|
|
|
@ -6,6 +6,9 @@ use std::{convert::Infallible, str::FromStr};
|
|
|
|
|
use thiserror::Error;
|
|
|
|
|
use uuid::{adapter::Hyphenated, Uuid};
|
|
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
use crate::errors::maybe_fail;
|
|
|
|
|
|
|
|
|
|
#[derive(Debug, Error, PartialEq)]
|
|
|
|
|
pub enum AuthenticationError {
|
|
|
|
|
#[error("username already exists")]
|
|
|
|
@ -141,7 +144,7 @@ impl FromSql for Username {
|
|
|
|
|
pub trait AuthenticationDB: Send + Sync {
|
|
|
|
|
fn create_user(&mut self, username: Username) -> AppResult<UserId, AuthenticationError>;
|
|
|
|
|
|
|
|
|
|
fn create_invitation(&mut self, user: &UserId) -> AppResult<Invitation, AuthenticationError>;
|
|
|
|
|
fn create_invitation(&mut self, user: UserId) -> AppResult<Invitation, AuthenticationError>;
|
|
|
|
|
|
|
|
|
|
fn authenticate(
|
|
|
|
|
&mut self,
|
|
|
|
@ -176,9 +179,8 @@ pub struct MemoryAuth {
|
|
|
|
|
|
|
|
|
|
impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
fn create_user(&mut self, username: Username) -> AppResult<UserId, AuthenticationError> {
|
|
|
|
|
if self.users.contains_key(&username) {
|
|
|
|
|
return Ok(Err(AuthenticationError::DuplicateUsername));
|
|
|
|
|
}
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
|
|
|
|
|
|
|
|
|
let userid = UserId::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
|
|
|
|
self.users.insert(username.clone(), userid.clone());
|
|
|
|
@ -187,14 +189,17 @@ impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
ok(userid)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn create_invitation(&mut self, user: &UserId) -> AppResult<Invitation, AuthenticationError> {
|
|
|
|
|
fn create_invitation(&mut self, user: UserId) -> AppResult<Invitation, AuthenticationError> {
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
|
|
|
|
|
|
|
|
|
if !self.inverse_users.contains_key(&user) {
|
|
|
|
|
return error::<Invitation, AuthenticationError>(AuthenticationError::UserNotFound);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let invitation =
|
|
|
|
|
Invitation::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
|
|
|
|
self.invitations.insert(invitation.clone(), user.clone());
|
|
|
|
|
self.invitations.insert(invitation.clone(), user);
|
|
|
|
|
ok(invitation)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -202,6 +207,9 @@ impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
&mut self,
|
|
|
|
|
invitation: Invitation,
|
|
|
|
|
) -> AppResult<SessionToken, AuthenticationError> {
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
|
|
|
|
|
|
|
|
|
if let Some(user) = self.invitations.get(&invitation) {
|
|
|
|
|
let session_token =
|
|
|
|
|
SessionToken::from(format!("{}", Hyphenated::from_uuid(Uuid::new_v4())).as_str());
|
|
|
|
@ -214,6 +222,9 @@ impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn delete_session(&mut self, session: SessionToken) -> AppResult<(), AuthenticationError> {
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
|
|
|
|
|
|
|
|
|
if let Some(_) = self.sessions.remove(&session) {
|
|
|
|
|
ok(())
|
|
|
|
|
} else {
|
|
|
|
@ -222,6 +233,9 @@ impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn delete_invitation(&mut self, invitation: Invitation) -> AppResult<(), AuthenticationError> {
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
|
|
|
|
|
|
|
|
|
if let Some(_) = self.invitations.remove(&invitation) {
|
|
|
|
|
ok(())
|
|
|
|
|
} else {
|
|
|
|
@ -230,6 +244,9 @@ impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn delete_user(&mut self, user: UserId) -> AppResult<(), AuthenticationError> {
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
let _ = maybe_fail::<AuthenticationError>(vec![])?;
|
|
|
|
|
|
|
|
|
|
if let Some(username) = self.inverse_users.remove(&user) {
|
|
|
|
|
let _ = self.users.remove(&username);
|
|
|
|
|
self.invitations = self
|
|
|
|
@ -289,11 +306,10 @@ impl AuthenticationDB for MemoryAuth {
|
|
|
|
|
#[cfg(test)]
|
|
|
|
|
mod test {
|
|
|
|
|
use super::*;
|
|
|
|
|
use std::panic;
|
|
|
|
|
|
|
|
|
|
fn with_memory_db<F>(test: F)
|
|
|
|
|
where
|
|
|
|
|
F: Fn(Box<dyn AuthenticationDB>) -> () + panic::UnwindSafe,
|
|
|
|
|
F: Fn(Box<dyn AuthenticationDB>),
|
|
|
|
|
{
|
|
|
|
|
let authdb: Box<MemoryAuth> = Box::new(Default::default());
|
|
|
|
|
test(authdb);
|
|
|
|
@ -311,7 +327,6 @@ mod test {
|
|
|
|
|
assert_eq!(authdb.get_username(&userid).unwrap(), Ok(username));
|
|
|
|
|
assert!(authdb.list_users().unwrap().unwrap().contains(&userid));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -331,197 +346,43 @@ mod test {
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_exchanges_an_invitation_for_a_session() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let username = Username::from("shephard");
|
|
|
|
|
let userid = authdb
|
|
|
|
|
.create_user(username.clone())
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("user to be created");
|
|
|
|
|
let invitation = authdb
|
|
|
|
|
.create_invitation(&userid)
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("invitation to be created");
|
|
|
|
|
let _ = authdb
|
|
|
|
|
.authenticate(invitation)
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("to receive a session token");
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_identifies_a_user_by_session() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let shephard = Username::from("shephard");
|
|
|
|
|
let garrus = Username::from("garrus");
|
|
|
|
|
|
|
|
|
|
let (shephard_session, shephard_id) = {
|
|
|
|
|
let userid = authdb.create_user(shephard.clone()).unwrap().unwrap();
|
|
|
|
|
let invitation = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
(authdb.authenticate(invitation).unwrap().unwrap(), userid)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let (garrus_session, garrus_id) = {
|
|
|
|
|
let userid = authdb.create_user(garrus.clone()).unwrap().unwrap();
