chore(deps): bump base64 from 0.13.1 to 0.21.0 (#1350)

* chore(deps): bump base64 from 0.13.1 to 0.21.0 Bumps [base64](https://github.com/marshallpierce/rust-base64) from 0.13.1 to 0.21.0. - [Release notes](https://github.com/marshallpierce/rust-base64/releases) - [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md) - [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.13.1...v0.21.0) --- updated-dependencies: - dependency-name: base64 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * base64 fixes * fmt fixes --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>
2025-02-23 12:37:00 +01:00 · 2023-03-06 13:57:21 +10:00 · 2023-03-06 13:57:21 +10:00 · 113258d523
parent 30a6e100be
commit 113258d523
8 changed files with 62 additions and 32 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2273,7 +2273,7 @@ dependencies = [
 name = "kanidm_lib_crypto"
 version = "0.1.0"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.0",
 "base64urlsafedata",
 "hex",
 "kanidm_proto",
@ -2410,7 +2410,7 @@ name = "kanidmd_lib"
 version = "1.1.0-alpha.12-dev"
 dependencies = [
 "async-trait",
- "base64 0.13.1",
+ "base64 0.21.0",
 "base64urlsafedata",
 "compact_jwt",
 "concread",
@ -3426,7 +3426,7 @@ dependencies = [
 name = "profiles"
 version = "1.1.0-alpha.12-dev"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.0",
 "serde",
 "toml",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -40,7 +40,7 @@ repository = "https://github.com/kanidm/kanidm/"
 [workspace.dependencies]
 async-trait = "^0.1.62"
 base32 = "^0.4.0"
-base64 = "^0.13.1"
+base64 = "^0.21.0"
 base64urlsafedata = "0.1.3"
 bytes = "^1.3.0"
 clap = { version = "^3.2", features = ["derive"] }
--- a/libs/crypto/src/lib.rs
+++ b/libs/crypto/src/lib.rs
@ -1,5 +1,8 @@
 use base64::engine::GeneralPurpose;
 use base64::{alphabet, Engine};
 use tracing::{debug, error, warn};
 use base64::engine::general_purpose;
 use base64urlsafedata::Base64UrlSafeData;
 use rand::Rng;
 use serde::{Deserialize, Serialize};
@ -235,7 +238,7 @@ impl TryFrom<&str> for Password {
                "pbkdf2_sha256" => {
                    let c = cost.parse::<usize>().map_err(|_| ())?;
                    let s: Vec<_> = salt.as_bytes().to_vec();
-                    let h = base64::decode(hash).map_err(|_| ())?;
+                    let h = general_purpose::STANDARD.decode(hash).map_err(|_| ())?;
                    if h.len() < PBKDF2_MIN_NIST_KEY_LEN {
                        return Err(());
                    }
@ -255,7 +258,10 @@ impl TryFrom<&str> for Password {
                }
            };
-            let h = base64::decode_config(nt_md4, base64::STANDARD_NO_PAD).map_err(|_| ())?;
+            let h = base64::engine::general_purpose::STANDARD_NO_PAD
                .decode(nt_md4)
                .map_err(|_| ())?;
            return Ok(Password {
                material: Kdf::NT_MD4(h),
            });
@ -277,7 +283,9 @@ impl TryFrom<&str> for Password {
        // Test 389ds formats
        if let Some(ds_ssha512) = value.strip_prefix("{SSHA512}") {
-            let sh = base64::decode(ds_ssha512).map_err(|_| ())?;
+            let sh = general_purpose::STANDARD
                .decode(ds_ssha512)
                .map_err(|_| ())?;
            let (h, s) = sh.split_at(DS_SSHA512_HASH_LEN);
            if s.len() != DS_SSHA512_SALT_LEN {
                return Err(());
@ -309,16 +317,18 @@ impl TryFrom<&str> for Password {
                let c = cost.parse::<usize>().map_err(|_| ())?;
                let s = ab64_to_b64!(salt);
-                let s = base64::decode_config(s, base64::STANDARD.decode_allow_trailing_bits(true))
+                let base64_decoder_config = general_purpose::GeneralPurposeConfig::new()
-                    .map_err(|e| {
+                    .with_decode_allow_trailing_bits(true);
-                        error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
+                let base64_decoder =
-                    })?;
+                    GeneralPurpose::new(&alphabet::STANDARD, base64_decoder_config);
                let s = base64_decoder.decode(s).map_err(|e| {
                    error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
                })?;
                let h = ab64_to_b64!(hash);
-                let h = base64::decode_config(h, base64::STANDARD.decode_allow_trailing_bits(true))
+                let h = base64_decoder.decode(h).map_err(|e| {
-                    .map_err(|e| {
+                    error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
-                        error!(?e, "Invalid base64 in oldap pbkdf2-sha1");
+                })?;
                    })?;
                // This is just sha1 in a trenchcoat.
