mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 04:27:02 +01:00
In honour of SebaT, error on db lock acq timeout (#2947)
This commit is contained in:
Firstyear
GitHub
parent
1fbe65b351
commit
3ae8453375
|
|
@ -66,6 +66,7 @@ pub enum ConsistencyError {
|
|||
#[derive(Serialize, Deserialize, Debug, ToSchema)]
|
||||
#[serde(rename_all = "lowercase")]
|
||||
pub enum OperationError {
|
||||
// Logic errors, or "soft" errors.
|
||||
SessionExpired,
|
||||
EmptyRequest,
|
||||
Backend,
|
||||
|
|
@ -126,6 +127,12 @@ pub enum OperationError {
|
|||
/// when you ask for a gid that overlaps a system reserved range
|
||||
/// When a name is denied by the system config
|
||||
ValueDenyName,
|
||||
/// When the DB is potentially over-loaded a timeout can occur starting
|
||||
/// your operation.
|
||||
DatabaseLockAcquisitionTimeout,
|
||||
|
||||
// Specific internal errors.
|
||||
|
||||
// What about something like this for unique errors?
|
||||
// Credential Update Errors
|
||||
CU0001WebauthnAttestationNotTrusted,
|
||||
|
|
@ -290,6 +297,7 @@ impl OperationError {
|
|||
Self::ReplServerUuidSplitDataState => None,
|
||||
Self::TransactionAlreadyCommitted => None,
|
||||
Self::ValueDenyName => None,
|
||||
Self::DatabaseLockAcquisitionTimeout => Some("Unable to acquire a database lock - the current server may be too busy. Try again later."),
|
||||
Self::CU0002WebauthnRegistrationError => None,
|
||||
Self::CU0003WebauthnUserNotVerified => Some("User Verification bit not set while registering credential, you may need to configure a PIN on this device."),
|
||||
Self::CU0001WebauthnAttestationNotTrusted => None,
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ impl QueryServerReadV1 {
|
|||
&self,
|
||||
eventid: Uuid,
|
||||
) -> Result<ProtoDomainInfo, OperationError> {
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
idms_prox_read.qs_read.domain_info()
|
||||
}
|
||||
|
|
@ -40,7 +40,7 @@ impl QueryServerReadV1 {
|
|||
&self,
|
||||
eventid: Uuid,
|
||||
) -> Result<ProtoDomainUpgradeCheckReport, OperationError> {
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
idms_prox_read.qs_read.domain_upgrade_check()
|
||||
}
|
||||
|
|
@ -53,7 +53,10 @@ impl QueryServerWriteV1 {
|
|||
fields(uuid = ?msg.eventid)
|
||||
)]
|
||||
pub async fn handle_purgetombstoneevent(&self, msg: PurgeTombstoneEvent) {
|
||||
let mut idms_prox_write = self.idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let Ok(mut idms_prox_write) = self.idms.proxy_write(duration_from_epoch_now()).await else {
|
||||
warn!("Unable to start purge tombstone event, will retry later");
|
||||
return;
|
||||
};
|
||||
|
||||
let res = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -77,7 +80,10 @@ impl QueryServerWriteV1 {
|
|||
)]
|
||||
pub async fn handle_purgerecycledevent(&self, msg: PurgeRecycledEvent) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let Ok(mut idms_prox_write) = self.idms.proxy_write(ct).await else {
|
||||
warn!("Unable to start purge recycled event, will retry later");
|
||||
return;
|
||||
};
|
||||
let res = idms_prox_write
|
||||
.qs_write
|
||||
.purge_recycled()
|
||||
|
|
@ -108,20 +114,25 @@ impl QueryServerWriteV1 {
|
|||
|
||||
async {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
match self.idms.proxy_write(ct).await {
|
||||
Ok(mut idms_prox_write) => {
|
||||
for da in da_batch.iter() {
|
||||
retry = idms_prox_write.process_delayedaction(da, ct).is_err();
|
||||
if retry {
|
||||
// exit the loop
|
||||
warn!("delayed action failed, will be retried individually.");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
for da in da_batch.iter() {
|
||||
retry = idms_prox_write.process_delayedaction(da, ct).is_err();
|
||||
if retry {
|
||||
// exit the loop
|
||||
warn!("delayed action failed, will be retried individually.");
|
||||
break;
|
||||
if let Err(res) = idms_prox_write.commit() {
|
||||
retry = true;
|
||||
error!(?res, "delayed action batch commit error");
|
||||
}
|
||||
}
|
||||
Err(err) => {
|
||||
error!(?err, "unable to process delayed actions");
|
||||
}
|
||||
}
|
||||
|
||||
if let Err(res) = idms_prox_write.commit() {
|
||||
retry = true;
|
||||
error!(?res, "delayed action batch commit error");
|
||||
}
|
||||
}
|
||||
.instrument(span)
|
||||
|
|
@ -135,12 +146,19 @@ impl QueryServerWriteV1 {
|
|||
|
||||
async {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
if let Err(res) = idms_prox_write
|
||||
.process_delayedaction(da, ct)
|
||||
.and_then(|_| idms_prox_write.commit())
|
||||
{
|
||||
error!(?res, "delayed action commit error");
|
||||
|
||||
match self.idms.proxy_write(ct).await {
|
||||
Ok(mut idms_prox_write) => {
|
||||
if let Err(res) = idms_prox_write
|
||||
.process_delayedaction(da, ct)
|
||||
.and_then(|_| idms_prox_write.commit())
|
||||
{
|
||||
error!(?res, "delayed action commit error");
|
||||
}
|
||||
}
|
||||
Err(err) => {
|
||||
error!(?err, "unable to process delayed actions");
|
||||
}
|
||||
}
|
||||
}
|
||||
.instrument(span)
|
||||
|
|
@ -163,7 +181,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<String, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let pw = idms_prox_write.recover_account(name.as_str(), None)?;
|
||||
|
||||
idms_prox_write.commit().map(|()| pw)
|
||||
|
|
@ -176,7 +194,7 @@ impl QueryServerWriteV1 {
|
|||
)]
|
||||
pub(crate) async fn handle_domain_raise(&self, eventid: Uuid) -> Result<u32, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
idms_prox_write.qs_write.domain_raise(DOMAIN_MAX_LEVEL)?;
|
||||
|
||||
|
|
@ -195,7 +213,7 @@ impl QueryServerWriteV1 {
|
|||
) -> Result<(), OperationError> {
|
||||
let level = level.unwrap_or(DOMAIN_MIN_REMIGRATION_LEVEL);
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
idms_prox_write.qs_write.domain_remigrate(level)?;
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ impl QueryServerReadV1 {
|
|||
) -> Result<SearchResponse, OperationError> {
|
||||
// Begin a read
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -113,7 +113,7 @@ impl QueryServerReadV1 {
|
|||
// the credentials provided is sufficient to say if someone is
|
||||
// "authenticated" or not.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_auth = self.idms.auth().await;
|
||||
let mut idm_auth = self.idms.auth().await?;
|
||||
security_info!(?sessionid, ?req, "Begin auth event");
|
||||
|
||||
// Destructure it.
|
||||
|
|
@ -154,7 +154,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<AuthResult, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_auth = self.idms.auth().await;
|
||||
let mut idm_auth = self.idms.auth().await?;
|
||||
security_info!("Begin reauth event");
|
||||
|
||||
let ident = idm_auth
|
||||
|
|
@ -211,7 +211,7 @@ impl QueryServerReadV1 {
|
|||
|
||||
// Scope to limit the read txn.
|
||||
{
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
idms_prox_read
|
||||
.qs_read
|
||||
.get_be_txn()
|
||||
|
|
@ -322,7 +322,7 @@ impl QueryServerReadV1 {
|
|||
) -> Result<WhoamiResponse, OperationError> {
|
||||
// Begin a read
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
// Make an event from the whoami request. This will process the event and
|
||||
// generate a selfuuid search.
|
||||
//
|
||||
|
|
@ -367,7 +367,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<UserAuthToken, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
// Make an event from the whoami request. This will process the event and
|
||||
// generate a selfuuid search.
