mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 12:37:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

clippying all the things (#2931)

Browse source 
* clippying all the things
This commit is contained in:
James Hodgkinson 2024-07-26 00:02:37 -07:00 committed by GitHub
parent 2a5e8113e6
commit 2a7a009482
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 55 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
RELEASE_NOTES.md
View file

@ -70,7 +70,7 @@ tools to interact with Kanidm.
- Replication for two node environments is now supported - Replication for two node environments is now supported
- Account policy supports password minimum length - Account policy supports password minimum length
- Improve performance of webui - Improve performance of webui
- Add transitional compatability with SSSD - Add transitional compatibility with SSSD
- Improve TPM interfaces in unix clients - Improve TPM interfaces in unix clients
- Allow importing more weak password schemes from FreeIPA - Allow importing more weak password schemes from FreeIPA
- Support Attestation of Passkeys/Webauthn - this makes us the first IDM to support this! - Support Attestation of Passkeys/Webauthn - this makes us the first IDM to support this!
@ -227,7 +227,7 @@ for a future supported release.
The project is shaping up very nicely, and a beta will be coming soon! The project is shaping up very nicely, and a beta will be coming soon!
### Upgrade Note! ### Upgrade Note
This version will _require_ TLS on all servers, even if behind a load balancer or TLS terminating This version will _require_ TLS on all servers, even if behind a load balancer or TLS terminating
proxy. You should be ready for this change when you upgrade to the latest version. proxy. You should be ready for this change when you upgrade to the latest version.

22
server/core/src/config.rs
View file

@ -4,7 +4,7 @@
//! These components should be "per server". Any "per domain" config should be in the system //! These components should be "per server". Any "per domain" config should be in the system
//! or domain entries that are able to be replicated. //! or domain entries that are able to be replicated.
use std::fmt; use std::fmt::{self, Display};
use std::fs::File; use std::fs::File;
use std::io::Read; use std::io::Read;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
@ -431,12 +431,12 @@ pub enum ServerRole {
ReadOnlyReplica, ReadOnlyReplica,
} }
impl ToString for ServerRole { impl Display for ServerRole {
fn to_string(&self) -> String { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self { match self {
ServerRole::WriteReplica => "write replica".to_string(), ServerRole::WriteReplica => f.write_str("write replica"),
ServerRole::WriteReplicaNoUI => "write replica (no ui)".to_string(), ServerRole::WriteReplicaNoUI => f.write_str("write replica (no ui)"),
ServerRole::ReadOnlyReplica => "read only replica".to_string(), ServerRole::ReadOnlyReplica => f.write_str("read only replica"),
} }
} }
} }
@ -537,8 +537,8 @@ impl fmt::Display for Configuration {
self.integration_test_config.is_some() self.integration_test_config.is_some()
)?; )?;
write!(f, "console output format: {:?} ", self.output_mode)?; write!(f, "console output format: {:?} ", self.output_mode)?;
write!(f, "log_level: {}", self.log_level.clone().to_string())?; write!(f, "log_level: {}", self.log_level)?;
write!(f, "role: {}, ", self.role.to_string())?; write!(f, "role: {}, ", self.role)?;
match &self.repl_config { match &self.repl_config {
Some(repl) => { Some(repl) => {
write!(f, "replication: enabled")?; write!(f, "replication: enabled")?;
@ -662,7 +662,7 @@ impl Configuration {
} }
pub fn update_db_fs_type(&mut self, p: &Option<FsType>) { pub fn update_db_fs_type(&mut self, p: &Option<FsType>) {
self.db_fs_type = p.to_owned(); p.clone_into(&mut self.db_fs_type);
} }
pub fn update_bind(&mut self, b: &Option<String>) { pub fn update_bind(&mut self, b: &Option<String>) {
@ -673,12 +673,12 @@ impl Configuration {
} }
pub fn update_ldapbind(&mut self, l: &Option<String>) { pub fn update_ldapbind(&mut self, l: &Option<String>) {
self.ldapaddress = l.clone(); self.ldapaddress.clone_from(l);
} }
pub fn update_admin_bind_path(&mut self, p: &Option<String>) { pub fn update_admin_bind_path(&mut self, p: &Option<String>) {
if let Some(p) = p { if let Some(p) = p {
self.adminbindpath = p.clone(); self.adminbindpath.clone_from(p);
} }
} }