                if value.strip_prefix("{PBKDF2}").is_some()
--- a/libs/profiles/build.rs
+++ b/libs/profiles/build.rs
@ -1,6 +1,8 @@
 use std::path::PathBuf;
 use std::{env, fs};
 use base64::{engine::general_purpose, Engine as _};
 fn main() {
    println!("cargo:rerun-if-env-changed=KANIDM_BUILD_PROFILE");
@ -13,7 +15,7 @@ fn main() {
    let data =
        fs::read(&profile_path).unwrap_or_else(|_| panic!("Failed to read {:?}", profile_path));
-    let contents = base64::encode(data);
+    let contents = general_purpose::STANDARD.encode(data);
    println!("cargo:rerun-if-changed={}", profile_path.to_str().unwrap());
--- a/libs/profiles/src/lib.rs
+++ b/libs/profiles/src/lib.rs
@ -1,5 +1,6 @@
 use std::env;
 use base64::{engine::general_purpose, Engine as _};
 use serde::Deserialize;
 #[derive(Debug, Deserialize)]
@ -52,7 +53,8 @@ pub fn apply_profile() {
    let profile = env!("KANIDM_BUILD_PROFILE");
    let contents = env!("KANIDM_BUILD_PROFILE_TOML");
-    let data = base64::decode(contents)
+    let data = general_purpose::STANDARD
        .decode(contents)
        .unwrap_or_else(|_| panic!("Failed to parse profile - {} - {}", profile, contents));
    let profile_cfg: ProfileConfig = toml::from_slice(&data)
--- a/server/lib/src/be/dbvalue.rs
+++ b/server/lib/src/be/dbvalue.rs
@ -660,6 +660,7 @@ impl DbValueSetV2 {
 #[cfg(test)]
 mod tests {
    use base64::{engine::general_purpose, Engine as _};
    use serde::{Deserialize, Serialize};
    use uuid::Uuid;
@ -707,10 +708,10 @@ mod tests {
            uuid: Uuid::new_v4(),
        };
        let data = serde_cbor::to_vec(&dbcred).unwrap();
-        let s = base64::encode(data);
+        let s = general_purpose::STANDARD.encode(data);
        */
        let s = "o2hwYXNzd29yZKFmUEJLREYygwCBAIEAZmNsYWltc4BkdXVpZFAjkHFm4q5M86UcNRi4hBjN";
-        let data = base64::decode(s).unwrap();
+        let data = general_purpose::STANDARD.decode(s).unwrap();
        let dbcred: DbCredV1 = serde_cbor::from_slice(data.as_slice()).unwrap();
        // Test converting to the new enum format
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@ -10,6 +10,8 @@ use std::fmt;
 use std::sync::Arc;
 use std::time::Duration;
 use base64::{engine::general_purpose, Engine as _};
 use base64urlsafedata::Base64UrlSafeData;
 pub use compact_jwt::{JwkKeySet, OidcToken};
 use compact_jwt::{JwsSigner, OidcClaims, OidcSubject};
@ -1545,7 +1547,8 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
 fn parse_basic_authz(client_authz: &str) -> Result<(String, String), Oauth2Error> {
    // Check the client_authz
-    let authz = base64::decode(client_authz)
+    let authz = general_purpose::STANDARD
        .decode(client_authz)
        .map_err(|_| {
            admin_error!("Basic authz invalid base64");
            Oauth2Error::AuthenticationRequired
@ -1616,6 +1619,7 @@ fn extra_claims_for_account(
 #[cfg(test)]
 mod tests {
    use base64::{engine::general_purpose, Engine as _};
    use std::convert::TryFrom;
    use std::str::FromStr;
    use std::time::Duration;
@ -2181,7 +2185,8 @@ mod tests {
        );
        //  * doesn't have :
-        let client_authz = Some(base64::encode(format!("test_resource_server {secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server {secret}")));
        assert!(
            idms_prox_read
                .check_oauth2_token_exchange(client_authz.as_deref(), &token_req, ct)
@ -2190,7 +2195,8 @@ mod tests {
        );
        //  * invalid client_id
-        let client_authz = Some(base64::encode(format!("NOT A REAL SERVER:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("NOT A REAL SERVER:{secret}")));
        assert!(
            idms_prox_read
                .check_oauth2_token_exchange(client_authz.as_deref(), &token_req, ct)
@ -2199,7 +2205,7 @@ mod tests {
        );
        //  * valid client_id, but invalid secret
-        let client_authz = Some(base64::encode("test_resource_server:12345"));
+        let client_authz = Some(general_purpose::STANDARD.encode("test_resource_server:12345"));
        assert!(
            idms_prox_read
                .check_oauth2_token_exchange(client_authz.as_deref(), &token_req, ct)
@ -2208,7 +2214,8 @@ mod tests {
        );
        // ✅ Now the valid client_authz is in place.