|
||||
//
|
||||
|
|
@ -390,7 +390,7 @@ impl QueryServerReadV1 {
|
|||
client_auth_info: ClientAuthInfo,
|
||||
rs: Filter<FilterInvalid>,
|
||||
) -> Result<ImageValue, OperationError> {
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ct = duration_from_epoch_now();
|
||||
|
||||
let ident = idms_prox_read
|
||||
|
|
@ -435,7 +435,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<ProtoEntry>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -479,7 +479,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<ProtoEntry>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -537,7 +537,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<ProtoEntry>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -580,7 +580,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Option<String>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -640,7 +640,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<RadiusAuthToken, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -687,7 +687,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<UnixUserToken, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -740,7 +740,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<UnixGroupToken, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -786,7 +786,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<String>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -849,7 +849,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Option<String>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -913,7 +913,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<ApiToken>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -945,7 +945,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<UatStatus>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -979,7 +979,7 @@ impl QueryServerReadV1 {
|
|||
) -> Result<IdentifyUserResponse, OperationError> {
|
||||
trace!("{:?}", &user_request);
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1019,7 +1019,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Option<UnixUserToken>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_auth = self.idms.auth().await;
|
||||
let mut idm_auth = self.idms.auth().await?;
|
||||
// resolve the id
|
||||
let ident = idm_auth
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1068,7 +1068,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<CredentialStatus, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1114,7 +1114,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<BackupCodesView, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1167,7 +1167,7 @@ impl QueryServerReadV1 {
|
|||
|
||||
// Don't proceed unless the token parses
|
||||
let ct = duration_from_epoch_now();
|
||||
let idms_cred_update = self.idms.cred_update_transaction().await;
|
||||
let idms_cred_update = self.idms.cred_update_transaction().await?;
|
||||
|
||||
idms_cred_update
|
||||
.credential_update_status(&session_token, ct)
|
||||
|
|
@ -1200,7 +1200,7 @@ impl QueryServerReadV1 {
|
|||
})?;
|
||||
|
||||
let ct = duration_from_epoch_now();
|
||||
let idms_cred_update = self.idms.cred_update_transaction().await;
|
||||
let idms_cred_update = self.idms.cred_update_transaction().await?;
|
||||
|
||||
debug!(?scr);
|
||||
|
||||
|
|
@ -1356,7 +1356,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Option<String>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1409,7 +1409,11 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<AuthoriseResponse, Oauth2Error> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self
|
||||
.idms
|
||||
.proxy_read()
|
||||
.await
|
||||
.map_err(Oauth2Error::ServerError)?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1433,7 +1437,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Url, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1456,7 +1460,11 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<AccessTokenIntrospectResponse, Oauth2Error> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self
|
||||
.idms
|
||||
.proxy_read()
|
||||
.await
|
||||
.map_err(Oauth2Error::ServerError)?;
|
||||
// Now we can send to the idm server for introspection checking.
|
||||
idms_prox_read.check_oauth2_token_introspect(&client_auth_info, &intr_req, ct)
|
||||
}
|
||||
|
|
@ -1473,7 +1481,11 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<OidcToken, Oauth2Error> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self
|
||||
.idms
|
||||
.proxy_read()
|
||||
.await
|
||||
.map_err(Oauth2Error::ServerError)?;
|
||||
idms_prox_read.oauth2_openid_userinfo(&client_id, token, ct)
|
||||
}
|
||||
|
||||
|
|
@ -1487,7 +1499,7 @@ impl QueryServerReadV1 {
|
|||
client_id: String,
|
||||
eventid: Uuid,
|
||||
) -> Result<OidcDiscoveryResponse, OperationError> {
|
||||
let idms_prox_read = self.idms.proxy_read().await;
|
||||
let idms_prox_read = self.idms.proxy_read().await?;
|
||||
idms_prox_read.oauth2_openid_discovery(&client_id)
|
||||
}
|
||||
|
||||
|
|
@ -1501,7 +1513,7 @@ impl QueryServerReadV1 {
|
|||
client_id: String,
|
||||
eventid: Uuid,
|
||||
) -> Result<Oauth2Rfc8414MetadataResponse, OperationError> {
|
||||
let idms_prox_read = self.idms.proxy_read().await;
|
||||
let idms_prox_read = self.idms.proxy_read().await?;
|
||||
idms_prox_read.oauth2_rfc8414_metadata(&client_id)
|
||||
}
|
||||
|
||||
|
|
@ -1515,7 +1527,7 @@ impl QueryServerReadV1 {
|
|||
client_id: String,
|
||||
eventid: Uuid,
|
||||
) -> Result<JwkKeySet, OperationError> {
|
||||
let idms_prox_read = self.idms.proxy_read().await;
|
||||
let idms_prox_read = self.idms.proxy_read().await?;
|
||||
idms_prox_read.oauth2_openid_publickey(&client_id)
|
||||
}
|
||||
|
||||
|
|
@ -1530,7 +1542,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<Vec<AppLink>, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
let ident = idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1547,9 +1559,9 @@ impl QueryServerReadV1 {
|
|||
skip_all,
|
||||
fields(uuid = ?eventid)
|
||||
)]
|
||||
pub async fn get_domain_display_name(&self, eventid: Uuid) -> String {
|
||||
let idms_prox_read = self.idms.proxy_read().await;
|
||||
idms_prox_read.qs_read.get_domain_display_name().to_string()
|
||||
pub async fn get_domain_display_name(&self, eventid: Uuid) -> Result<String, OperationError> {
|
||||
let idms_prox_read = self.idms.proxy_read().await?;
|
||||
Ok(idms_prox_read.qs_read.get_domain_display_name().to_string())
|
||||
}
|
||||
|
||||
#[instrument(
|
||||
|
|
@ -1563,7 +1575,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1585,7 +1597,7 @@ impl QueryServerReadV1 {
|
|||
key_id: String,
|
||||
eventid: Uuid,
|
||||
) -> Result<Jwk, OperationError> {
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
idms_prox_read.jws_public_jwk(key_id.as_str())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<String, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -63,7 +63,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -96,7 +96,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -131,7 +131,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -166,7 +166,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident =
|
||||
idms_prox_write.validate_sync_client_auth_info_to_ident(client_auth_info, ct)?;
|
||||
|
|
@ -191,7 +191,7 @@ impl QueryServerReadV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<ScimSyncState, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = self.idms.proxy_read().await;
|
||||
let mut idms_prox_read = self.idms.proxy_read().await?;
|
||||
|
||||
let ident = idms_prox_read.validate_sync_client_auth_info_to_ident(client_auth_info, ct)?;
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ impl QueryServerWriteV1 {
|
|||
filter: Filter<FilterInvalid>,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -93,7 +93,7 @@ impl QueryServerWriteV1 {
|
|||
filter: Filter<FilterInvalid>,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -147,7 +147,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -184,7 +184,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -220,7 +220,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -257,7 +257,7 @@ impl QueryServerWriteV1 {
|
|||
) -> Result<(), OperationError> {
|
||||
// Given a protoEntry, turn this into a modification set.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -299,7 +299,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -334,7 +334,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -369,7 +369,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<String, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -417,7 +417,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<String, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -460,7 +460,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -500,7 +500,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -538,7 +538,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
// We specifically need a uat here to assess the auth type!
|
||||
let validate_result =
|
||||
|
|
@ -590,7 +590,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(CUSessionToken, CUStatus), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -639,7 +639,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<CUIntentToken, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -684,7 +684,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(CUSessionToken, CUStatus), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let intent_token = CredentialUpdateIntentToken {
|
||||
intent_id: intent_token.token,
|
||||
};
|
||||
|
|
@ -727,7 +727,7 @@ impl QueryServerWriteV1 {
|
|||
})?;
|
||||
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
idms_prox_write
|
||||
.commit_credential_update(&session_token, ct)
|
||||
|
|
@ -759,7 +759,7 @@ impl QueryServerWriteV1 {
|
|||
})?;
|
||||
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
idms_prox_write
|
||||
.cancel_credential_update(&session_token, ct)
|
||||
|
|
@ -785,7 +785,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -817,7 +817,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<String, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -865,7 +865,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -918,7 +918,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1147,7 +1147,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
.map_err(|e| {
|
||||
|
|
@ -1187,7 +1187,7 @@ impl QueryServerWriteV1 {
|
|||
client_auth_info: ClientAuthInfo,
|
||||
rs: Filter<FilterInvalid>,
|
||||
) -> Result<(), OperationError> {
|
||||
let mut idms_prox_write = self.idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(duration_from_epoch_now()).await?;
|
||||
let ct = duration_from_epoch_now();
|
||||
|
||||
let ident = idms_prox_write
|
||||
|
|
@ -1218,7 +1218,7 @@ impl QueryServerWriteV1 {
|
|||
rs: Filter<FilterInvalid>,
|
||||
image: ImageValue,
|
||||
) -> Result<(), OperationError> {
|
||||
let mut idms_prox_write = self.idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(duration_from_epoch_now()).await?;
|
||||
let ct = duration_from_epoch_now();
|
||||
|
||||
let ident = idms_prox_write
|
||||
|
|
@ -1263,7 +1263,7 @@ impl QueryServerWriteV1 {
|
|||
// Because this is from internal, we can generate a real modlist, rather
|
||||
// than relying on the proto ones.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1321,7 +1321,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1379,7 +1379,7 @@ impl QueryServerWriteV1 {
|
|||
// Because this is from internal, we can generate a real modlist, rather
|
||||
// than relying on the proto ones.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1441,7 +1441,7 @@ impl QueryServerWriteV1 {
|
|||
// Because this is from internal, we can generate a real modlist, rather
|
||||
// than relying on the proto ones.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1496,7 +1496,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1555,7 +1555,7 @@ impl QueryServerWriteV1 {
|
|||
// Because this is from internal, we can generate a real modlist, rather
|
||||
// than relying on the proto ones.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1613,7 +1613,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1668,7 +1668,7 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<AuthorisePermitSuccess, OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await?;
|
||||
|
||||
let ident = idms_prox_write
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -1694,7 +1694,11 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<AccessTokenResponse, Oauth2Error> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self
|
||||
.idms
|
||||
.proxy_write(ct)
|
||||
.await
|
||||
.map_err(Oauth2Error::ServerError)?;
|
||||
// Now we can send to the idm server for authorisation checking.