2
server/core/src/https/extractors/mod.rs
View file

@ -148,7 +148,7 @@ impl FromRequestParts<ServerState> for VerifiedClientInformation {
if authz_type == "basic" { if authz_type == "basic" {
(Some(authz_data.to_string()), None) (Some(authz_data.to_string()), None)
} else if authz_type == "bearer" { } else if authz_type == "bearer" {
if let Some(jwsc) = JwsCompact::from_str(authz_data).ok() { if let Ok(jwsc) = JwsCompact::from_str(authz_data) {
(None, Some(jwsc)) (None, Some(jwsc))
} else { } else {
warn!("bearer jws invalid"); warn!("bearer jws invalid");

7
server/core/src/https/mod.rs
View file

@ -46,6 +46,7 @@ use kanidm_lib_crypto::x509_cert::{der::Decode, x509_public_key_s256, Certificat
use serde::de::DeserializeOwned; use serde::de::DeserializeOwned;
use sketching::*; use sketching::*;
use std::fmt::Write;
use tokio::{ use tokio::{
net::{TcpListener, TcpStream}, net::{TcpListener, TcpStream},
sync::broadcast, sync::broadcast,
@ -227,8 +228,10 @@ pub async fn create_https_server(
let js_checksums: String = js_directives let js_checksums: String = js_directives
.iter() .iter()
.map(|value| format!(" 'sha384-{}'", value)) .fold(String::new(), |mut output, value| {
.collect(); let _ = write!(output, " 'sha384-{}'", value);
output
});
let csp_header = format!( let csp_header = format!(
concat!( concat!(

6
server/core/src/https/v1.rs
View file

@ -422,10 +422,7 @@ pub async fn json_rest_event_delete_attr(
kopid: KOpId, kopid: KOpId,
client_auth_info: ClientAuthInfo, client_auth_info: ClientAuthInfo,
) -> Result<Json<()>, WebError> { ) -> Result<Json<()>, WebError> {
let values = match values { let values = values.unwrap_or_default();
Some(val) => val,
None => vec![],
};
if values.is_empty() { if values.is_empty() {
state state
@ -1993,7 +1990,6 @@ pub async fn person_id_unix_post(
security(("token_jwt" = [])), security(("token_jwt" = [])),
tag = "v1/service_account", tag = "v1/service_account",
)] )]
///
#[instrument(, level = "INFO", skip(id, state, kopid))] #[instrument(, level = "INFO", skip(id, state, kopid))]
pub async fn service_account_id_unix_post( pub async fn service_account_id_unix_post(
State(state): State<ServerState>, State(state): State<ServerState>,

5
server/core/src/https/views/errors.rs
View file

@ -38,7 +38,7 @@ impl IntoResponse for HtmxError {
// } // }
HtmxError::OperationError(_kopid, inner) => { HtmxError::OperationError(_kopid, inner) => {
let body = serde_json::to_string(&inner).unwrap_or(inner.to_string()); let body = serde_json::to_string(&inner).unwrap_or(inner.to_string());
let response = match &inner { match &inner {
OperationError::NotAuthenticated | OperationError::SessionExpired => { OperationError::NotAuthenticated | OperationError::SessionExpired => {
Redirect::to("/ui").into_response() Redirect::to("/ui").into_response()
} }
@ -55,8 +55,7 @@ impl IntoResponse for HtmxError {
(StatusCode::BAD_REQUEST, body).into_response() (StatusCode::BAD_REQUEST, body).into_response()
} }
_ => (StatusCode::INTERNAL_SERVER_ERROR, body).into_response(), _ => (StatusCode::INTERNAL_SERVER_ERROR, body).into_response(),
}; }
response
} }
} }
} }

8
server/core/src/https/views/login.rs
View file

@ -335,7 +335,7 @@ pub async fn view_login_totp_post(
Form(login_totp_form): Form<LoginTotpForm>, Form(login_totp_form): Form<LoginTotpForm>,
) -> Response { ) -> Response {
// trim leading and trailing white space. // trim leading and trailing white space.
let Ok(totp) = u32::from_str(&login_totp_form.totp.trim()) else { let Ok(totp) = u32::from_str(login_totp_form.totp.trim()) else {
// If not an int, we need to re-render with an error // If not an int, we need to re-render with an error
return HtmlTemplate(LoginTotpView { return HtmlTemplate(LoginTotpView {
totp: String::default(), totp: String::default(),
@ -591,7 +591,8 @@ async fn view_login_step(
HtmlTemplate(LoginBackupCodeView {}).into_response() HtmlTemplate(LoginBackupCodeView {}).into_response()
} }
AuthAllowed::SecurityKey(chal) => { AuthAllowed::SecurityKey(chal) => {
let chal_json = serde_json::to_string(&chal).unwrap(); let chal_json = serde_json::to_string(&chal)
.map_err(|_| OperationError::SerdeJsonError)?;
HtmlTemplate(LoginWebauthnView { HtmlTemplate(LoginWebauthnView {
passkey: false, passkey: false,
chal: chal_json, chal: chal_json,
@ -599,7 +600,8 @@ async fn view_login_step(
.into_response() .into_response()
} }
AuthAllowed::Passkey(chal) => { AuthAllowed::Passkey(chal) => {
let chal_json = serde_json::to_string(&chal).unwrap(); let chal_json = serde_json::to_string(&chal)
.map_err(|_| OperationError::SerdeJsonError)?;
HtmlTemplate(LoginWebauthnView { HtmlTemplate(LoginWebauthnView {
passkey: true, passkey: true,
chal: chal_json, chal: chal_json,