|
|
|
|
|
let invitation = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
(authdb.authenticate(invitation).unwrap().unwrap(), userid)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.validate_session(shephard_session).unwrap().unwrap(),
|
|
|
|
|
(shephard, shephard_id)
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.validate_session(garrus_session).unwrap().unwrap(),
|
|
|
|
|
(garrus, garrus_id)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_allows_multiple_invitations_per_user() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let username = Username::from("shephard");
|
|
|
|
|
let userid = authdb.create_user(username).unwrap().unwrap();
|
|
|
|
|
let invite1 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
let invite2 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
assert_ne!(invite1, invite2);
|
|
|
|
|
|
|
|
|
|
authdb.authenticate(invite1).unwrap().unwrap();
|
|
|
|
|
authdb.authenticate(invite2).unwrap().unwrap();
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_exchanges_an_invitation_for_a_session() {
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_allows_multiple_sessions_per_user() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let username = Username::from("shephard");
|
|
|
|
|
let userid = authdb.create_user(username.clone()).unwrap().unwrap();
|
|
|
|
|
let invite1 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
let invite2 = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
|
|
|
|
|
assert_ne!(invite1, invite2);
|
|
|
|
|
|
|
|
|
|
let session1 = authdb.authenticate(invite1).unwrap().unwrap();
|
|
|
|
|
let session2 = authdb.authenticate(invite2).unwrap().unwrap();
|
|
|
|
|
|
|
|
|
|
assert_ne!(session1, session2);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.validate_session(session1).unwrap().unwrap(),
|
|
|
|
|
(username.clone(), userid.clone())
|
|
|
|
|
);
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.validate_session(session2).unwrap().unwrap(),
|
|
|
|
|
(username, userid)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_disallows_invitation_reuse() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let username = Username::from("shephard");
|
|
|
|
|
let userid = authdb
|
|
|
|
|
.create_user(username.clone())
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("user to be created");
|
|
|
|
|
let invitation = authdb
|
|
|
|
|
.create_invitation(&userid)
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("invitation to be created");
|
|
|
|
|
let _ = authdb
|
|
|
|
|
.authenticate(invitation.clone())
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("to receive a session token");
|
|
|
|
|
let reuse_result = authdb.authenticate(invitation).expect("no fatal errors");
|
|
|
|
|
assert_eq!(reuse_result, Err(AuthenticationError::InvalidInvitation));
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_identifies_a_user_by_session() {
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_deletes_a_user_and_invalidates_tokens() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let shephard = Username::from("shephard");
|
|
|
|
|
let garrus = Username::from("garrus");
|
|
|
|
|
|
|
|
|
|
let (shephard_session, shephard_id) = {
|
|
|
|
|
let userid = authdb.create_user(shephard.clone()).unwrap().unwrap();
|
|
|
|
|
let invitation = authdb.create_invitation(&userid).unwrap().unwrap();
|
|
|
|
|
(authdb.authenticate(invitation).unwrap().unwrap(), userid)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
let (garrus_invitation, garrus_id) = {
|
|
|
|
|
let userid = authdb.create_user(garrus.clone()).unwrap().unwrap();
|
|
|
|
|
(authdb.create_invitation(&userid).unwrap().unwrap(), userid)
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
authdb.delete_user(shephard_id).unwrap().unwrap();
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.validate_session(shephard_session).unwrap(),
|
|
|
|
|
Err(AuthenticationError::InvalidSession)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
authdb.delete_user(garrus_id).unwrap().unwrap();
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.authenticate(garrus_invitation).unwrap(),
|
|
|
|
|
Err(AuthenticationError::InvalidInvitation)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_deletes_a_session() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let username = Username::from("shephard");
|
|
|
|
|
let userid = authdb
|
|
|
|
|
.create_user(username.clone())
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("user to be created");
|
|
|
|
|
let invitation = authdb
|
|
|
|
|
.create_invitation(&userid)
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("invitation to be created");
|
|
|
|
|
let session = authdb.authenticate(invitation).unwrap().unwrap();
|
|
|
|
|
|
|
|
|
|
authdb.delete_session(session.clone()).unwrap().unwrap();
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.validate_session(session).unwrap(),
|
|
|
|
|
Err(AuthenticationError::InvalidSession)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
|
fn it_deletes_an_invitation() {
|
|
|
|
|
fn test_case(mut authdb: Box<dyn AuthenticationDB>) {
|
|
|
|
|
let username = Username::from("shephard");
|
|
|
|
|
let userid = authdb
|
|
|
|
|
.create_user(username.clone())
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("user to be created");
|
|
|
|
|
let invitation = authdb
|
|
|
|
|
.create_invitation(&userid)
|
|
|
|
|
.expect("no fatal errors")
|
|
|
|
|
.expect("invitation to be created");
|
|
|
|
|
|
|
|
|
|
authdb
|
|
|
|
|
.delete_invitation(invitation.clone())
|
|
|
|
|
.unwrap()
|
|
|
|
|
.unwrap();
|
|
|
|
|
assert_eq!(
|
|
|
|
|
authdb.authenticate(invitation).unwrap(),
|
|
|
|
|
Err(AuthenticationError::InvalidInvitation)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
with_memory_db(test_case);
|
|
|
|
|
unimplemented!()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|