|
||||
let resp = idms_prox_write.check_oauth2_token_exchange(&client_auth_info, &token_req, ct);
|
||||
|
||||
|
|
@ -1720,7 +1724,11 @@ impl QueryServerWriteV1 {
|
|||
eventid: Uuid,
|
||||
) -> Result<(), Oauth2Error> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = self.idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = self
|
||||
.idms
|
||||
.proxy_write(ct)
|
||||
.await
|
||||
.map_err(Oauth2Error::ServerError)?;
|
||||
idms_prox_write
|
||||
.oauth2_token_revoke(&client_auth_info, &intr_req, ct)
|
||||
.and_then(|()| idms_prox_write.commit().map_err(Oauth2Error::ServerError))
|
||||
|
|
|
|||
|
|
@ -154,7 +154,11 @@ pub(crate) async fn manifest(
|
|||
State(state): State<ServerState>,
|
||||
Extension(kopid): Extension<KOpId>,
|
||||
) -> impl IntoResponse {
|
||||
let domain_display_name = state.qe_r_ref.get_domain_display_name(kopid.eventid).await;
|
||||
let domain_display_name = state
|
||||
.qe_r_ref
|
||||
.get_domain_display_name(kopid.eventid)
|
||||
.await
|
||||
.unwrap_or_default();
|
||||
// TODO: fix the None here to make it the request host
|
||||
let manifest_string =
|
||||
match serde_json::to_string_pretty(&manifest_data(None, domain_display_name)) {
|
||||
|
|
|
|||
|
|
@ -64,7 +64,11 @@ pub(crate) async fn ui_handler_generic(
|
|||
kopid: KOpId,
|
||||
wasmloader: &str,
|
||||
) -> Response<String> {
|
||||
let domain_display_name = state.qe_r_ref.get_domain_display_name(kopid.eventid).await;
|
||||
let domain_display_name = state
|
||||
.qe_r_ref
|
||||
.get_domain_display_name(kopid.eventid)
|
||||
.await
|
||||
.unwrap_or_default();
|
||||
|
||||
// let's get the tags we want to load the javascript files
|
||||
let mut jsfiles: Vec<String> = state
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ impl IntoResponse for HtmxError {
|
|||
HtmlTemplate(UnrecoverableErrorView {
|
||||
err_code: inner,
|
||||
operation_id: kopid,
|
||||
})
|
||||
}),
|
||||
)
|
||||
.into_response(),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ use crate::https::{
|
|||
mod apps;
|
||||
mod errors;
|
||||
mod login;
|
||||
mod reset;
|
||||
mod oauth2;
|
||||
mod reset;
|
||||
|
||||
#[derive(Template)]
|
||||
#[template(path = "unrecoverable_error.html")]
|
||||
|
|
@ -38,7 +38,6 @@ pub fn view_router() -> Router<ServerState> {
|
|||
.route("/oauth2", get(oauth2::view_index_get))
|
||||
.route("/oauth2/resume", get(oauth2::view_resume_get))
|
||||
.route("/oauth2/consent", post(oauth2::view_consent_post))
|
||||
|
||||
// The login routes are htmx-free to make them simpler, which means
|
||||
// they need manual guarding for direct get requests which can occur
|
||||
// if a user attempts to reload the page.
|
||||
|
|
|
|||
|
|
@ -5,7 +5,10 @@ use axum::response::{ErrorResponse, IntoResponse, Redirect, Response};
|
|||
use axum::{Extension, Form};
|
||||
use axum_extra::extract::cookie::{Cookie, SameSite};
|
||||
use axum_extra::extract::CookieJar;
|
||||
use axum_htmx::{HxEvent, HxLocation, HxPushUrl, HxRequest, HxReselect, HxResponseTrigger, HxReswap, HxRetarget, SwapOption};
|
||||
use axum_htmx::{
|
||||
HxEvent, HxLocation, HxPushUrl, HxRequest, HxReselect, HxResponseTrigger, HxReswap, HxRetarget,
|
||||
SwapOption,
|
||||
};
|
||||
use futures_util::TryFutureExt;
|
||||
use qrcode::render::svg;
|
||||
use qrcode::QrCode;
|
||||
|
|
@ -574,7 +577,11 @@ pub(crate) async fn view_reset_get(
|
|||
Query(params): Query<ResetTokenParam>,
|
||||
mut jar: CookieJar,
|
||||
) -> axum::response::Result<Response> {
|
||||
let domain_display_name = state.qe_r_ref.get_domain_display_name(kopid.eventid).await;
|
||||
let domain_display_name = state
|
||||
.qe_r_ref
|
||||
.get_domain_display_name(kopid.eventid)
|
||||
.await
|
||||
.unwrap_or_default();
|
||||
let push_url = HxPushUrl(Uri::from_static("/ui/reset"));
|
||||
let cookie = jar.get(COOKIE_CU_SESSION_TOKEN);
|
||||
if let Some(cookie) = cookie {
|
||||
|
|
|
|||
|
|
@ -420,7 +420,10 @@ pub async fn restore_server_core(config: &Configuration, dst_path: &str) {
|
|||
|
||||
info!("Start reindex phase ...");
|
||||
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let Ok(mut qs_write) = qs.write(duration_from_epoch_now()).await else {
|
||||
error!("Unable to acquire write transaction");
|
||||
return;
|
||||
};
|
||||
let r = qs_write.reindex().and_then(|_| qs_write.commit());
|
||||
|
||||
match r {
|
||||
|
|
@ -486,7 +489,10 @@ pub async fn reindex_server_core(config: &Configuration) {
|
|||
|
||||
eprintln!("Start Index Phase 2 ...");
|
||||
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let Ok(mut qs_write) = qs.write(duration_from_epoch_now()).await else {
|
||||
error!("Unable to acquire write transaction");
|
||||
return;
|
||||
};
|
||||
let r = qs_write.reindex().and_then(|_| qs_write.commit());
|
||||
|
||||
match r {
|
||||
|
|
@ -550,7 +556,7 @@ pub async fn domain_rename_core(config: &Configuration) {
|
|||
let new_domain_name = config.domain.as_str();
|
||||
|
||||
// make sure we're actually changing the domain name...
|
||||
match qs.read().await.get_db_domain_name() {
|
||||
match qs.read().await.and_then(|mut qs| qs.get_db_domain_name()) {
|
||||
Ok(old_domain_name) => {
|
||||
admin_info!(?old_domain_name, ?new_domain_name);
|
||||
if old_domain_name == new_domain_name {
|
||||
|
|
@ -569,7 +575,10 @@ pub async fn domain_rename_core(config: &Configuration) {
|
|||
}
|
||||
}
|
||||
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let Ok(mut qs_write) = qs.write(duration_from_epoch_now()).await else {
|
||||
error!("Unable to acquire write transaction");
|
||||
return;
|
||||
};
|
||||
let r = qs_write
|
||||
.danger_domain_rename(new_domain_name)
|
||||
.and_then(|_| qs_write.commit());
|
||||
|
|
@ -864,7 +873,10 @@ pub async fn create_server_core(
|
|||
// Any pre-start tasks here.
|
||||
match &config.integration_test_config {
|
||||
Some(itc) => {
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let Ok(mut idms_prox_write) = idms.proxy_write(duration_from_epoch_now()).await else {
|
||||
error!("Unable to acquire write transaction");
|
||||
return Err(());
|
||||
};
|
||||
// We need to set the admin pw.
|
||||
match idms_prox_write.recover_account(&itc.admin_user, Some(&itc.admin_password)) {
|
||||
Ok(_) => {}
|
||||
|
|
|
|||
|
|
@ -213,11 +213,14 @@ async fn repl_run_consumer_refresh(
|
|||
{
|
||||
// Scope the transaction.