7
server/core/src/https/views/oauth2.rs
View file

@ -137,7 +137,7 @@ async fn oauth2_auth_req(
// We store the auth_req into the cookie. // We store the auth_req into the cookie.
let kref = &state.jws_signer; let kref = &state.jws_signer;
let token = match Jws::into_json(&auth_req) let token = Jws::into_json(&auth_req)
.map_err(|err| { .map_err(|err| {
error!(?err, "Failed to serialise AuthorisationRequest"); error!(?err, "Failed to serialise AuthorisationRequest");
OperationError::InvalidSessionState OperationError::InvalidSessionState
@ -148,8 +148,9 @@ async fn oauth2_auth_req(
OperationError::InvalidSessionState OperationError::InvalidSessionState
}) })
}) })
.map(|jwss| jwss.to_string()) .map(|jwss| jwss.to_string());
{
let token = match token {
Ok(jws) => jws, Ok(jws) => jws,
Err(err_code) => { Err(err_code) => {
return HtmlTemplate(UnrecoverableErrorView { return HtmlTemplate(UnrecoverableErrorView {

7
server/core/src/repl/mod.rs
View file

@ -242,12 +242,9 @@ async fn repl_run_consumer(
idms: &IdmServer, idms: &IdmServer,
consumer_conn_settings: &ConsumerConnSettings, consumer_conn_settings: &ConsumerConnSettings,
) -> Option<SocketAddr> { ) -> Option<SocketAddr> {
let Some((socket_addr, mut supplier_conn)) = let (socket_addr, mut supplier_conn) =
repl_consumer_connect_supplier(domain, sock_addrs, tls_connector, consumer_conn_settings) repl_consumer_connect_supplier(domain, sock_addrs, tls_connector, consumer_conn_settings)
.await .await?;
else {
return None;
};
// Perform incremental. // Perform incremental.
let consumer_ruv_range = { let consumer_ruv_range = {

2
server/lib/src/be/mod.rs
View file

@ -582,7 +582,7 @@ pub trait BackendTransaction {
Some(idx_key) => { Some(idx_key) => {
match self match self
.get_idlayer() .get_idlayer()
.get_idl(attr, IndexType::SubString, &idx_key)? .get_idl(attr, IndexType::SubString, idx_key)?
{ {
Some(idl) => idl, Some(idl) => idl,
None => return Ok((IdList::AllIds, FilterPlan::SubCorrupt(attr.clone()))), None => return Ok((IdList::AllIds, FilterPlan::SubCorrupt(attr.clone()))),

4
server/lib/src/idm/authsession.rs
View file

@ -1496,7 +1496,7 @@ impl AuthSession {
( (
Some(AuthSessionState::Success), Some(AuthSessionState::Success),
Ok(AuthState::Success(token, self.issue)), Ok(AuthState::Success(Box::new(token), self.issue)),
) )
} }
CredState::Continue(allowed) => { CredState::Continue(allowed) => {
@ -1858,7 +1858,7 @@ mod tests {
let jws_verifier = JwsDangerReleaseWithoutVerify::default(); let jws_verifier = JwsDangerReleaseWithoutVerify::default();
jws_verifier jws_verifier
.verify(&jwsc) .verify(&*jwsc)
.unwrap() .unwrap()
.from_json::<UserAuthToken>() .from_json::<UserAuthToken>()
.unwrap() .unwrap()

