
|
|
||||||
(garrus, garrus_id)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn it_allows_multiple_invitations_per_user() {
|
fn it_allows_multiple_invitations_per_user() {
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
unimplemented!()
|
||||||
let username = Username::from("shephard");
|
}
|
||||||
let userid = authdb.create_user(username).unwrap().unwrap();
|
|
||||||
let invite1 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
let invite2 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
|
|
||||||
assert_ne!(invite1, invite2);
|
#[test]
|
||||||
|
fn it_exchanges_an_invitation_for_a_session() {
|
||||||
authdb.authenticate(invite1).unwrap().unwrap();
|
unimplemented!()
|
||||||
authdb.authenticate(invite2).unwrap().unwrap();
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn it_allows_multiple_sessions_per_user() {
|
fn it_allows_multiple_sessions_per_user() {
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
unimplemented!()
|
||||||
let username = Username::from("shephard");
|
|
||||||
let userid = authdb.create_user(username.clone()).unwrap().unwrap();
|
|
||||||
let invite1 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
let invite2 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
|
|
||||||
assert_ne!(invite1, invite2);
|
|
||||||
|
|
||||||
let session1 = authdb.authenticate(invite1).unwrap().unwrap();
|
|
||||||
let session2 = authdb.authenticate(invite2).unwrap().unwrap();
|
|
||||||
|
|
||||||
assert_ne!(session1, session2);
|
|
||||||
assert_eq!(
|
|
||||||
authdb.validate_session(session1).unwrap().unwrap(),
|
|
||||||
(username.clone(), userid.clone())
|
|
||||||
);
|
|
||||||
assert_eq!(
|
|
||||||
authdb.validate_session(session2).unwrap().unwrap(),
|
|
||||||
(username, userid)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn it_disallows_invitation_reuse() {
|
fn it_disallows_invitation_reuse() {
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
unimplemented!()
|
||||||
let username = Username::from("shephard");
|
}
|
||||||
let userid = authdb
|
|
||||||
.create_user(username.clone())
|
#[test]
|
||||||
.expect("no fatal errors")
|
fn it_identifies_a_user_by_session() {
|
||||||
.expect("user to be created");
|
unimplemented!()
|
||||||
let invitation = authdb
|
|
||||||
.create_invitation(&userid)
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("invitation to be created");
|
|
||||||
let _ = authdb
|
|
||||||
.authenticate(invitation.clone())
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("to receive a session token");
|
|
||||||
let reuse_result = authdb.authenticate(invitation).expect("no fatal errors");
|
|
||||||
assert_eq!(reuse_result, Err(AuthenticationError::InvalidInvitation));
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn it_deletes_a_user_and_invalidates_tokens() {
|
fn it_deletes_a_user_and_invalidates_tokens() {
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
unimplemented!()
|
||||||
let shephard = Username::from("shephard");
|
|
||||||
let garrus = Username::from("garrus");
|
|
||||||
|
|
||||||
let (shephard_session, shephard_id) = {
|
|
||||||
let userid = authdb.create_user(shephard.clone()).unwrap().unwrap();
|
|
||||||
let invitation = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
||||||
(authdb.authenticate(invitation).unwrap().unwrap(), userid)
|
|
||||||
};
|
|
||||||
|
|
||||||
let (garrus_invitation, garrus_id) = {
|
|
||||||
let userid = authdb.create_user(garrus.clone()).unwrap().unwrap();
|
|
||||||
(authdb.create_invitation(&userid).unwrap().unwrap(), userid)
|
|
||||||
};
|
|
||||||
|
|
||||||
authdb.delete_user(shephard_id).unwrap().unwrap();
|
|
||||||
assert_eq!(
|
|
||||||