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut write_txn = idms.proxy_write(ct).await;
|
||||
write_txn
|
||||
.qs_write
|
||||
.consumer_apply_refresh(&refresh)
|
||||
.and_then(|cs| write_txn.commit().map(|()| cs))
|
||||
idms.proxy_write(ct)
|
||||
.await
|
||||
.and_then(|mut write_txn| {
|
||||
write_txn
|
||||
.qs_write
|
||||
.consumer_apply_refresh(&refresh)
|
||||
.and_then(|cs| write_txn.commit().map(|()| cs))
|
||||
})
|
||||
.map_err(|err| error!(?err, "Consumer was not able to apply refresh."))?;
|
||||
}
|
||||
|
||||
|
|
@ -248,8 +251,11 @@ async fn repl_run_consumer(
|
|||
|
||||
// Perform incremental.
|
||||
let consumer_ruv_range = {
|
||||
let mut read_txn = idms.proxy_read().await;
|
||||
match read_txn.qs_read.consumer_get_state() {
|
||||
let consumer_state = idms
|
||||
.proxy_read()
|
||||
.await
|
||||
.and_then(|mut read_txn| read_txn.qs_read.consumer_get_state());
|
||||
match consumer_state {
|
||||
Ok(ruv_range) => ruv_range,
|
||||
Err(err) => {
|
||||
error!(
|
||||
|
|
@ -292,12 +298,12 @@ async fn repl_run_consumer(
|
|||
// Now apply the changes if possible
|
||||
let consumer_state = {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut write_txn = idms.proxy_write(ct).await;
|
||||
match write_txn
|
||||
.qs_write
|
||||
.consumer_apply_changes(&changes)
|
||||
.and_then(|cs| write_txn.commit().map(|()| cs))
|
||||
{
|
||||
match idms.proxy_write(ct).await.and_then(|mut write_txn| {
|
||||
write_txn
|
||||
.qs_write
|
||||
.consumer_apply_changes(&changes)
|
||||
.and_then(|cs| write_txn.commit().map(|()| cs))
|
||||
}) {
|
||||
Ok(state) => state,
|
||||
Err(err) => {
|
||||
error!(?err, "consumer was not able to apply changes.");
|
||||
|
|
@ -349,12 +355,12 @@ async fn repl_run_consumer(
|
|||
|
||||
// Now apply the refresh if possible
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut write_txn = idms.proxy_write(ct).await;
|
||||
if let Err(err) = write_txn
|
||||
.qs_write
|
||||
.consumer_apply_refresh(&refresh)
|
||||
.and_then(|cs| write_txn.commit().map(|()| cs))
|
||||
{
|
||||
if let Err(err) = idms.proxy_write(ct).await.and_then(|mut write_txn| {
|
||||
write_txn
|
||||
.qs_write
|
||||
.consumer_apply_refresh(&refresh)
|
||||
.and_then(|cs| write_txn.commit().map(|()| cs))
|
||||
}) {
|
||||
error!(?err, "consumer was not able to apply refresh.");
|
||||
return None;
|
||||
}
|
||||
|
|
@ -549,12 +555,11 @@ async fn handle_repl_conn(
|
|||
}
|
||||
}
|
||||
Ok(ConsumerRequest::Incremental(consumer_ruv_range)) => {
|
||||
let mut read_txn = idms.proxy_read().await;
|
||||
|
||||
let changes = match read_txn
|
||||
.qs_read
|
||||
.supplier_provide_changes(consumer_ruv_range)
|
||||
{
|
||||
let changes = match idms.proxy_read().await.and_then(|mut read_txn| {
|
||||
read_txn
|
||||
.qs_read
|
||||
.supplier_provide_changes(consumer_ruv_range)
|
||||
}) {
|
||||
Ok(changes) => changes,
|
||||
Err(err) => {
|
||||
error!(?err, "supplier provide changes failed.");
|
||||
|
|
@ -568,9 +573,11 @@ async fn handle_repl_conn(
|
|||
}
|
||||
}
|
||||
Ok(ConsumerRequest::Refresh) => {
|
||||
let mut read_txn = idms.proxy_read().await;
|
||||
|
||||
let changes = match read_txn.qs_read.supplier_provide_refresh() {
|
||||
let changes = match idms
|
||||
.proxy_read()
|
||||
.await
|
||||
.and_then(|mut read_txn| read_txn.qs_read.supplier_provide_refresh())
|
||||
{
|
||||
Ok(changes) => changes,
|
||||
Err(err) => {
|
||||
error!(?err, "supplier provide refresh failed.");
|
||||
|
|
@ -659,11 +666,12 @@ async fn repl_acceptor(
|
|||
// Get the private key / cert.
|
||||
let res = {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
idms_prox_write
|
||||
.qs_write
|
||||
.supplier_get_key_cert(&domain_name)
|
||||
.and_then(|res| idms_prox_write.commit().map(|()| res))
|
||||
idms.proxy_write(ct).await.and_then(|mut idms_prox_write| {
|
||||
idms_prox_write
|
||||
.qs_write
|
||||
.supplier_get_key_cert(&domain_name)
|
||||
.and_then(|res| idms_prox_write.commit().map(|()| res))
|
||||
})
|
||||
};
|
||||
|
||||
let (server_key, server_cert) = match res {
|
||||
|
|
@ -808,11 +816,13 @@ async fn repl_acceptor(
|
|||
// Renew the cert.
|
||||
let res = {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
idms.proxy_write(ct).await
|
||||
.and_then(|mut idms_prox_write|
|
||||
idms_prox_write
|
||||
.qs_write
|
||||
.supplier_renew_key_cert(&domain_name)
|
||||
.and_then(|res| idms_prox_write.commit().map(|()| res))
|
||||
)
|
||||
};
|
||||
|
||||
let success = res.is_ok();
|
||||
|
|
|
|||
|
|
@ -348,7 +348,7 @@ pub(crate) fn idm_test(args: &TokenStream, item: TokenStream) -> TokenStream {
|
|||
// Any needed teardown?
|
||||
// assert!(test_server.clear_cache().await.is_ok());
|
||||
// Make sure there are no errors.
|
||||
let mut idm_read_txn = test_server.proxy_read().await;
|
||||
let mut idm_read_txn = test_server.proxy_read().await.unwrap();
|
||||
let verifications = idm_read_txn.qs_read.verify();
|
||||
trace!("Verification result: {:?}", verifications);
|
||||
assert!(verifications.len() == 0);
|
||||
|
|
|
|||
|
|
@ -101,6 +101,11 @@ pub const PURGE_FREQUENCY: u64 = 600;
|
|||
/// some latency while dequeuing and writing those operations.
|
||||
pub const DELAYED_ACTION_BATCH_SIZE: usize = 256;
|
||||
|
||||
/// The amount of time to wait to acquire a database ticket before timing out.
|
||||
/// Higher values allow greater operation queuing but can cause feedback
|
||||
/// loops where operations will stall for long periods.
|
||||
pub const DB_LOCK_ACQUIRE_TIMEOUT_MILLIS: u64 = 5000;
|
||||
|
||||
#[cfg(test)]
|
||||
/// In test, we limit the changelog to 10 minutes.
|
||||
pub const CHANGELOG_MAX_AGE: u64 = 600;
|
||||
|
|
|
|||
|
|
@ -2037,7 +2037,7 @@ mod tests {
|
|||
let time_p2 = time_p1 + Duration::from_secs(CHANGELOG_MAX_AGE * 2);
|
||||
let time_p3 = time_p2 + Duration::from_secs(CHANGELOG_MAX_AGE * 2);
|
||||
|
||||
let mut server_txn = server.write(time_p1).await;
|
||||
let mut server_txn = server.write(time_p1).await.expect("txn");
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -2093,11 +2093,11 @@ mod tests {
|
|||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
// Now, establish enough time for the recycled items to be purged.
|
||||
let mut server_txn = server.write(time_p2).await;
|
||||
let mut server_txn = server.write(time_p2).await.expect("txn");
|
||||
assert!(server_txn.purge_recycled().is_ok());
|
||||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
let mut server_txn = server.write(time_p3).await;
|
||||
let mut server_txn = server.write(time_p3).await.expect("txn");
|
||||
assert!(server_txn.purge_tombstones().is_ok());
|
||||
|
||||
// ===== ✅ now ready to test!