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        //  * expired exchange code (took too long)
        assert!(
            idms_prox_read
@ -2291,7 +2298,8 @@ mod tests {
        let ct = Duration::from_secs(TEST_CURRENT_TIME);
        let (secret, uat, ident, _) =
            setup_oauth2_resource_server(idms, ct, true, false, false).await;
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        let mut idms_prox_read = idms.proxy_read().await;
@ -2395,7 +2403,8 @@ mod tests {
        let ct = Duration::from_secs(TEST_CURRENT_TIME);
        let (secret, uat, ident, _) =
            setup_oauth2_resource_server(idms, ct, true, false, false).await;
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        let mut idms_prox_read = idms.proxy_read().await;
@ -2473,7 +2482,7 @@ mod tests {
        // First, the revoke needs basic auth. Provide incorrect auth, and we fail.
        let mut idms_prox_write = idms.proxy_write(ct).await;
-        let bad_client_authz = Some(base64::encode("test_resource_server:12345"));
+        let bad_client_authz = Some(general_purpose::STANDARD.encode("test_resource_server:12345"));
        let revoke_request = TokenRevokeRequest {
            token: oauth2_token.access_token.clone(),
            token_type_hint: None,
@ -2557,7 +2566,8 @@ mod tests {
        let ct = Duration::from_secs(TEST_CURRENT_TIME);
        let (secret, uat, ident, _) =
            setup_oauth2_resource_server(idms, ct, true, false, false).await;
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        let mut idms_prox_read = idms.proxy_read().await;
@ -2892,7 +2902,8 @@ mod tests {
        let ct = Duration::from_secs(TEST_CURRENT_TIME);
        let (secret, uat, ident, _) =
            setup_oauth2_resource_server(idms, ct, true, false, false).await;
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        let mut idms_prox_read = idms.proxy_read().await;
@ -3024,7 +3035,8 @@ mod tests {
        let ct = Duration::from_secs(TEST_CURRENT_TIME);
        let (secret, uat, ident, _) =
            setup_oauth2_resource_server(idms, ct, true, false, true).await;
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        let mut idms_prox_read = idms.proxy_read().await;
@ -3117,7 +3129,8 @@ mod tests {
        let ct = Duration::from_secs(TEST_CURRENT_TIME);
        let (secret, uat, ident, _) =
            setup_oauth2_resource_server(idms, ct, true, false, true).await;
-        let client_authz = Some(base64::encode(format!("test_resource_server:{secret}")));
+        let client_authz =
            Some(general_purpose::STANDARD.encode(format!("test_resource_server:{secret}")));
        let mut idms_prox_read = idms.proxy_read().await;
--- a/server/lib/src/value.rs
+++ b/server/lib/src/value.rs
@ -11,6 +11,8 @@ use std::fmt;
 use std::str::FromStr;
 use std::time::Duration;
 #[cfg(test)]
 use base64::{engine::general_purpose, Engine as _};
 use compact_jwt::JwsSigner;
 use hashbrown::HashSet;
 use kanidm_proto::v1::ApiTokenPurpose;
@ -1290,7 +1292,7 @@ impl Value {
    #[cfg(test)]
    pub fn new_privatebinary_base64(der: &str) -> Self {
-        let der = base64::decode(der).unwrap();
+        let der = general_purpose::STANDARD.decode(der).unwrap();
        Value::PrivateBinary(der)
    }