authdb.validate_session(shephard_session).unwrap(),
|
|
||||||
Err(AuthenticationError::InvalidSession)
|
|
||||||
);
|
|
||||||
|
|
||||||
authdb.delete_user(garrus_id).unwrap().unwrap();
|
|
||||||
assert_eq!(
|
|
||||||
authdb.authenticate(garrus_invitation).unwrap(),
|
|
||||||
Err(AuthenticationError::InvalidInvitation)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn it_deletes_a_session() {
|
fn it_deletes_a_session() {
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
unimplemented!()
|
||||||
let username = Username::from("shephard");
|
|
||||||
let userid = authdb
|
|
||||||
.create_user(username.clone())
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("user to be created");
|
|
||||||
let invitation = authdb
|
|
||||||
.create_invitation(&userid)
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("invitation to be created");
|
|
||||||
let session = authdb.authenticate(invitation).unwrap().unwrap();
|
|
||||||
|
|
||||||
authdb.delete_session(session.clone()).unwrap().unwrap();
|
|
||||||
assert_eq!(
|
|
||||||
authdb.validate_session(session).unwrap(),
|
|
||||||
Err(AuthenticationError::InvalidSession)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn it_deletes_an_invitation() {
|
fn it_deletes_an_invitation() {
|
||||||
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
unimplemented!()
|
||||||
let username = Username::from("shephard");
|
|
||||||
let userid = authdb
|
|
||||||
.create_user(username.clone())
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("user to be created");
|
|
||||||
let invitation = authdb
|
|
||||||
.create_invitation(&userid)
|
|
||||||
.expect("no fatal errors")
|
|
||||||
.expect("invitation to be created");
|
|
||||||
|
|
||||||
authdb
|
|
||||||
.delete_invitation(invitation.clone())
|
|
||||||
.unwrap()
|
|
||||||
.unwrap();
|
|
||||||
assert_eq!(
|
|
||||||
authdb.authenticate(invitation).unwrap(),
|
|
||||||
Err(AuthenticationError::InvalidInvitation)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
with_memory_db(test_case);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,3 +26,8 @@ pub fn error<A, E>(err: E) -> AppResult<A, E> {
|
||||||
pub fn fatal<A, E>(err: FatalError) -> AppResult<A, E> {
|
pub fn fatal<A, E>(err: FatalError) -> AppResult<A, E> {
|
||||||
Err(err)
|
Err(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
pub fn maybe_fail<E>(possible_errors: Vec<E>) -> AppResult<(), E> {
|
||||||
|
ok(())
|
||||||
|
}
|
||||||
|
|
|
@ -87,7 +87,6 @@ struct MakeInvitationResponse {
|
||||||
invitation: Invitation,
|
invitation: Invitation,
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
fn make_invitation(
|
fn make_invitation(
|
||||||
auth_ctx: Arc<RwLock<impl AuthenticationDB>>,
|
auth_ctx: Arc<RwLock<impl AuthenticationDB>>,
|
||||||
) -> impl Filter<Extract = impl warp::Reply, Error = warp::Rejection> + Clone {
|
) -> impl Filter<Extract = impl warp::Reply, Error = warp::Rejection> + Clone {
|
||||||
|
@ -105,7 +104,6 @@ fn make_invitation(
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
|
|
||||||
#[derive(Deserialize)]
|
#[derive(Deserialize)]
|
||||||
struct AuthenticateParams {
|
struct AuthenticateParams {
|
||||||
|
@ -193,6 +191,7 @@ pub async fn main() {
|
||||||
.or(echo_unauthenticated);
|
.or(echo_unauthenticated);
|
||||||
*/
|
*/
|
||||||
let filter = make_user(auth_ctx.clone())
|
let filter = make_user(auth_ctx.clone())
|
||||||
|
.or(make_invitation(auth_ctx.clone()))
|
||||||
.or(authenticate(auth_ctx.clone()))
|
.or(authenticate(auth_ctx.clone()))
|
||||||
.or(echo_authenticated)
|
.or(echo_authenticated)
|
||||||
.or(echo_unauthenticated);
|
.or(echo_unauthenticated);
|
||||||
|
|
Loading…
Reference in New Issue