|
||||
|
|
@ -2134,7 +2134,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_filter_depth_limits(server: &QueryServer) {
|
||||
let mut r_txn = server.read().await;
|
||||
let mut r_txn = server.read().await.unwrap();
|
||||
|
||||
let mut inv_proto = ProtoFilter::Pres(Attribute::Class.to_string());
|
||||
for _i in 0..(DEFAULT_LIMIT_FILTER_DEPTH_MAX + 1) {
|
||||
|
|
@ -2160,7 +2160,7 @@ mod tests {
|
|||
std::mem::drop(r_txn);
|
||||
|
||||
// proto + write
|
||||
let mut wr_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut wr_txn = server.write(duration_from_epoch_now()).await.expect("txn");
|
||||
let res = Filter::from_rw(&ev, &inv_proto, &mut wr_txn);
|
||||
assert!(res == Err(OperationError::ResourceLimit));
|
||||
}
|
||||
|
|
@ -2168,7 +2168,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_filter_max_element_limits(server: &QueryServer) {
|
||||
const LIMIT: usize = 4;
|
||||
let mut r_txn = server.read().await;
|
||||
let mut r_txn = server.read().await.unwrap();
|
||||
|
||||
let inv_proto = ProtoFilter::And(
|
||||
(0..(LIMIT * 2))
|
||||
|
|
@ -2197,7 +2197,7 @@ mod tests {
|
|||
std::mem::drop(r_txn);
|
||||
|
||||
// proto + write
|
||||
let mut wr_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut wr_txn = server.write(duration_from_epoch_now()).await.expect("txn");
|
||||
let res = Filter::from_rw(&ev, &inv_proto, &mut wr_txn);
|
||||
assert!(res == Err(OperationError::ResourceLimit));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -978,7 +978,7 @@ mod tests {
|
|||
#[idm_test]
|
||||
async fn test_idm_account_ui_hints(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let target_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
|
|||
|
|
@ -77,7 +77,7 @@ mod tests {
|
|||
#[idm_test]
|
||||
async fn test_idm_applinks_list(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// Create an RS, the user and a group..
|
||||
let usr_uuid = Uuid::new_v4();
|
||||
|
|
@ -140,7 +140,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now do an applink query, they will not be there.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
|
|
@ -156,7 +156,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Add them to the group.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let me_inv_m = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Refer(grp_uuid))),
|
||||
ModifyList::new_append(Attribute::Member, Value::Refer(usr_uuid)),
|
||||
|
|
@ -164,7 +164,7 @@ mod tests {
|
|||
assert!(idms_prox_write.qs_write.modify(&me_inv_m).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
|
|
|
|||
|
|
@ -2361,7 +2361,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let testaccount_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
@ -2478,7 +2478,7 @@ mod tests {
|
|||
idms: &IdmServer,
|
||||
ct: Duration,
|
||||
) -> (CredentialUpdateSessionToken, CredentialUpdateSessionStatus) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// Remove the default all persons policy, it interfers with our test.
|
||||
let modlist = ModifyList::new_purge(Attribute::CredentialTypeMinimum);
|
||||
|
|
@ -2527,7 +2527,7 @@ mod tests {
|
|||
idms: &IdmServer,
|
||||
ct: Duration,
|
||||
) -> (CredentialUpdateSessionToken, CredentialUpdateSessionStatus) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let testperson = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -2547,7 +2547,7 @@ mod tests {
|
|||
}
|
||||
|
||||
async fn commit_session(idms: &IdmServer, ct: Duration, cust: CredentialUpdateSessionToken) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
idms_prox_write
|
||||
.commit_credential_update(&cust, ct)
|
||||
|
|
@ -2562,7 +2562,7 @@ mod tests {
|
|||
pw: &str,
|
||||
ct: Duration,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -2616,7 +2616,7 @@ mod tests {
|
|||
token: &Totp,
|
||||
ct: Duration,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -2682,7 +2682,7 @@ mod tests {
|
|||
code: &str,
|
||||
ct: Duration,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -2750,7 +2750,7 @@ mod tests {
|
|||
origin: Url,
|
||||
ct: Duration,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -2826,7 +2826,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
// The session exists
|
||||
let c_status = cutxn.credential_update_status(&cust, ct);
|
||||
assert!(c_status.is_ok());
|
||||
|
|
@ -2836,7 +2836,7 @@ mod tests {
|
|||
let (_cust, _) =
|
||||
renew_test_session(idms, ct + MAXIMUM_CRED_UPDATE_TTL + Duration::from_secs(1)).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Now fake going back in time .... allows the tokne to decrypt, but the session
|
||||
// is gone anyway!
|
||||
|
|
@ -2856,7 +2856,7 @@ mod tests {
|
|||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Get the credential status - this should tell
|
||||
// us the details of the credentials, as well as
|
||||
|
|
@ -2887,7 +2887,7 @@ mod tests {
|
|||
|
||||
// Test deleting the pw
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
let c_status = cutxn
|
||||
.credential_update_status(&cust, ct)
|
||||
|
|
@ -2920,7 +2920,7 @@ mod tests {
|
|||
|
||||
// Get the radius pw
|
||||
|
||||
let mut r_txn = idms.proxy_read().await;
|
||||
let mut r_txn = idms.proxy_read().await.unwrap();
|
||||
|
||||
let radius_secret = r_txn
|
||||
.qs_read
|
||||
|
|
@ -2932,7 +2932,7 @@ mod tests {
|
|||
|
||||
drop(r_txn);
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Get the credential status - this should tell
|
||||
// us the details of the credentials, as well as
|
||||
|
|
@ -3030,7 +3030,7 @@ mod tests {
|
|||
// Set the account policy min pw length
|
||||
let test_pw_min_length = PW_MIN_LENGTH * 2;
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::AuthPasswordMinimumLength,
|
||||
|
|
@ -3046,7 +3046,7 @@ mod tests {
|
|||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Get the credential status - this should tell
|
||||
// us the details of the credentials, as well as
|
||||
|
|
@ -3112,7 +3112,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Setup the PW
|
||||
let c_status = cutxn
|
||||
|
|
@ -3175,7 +3175,7 @@ mod tests {
|
|||
|
||||
// If we remove TOTP, show it reverts back.
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
let c_status = cutxn
|
||||
.credential_primary_remove_totp(&cust, ct, "totp")
|
||||
|
|
@ -3206,7 +3206,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Setup the PW
|
||||
let c_status = cutxn
|
||||
|
|
@ -3280,7 +3280,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Setup the PW
|
||||
let _c_status = cutxn
|
||||
|
|
@ -3356,7 +3356,7 @@ mod tests {
|
|||
|
||||
// Renew to start the next steps
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Only 7 codes left.
|
||||
let c_status = cutxn
|
||||
|
|
@ -3417,7 +3417,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Setup the PW
|
||||
let c_status = cutxn
|
||||
|
|
@ -3513,7 +3513,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
// Create a soft passkey
|
||||
|
|
@ -3537,7 +3537,7 @@ mod tests {
|
|||
|
||||
// Now test removing the token
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
trace!(?c_status);
|
||||
assert!(c_status.primary.is_none());
|
||||
|
|
@ -3572,7 +3572,7 @@ mod tests {
|
|||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let sync_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
@ -3645,7 +3645,7 @@ mod tests {
|
|||
CredentialState::AccessDeny
|
||||
));
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// let origin = cutxn.get_origin().clone();
|
||||
|
||||
|
|
@ -3728,7 +3728,7 @@ mod tests {
|
|||
let test_pw = "fo3EitierohF9AelaNgiem0Ei6vup4equo1Oogeevaetehah8Tobeengae3Ci0ooh0uki";
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::CredentialTypeMinimum,
|
||||
|
|
@ -3744,7 +3744,7 @@ mod tests {
|
|||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Get the credential status - this should tell
|
||||
// us the details of the credentials, as well as
|
||||
|
|
@ -3805,7 +3805,7 @@ mod tests {
|
|||
|
||||
// If we remove TOTP, it blocks commit.
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
let c_status = cutxn
|
||||
.credential_primary_remove_totp(&cust, ct, "totp")
|
||||
|
|
@ -3850,7 +3850,7 @@ mod tests {
|
|||
let test_pw = "fo3EitierohF9AelaNgiem0Ei6vup4equo1Oogeevaetehah8Tobeengae3Ci0ooh0uki";
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::CredentialTypeMinimum,
|
||||
|
|
@ -3866,7 +3866,7 @@ mod tests {
|
|||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Get the credential status - this should tell
|
||||
// us the details of the credentials, as well as
|
||||
|
|
@ -3925,7 +3925,7 @@ mod tests {
|
|||
.unwrap();
|
||||
let att_ca_list = att_ca_builder.build();
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::WebauthnAttestationCaList,
|
||||
|
|
@ -3947,7 +3947,7 @@ mod tests {
|
|||
// Setup the cred update session.
|
||||
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
// Our status needs the correct device names for UI hinting.
|
||||
|
|
@ -4069,7 +4069,7 @@ mod tests {
|
|||
|
||||
// Remove attested passkey works.