8
server/lib/src/idm/credupdatesession.rs
View file

@ -2603,7 +2603,7 @@ mod tests {
let da = idms_delayed.try_recv().expect("invalid"); let da = idms_delayed.try_recv().expect("invalid");
assert!(matches!(da, DelayedAction::AuthSessionRecord(_))); assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
Some(token) Some(*token)
} }
_ => None, _ => None,
} }
@ -2669,7 +2669,7 @@ mod tests {
// Process the auth session // Process the auth session
let da = idms_delayed.try_recv().expect("invalid"); let da = idms_delayed.try_recv().expect("invalid");
assert!(matches!(da, DelayedAction::AuthSessionRecord(_))); assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
Some(token) Some(*token)
} }
_ => None, _ => None,
} }
@ -2737,7 +2737,7 @@ mod tests {
// Process the auth session // Process the auth session
let da = idms_delayed.try_recv().expect("invalid"); let da = idms_delayed.try_recv().expect("invalid");
assert!(matches!(da, DelayedAction::AuthSessionRecord(_))); assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
Some(token) Some(*token)
} }
_ => None, _ => None,
} }
@ -2812,7 +2812,7 @@ mod tests {
let da = idms_delayed.try_recv().expect("invalid"); let da = idms_delayed.try_recv().expect("invalid");
assert!(matches!(da, DelayedAction::AuthSessionRecord(_))); assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
Some(token) Some(*token)
} }
_ => None, _ => None,
} }

2
server/lib/src/idm/mod.rs
View file

@ -32,7 +32,7 @@ pub enum AuthState {
Choose(Vec<AuthMech>), Choose(Vec<AuthMech>),
Continue(Vec<AuthAllowed>), Continue(Vec<AuthAllowed>),
Denied(String), Denied(String),
Success(JwsCompact, AuthIssueSession), Success(Box<JwsCompact>, AuthIssueSession),
} }
impl fmt::Debug for AuthState { impl fmt::Debug for AuthState {

8
server/lib/src/idm/reauth.rs
View file

@ -396,7 +396,7 @@ mod tests {
let r = idms.delayed_action(ct, da).await; let r = idms.delayed_action(ct, da).await;
assert!(r.is_ok()); assert!(r.is_ok());
Some(token) Some(*token)
} }
_ => None, _ => None,
} }
@ -467,7 +467,7 @@ mod tests {
let r = idms.delayed_action(ct, da).await; let r = idms.delayed_action(ct, da).await;
assert!(r.is_ok()); assert!(r.is_ok());
Some(token) Some(*token)
} }
_ => None, _ => None,
} }
@ -545,7 +545,7 @@ mod tests {
// NOTE: Unlike initial auth we don't need to check the auth session in the queue // NOTE: Unlike initial auth we don't need to check the auth session in the queue
// since we don't re-issue it. // since we don't re-issue it.
Some(token) Some(*token)
} }
_ => unreachable!(), _ => unreachable!(),
} }
@ -615,7 +615,7 @@ mod tests {
// Process the auth session // Process the auth session
let da = idms_delayed.try_recv().expect("invalid"); let da = idms_delayed.try_recv().expect("invalid");
assert!(matches!(da, DelayedAction::AuthSessionRecord(_))); assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
Some(token) Some(*token)
} }
_ => None, _ => None,
} }

2
server/lib/src/idm/server.rs
View file

@ -2367,7 +2367,7 @@ mod tests {
idms_auth.commit().expect("Must not fail"); idms_auth.commit().expect("Must not fail");
token *token
} }
#[idm_test] #[idm_test]

4
server/lib/src/utils.rs
View file

@ -110,7 +110,7 @@ impl<'a> GraphemeClusterIter<'a> {
char_bounds char_bounds
}; };
let window_max = char_bounds.len().checked_sub(window).unwrap_or(0); let window_max = char_bounds.len().saturating_sub(window);
let range = 0..window_max; let range = 0..window_max;
GraphemeClusterIter { GraphemeClusterIter {
@ -134,7 +134,7 @@ impl<'a> Iterator for GraphemeClusterIter<'a> {
} }
fn size_hint(&self) -> (usize, Option<usize>) { fn size_hint(&self) -> (usize, Option<usize>) {
let clusters = self.char_bounds.len().checked_sub(1).unwrap_or(0); let clusters = self.char_bounds.len().saturating_sub(1);
(clusters, Some(clusters)) (clusters, Some(clusters))
} }
} }