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
trace!(?c_status);
|
||||
assert!(c_status.primary.is_none());
|
||||
|
|
@ -4123,7 +4123,7 @@ mod tests {
|
|||
|
||||
trace!(?att_ca_list);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::WebauthnAttestationCaList,
|
||||
|
|
@ -4150,7 +4150,7 @@ mod tests {
|
|||
|
||||
// Enroll the attested keys
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
// -------------------------------------------------------
|
||||
|
|
@ -4191,7 +4191,7 @@ mod tests {
|
|||
);
|
||||
|
||||
// Change policy
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::WebauthnAttestationCaList,
|
||||
|
|
@ -4220,7 +4220,7 @@ mod tests {
|
|||
|
||||
// Update creds
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
// Invalid key removed
|
||||
let c_status = cutxn
|
||||
|
|
@ -4266,7 +4266,7 @@ mod tests {
|
|||
|
||||
trace!(?att_ca_list);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
Attribute::WebauthnAttestationCaList,
|
||||
|
|
@ -4281,7 +4281,7 @@ mod tests {
|
|||
|
||||
// Enroll the attested keys
|
||||
let (cust, _) = setup_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
// -------------------------------------------------------
|
||||
|
|
@ -4322,7 +4322,7 @@ mod tests {
|
|||
);
|
||||
|
||||
// Change policy
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_purge(Attribute::WebauthnAttestationCaList);
|
||||
idms_prox_write
|
||||
|
|
@ -4341,7 +4341,7 @@ mod tests {
|
|||
|
||||
// Show it still exists, but can only be deleted now.
|
||||
let (cust, _) = renew_test_session(idms, ct).await;
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
let c_status = cutxn
|
||||
.credential_update_status(&cust, ct)
|
||||
|
|
|
|||
|
|
@ -323,7 +323,7 @@ mod test {
|
|||
_idms_delayed: &IdmServerDelayed,
|
||||
) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let self_uuid = Uuid::new_v4();
|
||||
let valid_user_uuid = Uuid::new_v4();
|
||||
|
|
@ -336,7 +336,7 @@ mod test {
|
|||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
|
|
@ -383,7 +383,7 @@ mod test {
|
|||
#[idm_test]
|
||||
async fn test_invalid_user_id(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let invalid_user_uuid = Uuid::new_v4();
|
||||
let valid_user_a_uuid = Uuid::new_v4();
|
||||
|
|
@ -400,7 +400,7 @@ mod test {
|
|||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
|
|
@ -437,7 +437,7 @@ mod test {
|
|||
#[idm_test]
|
||||
async fn test_start_event(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let valid_user_a_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
@ -446,7 +446,7 @@ mod test {
|
|||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident = idms_prox_read
|
||||
.qs_read
|
||||
|
|
@ -470,7 +470,7 @@ mod test {
|
|||
// enforce some flow checks, but this is not the primary scope of this test
|
||||
async fn test_code_correctness(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let user_a_uuid = Uuid::new_v4();
|
||||
let user_b_uuid = Uuid::new_v4();
|
||||
let e1 = create_valid_user_account(user_a_uuid);
|
||||
|
|
@ -480,7 +480,7 @@ mod test {
|
|||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident_a = idms_prox_read
|
||||
.qs_read
|
||||
|
|
@ -558,7 +558,7 @@ mod test {
|
|||
|
||||
async fn test_totps_differ(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let user_a_uuid = Uuid::new_v4();
|
||||
let user_b_uuid = Uuid::new_v4();
|
||||
let e1 = create_valid_user_account(user_a_uuid);
|
||||
|
|
@ -568,7 +568,7 @@ mod test {
|
|||
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident_a = idms_prox_read
|
||||
.qs_read
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ enum LdapBindTarget {
|
|||
impl LdapServer {
|
||||
pub async fn new(idms: &IdmServer) -> Result<Self, OperationError> {
|
||||
// let ct = duration_from_epoch_now();
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
// This is the rootdse path.
|
||||
// get the domain_info item
|
||||
let domain_entry = idms_prox_read
|
||||
|
|
@ -299,7 +299,7 @@ impl LdapServer {
|
|||
admin_info!(attr = ?k_attrs, "LDAP Search Request Mapped Attrs");
|
||||
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_read = idms.proxy_read().await;
|
||||
let mut idm_read = idms.proxy_read().await.unwrap();
|
||||
// Now start the txn - we need it for resolving filter components.
|
||||
|
||||
// join the filter, with ext_filter
|
||||
|
|
@ -406,7 +406,7 @@ impl LdapServer {
|
|||
);
|
||||
let ct = duration_from_epoch_now();
|
||||
|
||||
let mut idm_auth = idms.auth().await;
|
||||
let mut idm_auth = idms.auth().await.unwrap();
|
||||
|
||||
let target: LdapBindTarget = if dn.is_empty() {
|
||||
if pw.is_empty() {
|
||||
|
|
@ -507,7 +507,7 @@ impl LdapServer {
|
|||
};
|
||||
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut idm_read = idms.proxy_read().await;
|
||||
let mut idm_read = idms.proxy_read().await.unwrap();
|
||||
// Now start the txn - we need it for resolving filter components.
|
||||
|
||||
// join the filter, with ext_filter
|
||||
|
|
@ -809,7 +809,7 @@ mod tests {
|
|||
async fn test_ldap_simple_bind(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let ldaps = LdapServer::new(idms).await.expect("failed to start ldap");
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
// make the admin a valid posix account
|
||||
let me_posix = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Name, PartialValue::new_iname("admin"))),
|
||||
|
|
@ -842,7 +842,7 @@ mod tests {
|
|||
|
||||
// Setting UNIX_PW_BIND flag to false:
|
||||
// Hence all of the below authentication will fail (asserts are still satisfied)
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let disallow_unix_pw_flag = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_DOMAIN_INFO))),
|
||||
ModifyList::new_purge_and_set(Attribute::LdapAllowUnixPwBind, Value::Bool(false)),
|
||||
|
|
@ -861,7 +861,7 @@ mod tests {
|
|||
assert!(admin_t.is_none() == true);
|
||||
|
||||
// Setting UNIX_PW_BIND flag to true :
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let allow_unix_pw_flag = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_DOMAIN_INFO))),
|
||||
ModifyList::new_purge_and_set(Attribute::LdapAllowUnixPwBind, Value::Bool(true)),
|
||||
|
|
@ -1053,7 +1053,7 @@ mod tests {
|
|||
)
|
||||
);
|
||||
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let ce = CreateEvent::new_internal(vec![e1]);
|
||||
assert!(server_txn
|
||||
.qs_write
|
||||
|
|
@ -1252,7 +1252,7 @@ mod tests {
|
|||
|
||||
let ct = duration_from_epoch_now();
|
||||
|
||||
let mut server_txn = idms.proxy_write(ct).await;
|
||||
let mut server_txn = idms.proxy_write(ct).await.unwrap();
|
||||
let ce = CreateEvent::new_internal(vec![e1, e2]);
|
||||
assert!(server_txn.qs_write.create(&ce).is_ok());
|
||||
|
||||
|
|
@ -1384,7 +1384,7 @@ mod tests {
|
|||
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
|
||||
);
|
||||
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn
|
||||
.qs_write
|
||||
.internal_create(vec![e1])
|
||||
|
|
@ -1453,7 +1453,7 @@ mod tests {
|
|||
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
|
||||
);
|
||||
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn
|
||||
.qs_write
|
||||
.internal_create(vec![e1])
|
||||
|
|
@ -1566,7 +1566,7 @@ mod tests {
|
|||
|
||||
// Change the domain basedn
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
// make the admin a valid posix account
|
||||
let me_posix = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_DOMAIN_INFO))),
|
||||
|
|
@ -1635,7 +1635,7 @@ mod tests {
|
|||
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
|
||||
);
|
||||
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn
|
||||
.qs_write
|
||||
.internal_create(vec![e1])
|
||||
|
|
@ -1743,7 +1743,7 @@ mod tests {
|
|||
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
|
||||
);
|
||||
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn
|
||||
.qs_write
|
||||
.internal_create(vec![e1])
|
||||
|
|
|
|||
|
|
@ -2766,7 +2766,7 @@ mod tests {
|
|||
enable_legacy_crypto: bool,
|
||||
prefer_short_username: bool,
|
||||
) -> (String, UserAuthToken, Identity, Uuid) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let rs_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
@ -2932,7 +2932,7 @@ mod tests {
|
|||
idms: &IdmServer,
|
||||
ct: Duration,
|
||||
) -> (UserAuthToken, Identity, Uuid) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let rs_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
@ -3062,7 +3062,7 @@ mod tests {
|
|||
}
|
||||
|
||||
async fn setup_idm_admin(idms: &IdmServer, ct: Duration) -> (UserAuthToken, Identity) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let account = idms_prox_write
|
||||
.target_to_account(UUID_IDM_ADMIN)
|
||||
.expect("account must exist");
|
||||
|
|
@ -3093,7 +3093,7 @@ mod tests {
|
|||
let (secret, _uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -3116,7 +3116,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -3156,7 +3156,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let (_uat, ident, _) = setup_oauth2_resource_server_public(idms, ct).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Get an ident/uat for now.
|
||||
|
||||
|
|
@ -3181,7 +3181,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -3227,7 +3227,7 @@ mod tests {
|
|||
let (_idm_admin_uat, idm_admin_ident) = setup_idm_admin(idms, ct).await;
|
||||
|
||||
// Need a uat from a user not in the group. Probs anonymous.
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -3407,7 +3407,7 @@ mod tests {
|
|||
let (_secret, uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let mut uat_wrong_session_id = uat.clone();
|
||||
uat_wrong_session_id.session_id = uuid::Uuid::new_v4();
|
||||
|
|
@ -3435,7 +3435,7 @@ mod tests {
|
|||
|
||||
// Now start the test
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -3455,7 +3455,7 @@ mod tests {
|
|||
};
|
||||
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// Invalid permits
|
||||
// * expired token, aka past ttl.
|
||||
|
|
@ -3515,7 +3515,7 @@ mod tests {
|
|||
+ Duration::from_secs(TEST_CURRENT_TIME + UAT_EXPIRE - 1),
|
||||
);
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -3535,7 +3535,7 @@ mod tests {
|
|||
};
|
||||
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
let permit_success = idms_prox_write
|
||||
|
|
@ -3668,7 +3668,7 @@ mod tests {
|
|||
let (secret, uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -3704,7 +3704,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -3738,7 +3738,7 @@ mod tests {
|
|||
// ============================================================================
|
||||
// Now repeat the test with the app url.
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Reload the ident since it pins an entry in memory.
|
||||
let ident = idms_prox_read
|
||||
|
|
@ -3788,7 +3788,7 @@ mod tests {
|
|||
};
|
||||
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let token_response = idms_prox_write
|
||||
.check_oauth2_token_exchange(&ClientAuthInfo::none(), &token_req, ct)
|
||||
|
|
@ -3808,7 +3808,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -3829,7 +3829,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -3848,7 +3848,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Okay, now we have the token, we can check it works with introspect.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let intr_request = AccessTokenIntrospectRequest {
|
||||
token: oauth2_token.access_token,
|
||||
|
|
@ -3870,7 +3870,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
// start a write,
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
// Expire the account, should cause introspect to return inactive.
|
||||
let v_expire = Value::new_datetime_epoch(Duration::from_secs(TEST_CURRENT_TIME - 1));
|
||||
let me_inv_m = ModifyEvent::new_internal_invalid(
|
||||
|
|
@ -3886,7 +3886,7 @@ mod tests {
|
|||
|
||||
// start a new read
|
||||
// check again.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let intr_response = idms_prox_read
|
||||
.check_oauth2_token_introspect(&client_authz, &intr_request, ct)
|
||||
.expect("Failed to inspect token");
|
||||
|
|
@ -3902,7 +3902,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -3923,7 +3923,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -3945,7 +3945,7 @@ mod tests {
|
|||
// Okay, now we have the token, we can check behaviours with the revoke interface.
|
||||
|
||||
// First, assert it is valid, similar to the introspect api.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let intr_request = AccessTokenIntrospectRequest {
|
||||
token: oauth2_token.access_token.clone(),
|
||||
token_type_hint: None,
|
||||
|
|
@ -3958,7 +3958,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// First, the revoke needs basic auth. Provide incorrect auth, and we fail.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let bad_client_authz = ClientAuthInfo::encode_basic("test_resource_server", "12345");
|
||||
|
||||
|
|
@ -3973,7 +3973,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now submit a non-existent/invalid token. Does not affect our tokens validity.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let revoke_request = TokenRevokeRequest {
|
||||
token: "this is an invalid token, nothing will happen!".to_string(),
|
||||
token_type_hint: None,
|
||||
|
|
@ -3985,7 +3985,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Check our token is still valid.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let intr_response = idms_prox_read
|
||||
.check_oauth2_token_introspect(&client_authz, &intr_request, ct)
|
||||
.expect("Failed to inspect token");
|
||||
|
|
@ -3993,7 +3993,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Finally revoke it.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let revoke_request = TokenRevokeRequest {
|
||||
token: oauth2_token.access_token.clone(),
|
||||
token_type_hint: None,
|
||||
|
|
@ -4004,7 +4004,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Assert it is now invalid.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let intr_response = idms_prox_read
|
||||
.check_oauth2_token_introspect(&client_authz, &intr_request, ct)
|
||||
.expect("Failed to inspect token");
|
||||
|
|
@ -4013,7 +4013,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Force trim the session and wait for the grace window to pass. The token will be invalidated
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let filt = filter!(f_eq(
|
||||
Attribute::Uuid,
|
||||
PartialValue::Uuid(ident.get_uuid().unwrap())
|
||||
|
|
@ -4032,7 +4032,7 @@ mod tests {
|
|||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
// Grace window in effect.
|
||||
let intr_response = idms_prox_read
|
||||
.check_oauth2_token_introspect(&client_authz, &intr_request, ct)
|
||||
|
|
@ -4049,7 +4049,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// A second invalidation of the token "does nothing".
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let revoke_request = TokenRevokeRequest {
|
||||
token: oauth2_token.access_token,
|
||||
token_type_hint: None,
|
||||
|
|
@ -4071,7 +4071,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -4092,7 +4092,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -4125,7 +4125,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Process it to ensure the record exists.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// Check it is now there
|
||||
let entry = idms_prox_write
|
||||
|
|
@ -4174,7 +4174,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let ident2 = {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let account = idms_prox_write
|
||||
.target_to_account(UUID_IDM_ADMIN)
|
||||
.expect("account must exist");
|
||||
|
|
@ -4193,7 +4193,7 @@ mod tests {
|
|||
ident2
|
||||
};
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let redirect_uri = Url::parse("https://demo.example.com/oauth2/result").unwrap();
|
||||
let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -4254,7 +4254,7 @@ mod tests {
|
|||
let (_secret, _uat, _ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// check the discovery end point works as we expect
|
||||
assert!(
|
||||
|
|
@ -4362,7 +4362,7 @@ mod tests {
|
|||
let (_secret, _uat, _ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// check the discovery end point works as we expect
|
||||
assert!(
|
||||
|
|
@ -4506,7 +4506,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -4527,7 +4527,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -4563,7 +4563,7 @@ mod tests {
|
|||
// Get the read txn for inspecting the tokens
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let mut jwkset = idms_prox_read
|
||||
.oauth2_openid_publickey("test_resource_server")
|
||||
|
|
@ -4638,7 +4638,7 @@ mod tests {
|
|||
// Importantly, we need to persist the nonce through access/refresh token operations
|
||||
// because some clients like the rust openidconnect library require it always for claim
|
||||
// verification.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let token_req: AccessTokenRequest = GrantTypeReq::RefreshToken {
|
||||
refresh_token,
|
||||
|
|
@ -4656,7 +4656,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Okay, refresh done, lets check it.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let userinfo = idms_prox_read
|
||||
.oauth2_openid_userinfo("test_resource_server", access_token, ct)
|
||||
|
|
@ -4691,7 +4691,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, true).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -4712,7 +4712,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -4736,7 +4736,7 @@ mod tests {
|
|||
JwsCompact::from_str(&token_response.access_token).expect("Invalid Access Token");
|
||||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let mut jwkset = idms_prox_read
|
||||
.oauth2_openid_publickey("test_resource_server")
|
||||
|
|
@ -4779,7 +4779,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, true).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -4800,7 +4800,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -4824,7 +4824,7 @@ mod tests {
|
|||
JwsCompact::from_str(&token_response.access_token).expect("Invalid Access Token");
|
||||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let mut jwkset = idms_prox_read
|
||||
.oauth2_openid_publickey("test_resource_server")
|
||||
|
|
@ -4874,7 +4874,7 @@ mod tests {
|
|||
let (_secret, _uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, false, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -4914,7 +4914,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let (secret, _uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, false, true, false).await;
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
// The public key url should offer an rs key
|
||||
// discovery should offer RS256
|
||||
let discovery = idms_prox_read
|
||||
|
|
@ -4963,7 +4963,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -5017,7 +5017,7 @@ mod tests {
|
|||
let (_secret, uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
let consent_request = good_authorisation_request!(
|
||||
|
|
@ -5038,7 +5038,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let _permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -5047,7 +5047,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// == Now try the authorise again, should be in the permitted state.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// We need to reload our identity
|
||||
let ident = idms_prox_read
|
||||
|
|
@ -5074,7 +5074,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Great! Now change the scopes on the OAuth2 instance, this revokes the permit.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let me_extend_scopes = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(
|
||||
|
|
@ -5099,7 +5099,7 @@ mod tests {
|
|||
|
||||
// And do the workflow once more to see if we need to consent again.