2
server/lib/src/valueset/mod.rs
View file

@ -840,7 +840,7 @@ pub fn from_db_valueset_v2(dbvs: DbValueSetV2) -> Result<ValueSet, OperationErro
DbValueSetV2::EmailAddress(primary, set) => ValueSetEmailAddress::from_dbvs2(primary, set), DbValueSetV2::EmailAddress(primary, set) => ValueSetEmailAddress::from_dbvs2(primary, set),
DbValueSetV2::Passkey(set) => ValueSetPasskey::from_dbvs2(set), DbValueSetV2::Passkey(set) => ValueSetPasskey::from_dbvs2(set),
DbValueSetV2::AttestedPasskey(set) => ValueSetAttestedPasskey::from_dbvs2(set), DbValueSetV2::AttestedPasskey(set) => ValueSetAttestedPasskey::from_dbvs2(set),
DbValueSetV2::Session(set) => ValueSetSession::from_dbvs2(set), DbValueSetV2::Session(set) => ValueSetSession::from_dbvs2(&set),
DbValueSetV2::ApiToken(set) => ValueSetApiToken::from_dbvs2(set), DbValueSetV2::ApiToken(set) => ValueSetApiToken::from_dbvs2(set),
DbValueSetV2::Oauth2Session(set) => ValueSetOauth2Session::from_dbvs2(set), DbValueSetV2::Oauth2Session(set) => ValueSetOauth2Session::from_dbvs2(set),
DbValueSetV2::JwsKeyEs256(set) => ValueSetJwsKeyEs256::from_dbvs2(&set), DbValueSetV2::JwsKeyEs256(set) => ValueSetJwsKeyEs256::from_dbvs2(&set),

2
server/lib/src/valueset/session.rs
View file

@ -191,7 +191,7 @@ impl ValueSetSession {
Ok(Box::new(ValueSetSession { map })) Ok(Box::new(ValueSetSession { map }))
} }
pub fn from_dbvs2(data: Vec<DbValueSession>) -> Result<ValueSet, OperationError> { pub fn from_dbvs2(data: &[DbValueSession]) -> Result<ValueSet, OperationError> {
Self::from_dbv_iter(data.iter()) Self::from_dbv_iter(data.iter())
} }

4
server/testkit/src/lib.rs
View file

@ -72,7 +72,7 @@ pub async fn setup_async_test(mut config: Configuration) -> (KanidmClient, CoreH
config.address = format!("127.0.0.1:{}", port); config.address = format!("127.0.0.1:{}", port);
config.integration_test_config = Some(int_config); config.integration_test_config = Some(int_config);
config.domain = "localhost".to_string(); config.domain = "localhost".to_string();
config.origin = addr.clone(); config.origin.clone_from(&addr);
let core_handle = match create_server_core(config, false).await { let core_handle = match create_server_core(config, false).await {
Ok(val) => val, Ok(val) => val,
@ -320,7 +320,7 @@ pub async fn test_read_attrs(
.await .await
.unwrap() .unwrap()
.is_some(), .is_some(),
_ => e.attrs.get(attr.as_ref()).is_some(), _ => e.attrs.contains_key(attr.as_ref()),
}; };
trace!("is_ok: {}, is_readable: {}", is_ok, is_readable); trace!("is_ok: {}, is_readable: {}", is_ok, is_readable);
assert!(is_ok == is_readable) assert!(is_ok == is_readable)

4
tools/iam_migrations/ldap/src/main.rs
View file

@ -539,7 +539,7 @@ fn ldap_to_scim_entry(
entry entry
.get_ava_single(&sync_config.person_attr_gidnumber) .get_ava_single(&sync_config.person_attr_gidnumber)
.map(|gid| { .map(|gid| {
u32::from_str(&gid).map_err(|_| { u32::from_str(gid).map_err(|_| {
error!( error!(
"Invalid gidnumber - {} is not a u32 (person_attr_gidnumber)", "Invalid gidnumber - {} is not a u32 (person_attr_gidnumber)",
sync_config.person_attr_gidnumber sync_config.person_attr_gidnumber
@ -664,7 +664,7 @@ fn ldap_to_scim_entry(
let gidnumber = entry let gidnumber = entry
.get_ava_single(&sync_config.group_attr_gidnumber) .get_ava_single(&sync_config.group_attr_gidnumber)
.map(|gid| { .map(|gid| {
u32::from_str(&gid).map_err(|_| { u32::from_str(gid).map_err(|_| {
error!( error!(
"Invalid gidnumber - {} is not a u32 (group_attr_gidnumber)", "Invalid gidnumber - {} is not a u32 (group_attr_gidnumber)",
sync_config.group_attr_gidnumber sync_config.group_attr_gidnumber

2
unix_integration/resolver/src/bin/kanidm_unixd_tasks.rs
View file

@ -104,7 +104,7 @@ fn create_home_directory(
.map_err(|e| format!("{:?}", e))?; .map_err(|e| format!("{:?}", e))?;
let home_mount_prefix_path = home_mount_prefix_path let home_mount_prefix_path = home_mount_prefix_path
.unwrap_or_else(|| &home_prefix_path) .unwrap_or(&home_prefix_path)
.canonicalize() .canonicalize()
.map_err(|e| format!("{:?}", e))?; .map_err(|e| format!("{:?}", e))?;