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// We need to reload our identity
|
||||
let ident = idms_prox_read
|
||||
|
|
@ -5140,7 +5140,7 @@ mod tests {
|
|||
// Success! We had to consent again due to the change :)
|
||||
|
||||
// Now change the supplemental scopes on the OAuth2 instance, this revokes the permit.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let me_extend_scopes = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(
|
||||
|
|
@ -5159,7 +5159,7 @@ mod tests {
|
|||
|
||||
// And do the workflow once more to see if we need to consent again.
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// We need to reload our identity
|
||||
let ident = idms_prox_read
|
||||
|
|
@ -5214,7 +5214,7 @@ mod tests {
|
|||
// Assert there are no consent maps yet.
|
||||
assert!(ident.get_oauth2_consent_scopes(o2rs_uuid).is_none());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (_code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
let consent_request = good_authorisation_request!(
|
||||
|
|
@ -5235,7 +5235,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let _permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -5303,7 +5303,7 @@ mod tests {
|
|||
let (secret, _uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, false, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Get an ident/uat for now.
|
||||
|
||||
|
|
@ -5338,7 +5338,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -5380,7 +5380,7 @@ mod tests {
|
|||
let (secret, _uat, ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, false, false, false).await;
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Get an ident/uat for now.
|
||||
|
||||
|
|
@ -5430,7 +5430,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -5468,7 +5468,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -5486,7 +5486,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -5524,7 +5524,7 @@ mod tests {
|
|||
// test basic refresh while access still valid.
|
||||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME + 10);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5555,7 +5555,7 @@ mod tests {
|
|||
let ct =
|
||||
Duration::from_secs(TEST_CURRENT_TIME + 20 + access_token_response_2.expires_in as u64);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_2
|
||||
.refresh_token
|
||||
|
|
@ -5601,7 +5601,7 @@ mod tests {
|
|||
TEST_CURRENT_TIME + refresh_exp as u64 + access_token_response_3.expires_in as u64,
|
||||
);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_3
|
||||
.refresh_token
|
||||
|
|
@ -5638,7 +5638,7 @@ mod tests {
|
|||
// ============================================
|
||||
// Revoke the OAuth2 session
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let revoke_request = TokenRevokeRequest {
|
||||
token: access_token_response_1.access_token.clone(),
|
||||
token_type_hint: None,
|
||||
|
|
@ -5650,7 +5650,7 @@ mod tests {
|
|||
|
||||
// ============================================
|
||||
// then attempt a refresh.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5690,7 +5690,7 @@ mod tests {
|
|||
// ============================================
|
||||
// Refresh with invalid client authz
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5727,7 +5727,7 @@ mod tests {
|
|||
// ============================================
|
||||
// Refresh with different scopes
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5766,7 +5766,7 @@ mod tests {
|
|||
// ============================================
|
||||
// Use the refresh token once
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME + 1);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5788,7 +5788,7 @@ mod tests {
|
|||
|
||||
// Now use it again. - this will cause an error and the session to be terminated.
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME + 2);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5844,7 +5844,7 @@ mod tests {
|
|||
// ============================================
|
||||
// Use the refresh token once
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME + 1);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_1
|
||||
.refresh_token
|
||||
|
|
@ -5868,7 +5868,7 @@ mod tests {
|
|||
|
||||
// ============================================
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME + 2);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let refresh_token = access_token_response_2
|
||||
.refresh_token
|
||||
|
|
@ -5914,7 +5914,7 @@ mod tests {
|
|||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
// Setup custom claim maps here.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_list(vec![
|
||||
// Member of a claim map.
|
||||
|
|
@ -5990,7 +5990,7 @@ mod tests {
|
|||
// Claim maps setup, lets go.
|
||||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
||||
|
|
@ -6011,7 +6011,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -6040,7 +6040,7 @@ mod tests {
|
|||
// Get the read txn for inspecting the tokens
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let mut jwkset = idms_prox_read
|
||||
.oauth2_openid_publickey("test_resource_server")
|
||||
|
|
@ -6149,7 +6149,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let (_uat, ident, oauth2_rs_uuid) = setup_oauth2_resource_server_public(idms, ct).await;
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let modlist = ModifyList::new_list(vec![Modify::Present(
|
||||
Attribute::OAuth2AllowLocalhostRedirect.into(),
|
||||
|
|
@ -6166,7 +6166,7 @@ mod tests {
|
|||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let idms_prox_read = idms.proxy_read().await;
|
||||
let idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// == Setup the authorisation request
|
||||
let (code_verifier, code_challenge) = create_code_verifier!("Whar Garble");
|
||||
|
|
@ -6200,7 +6200,7 @@ mod tests {
|
|||
|
||||
// == Manually submit the consent token to the permit for the permit_success
|
||||
drop(idms_prox_read);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let permit_success = idms_prox_write
|
||||
.check_oauth2_authorise_permit(&ident, &consent_token, ct)
|
||||
|
|
@ -6242,7 +6242,7 @@ mod tests {
|
|||
let client_authz = ClientAuthInfo::encode_basic("test_resource_server", secret.as_str());
|
||||
|
||||
// scope: Some(btreeset!["invalid_scope".to_string()]),
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let token_req = AccessTokenRequest {
|
||||
grant_type: GrantTypeReq::ClientCredentials { scope: None },
|
||||
|
|
@ -6260,7 +6260,7 @@ mod tests {
|
|||
assert!(oauth2_token.token_type == "Bearer");
|
||||
|
||||
// Check Oauth2 Token Introspection
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let intr_request = AccessTokenIntrospectRequest {
|
||||
token: oauth2_token.access_token.clone(),
|
||||
|
|
@ -6288,7 +6288,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Assert we can revoke.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let revoke_request = TokenRevokeRequest {
|
||||
token: oauth2_token.access_token.clone(),
|
||||
token_type_hint: None,
|
||||
|
|
@ -6300,7 +6300,7 @@ mod tests {
|
|||
|
||||
// Now must be invalid.
|
||||
let ct = ct + AUTH_TOKEN_GRACE_WINDOW;
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let intr_request = AccessTokenIntrospectRequest {
|
||||
token: oauth2_token.access_token.clone(),
|
||||
|
|
@ -6324,7 +6324,7 @@ mod tests {
|
|||
let (secret, _uat, _ident, _) =
|
||||
setup_oauth2_resource_server_basic(idms, ct, true, false, false).await;
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// Public Client
|
||||
let token_req = AccessTokenRequest {
|
||||
|
|
|
|||
|
|
@ -190,7 +190,7 @@ mod tests {
|
|||
const TESTPERSON_UUID: Uuid = uuid!("cf231fea-1a8f-4410-a520-fd9b1a379c86");
|
||||
|
||||
async fn setup_testaccount(idms: &IdmServer, ct: Duration) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let e2 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -211,7 +211,7 @@ mod tests {
|
|||
idms: &IdmServer,
|
||||
ct: Duration,
|
||||
) -> WebauthnAuthenticator<SoftPasskey> {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let testperson = idms_prox_write
|
||||
.qs_write
|
||||
.internal_search_uuid(TESTPERSON_UUID)
|
||||
|
|
@ -226,7 +226,7 @@ mod tests {
|
|||
|
||||
// Update session is setup.
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
let origin = cutxn.get_origin().clone();
|
||||
|
||||
let mut wa = WebauthnAuthenticator::new(SoftPasskey::new(true));
|
||||
|
|
@ -254,7 +254,7 @@ mod tests {
|
|||
assert!(c_status.can_commit());
|
||||
|
||||
drop(cutxn);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
idms_prox_write
|
||||
.commit_credential_update(&cust, ct)
|
||||
|
|
@ -266,7 +266,7 @@ mod tests {
|
|||
}
|
||||
|
||||
async fn setup_testaccount_password_totp(idms: &IdmServer, ct: Duration) -> (String, Totp) {
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let testperson = idms_prox_write
|
||||
.qs_write
|
||||
.internal_search_uuid(TESTPERSON_UUID)
|
||||
|
|
@ -279,7 +279,7 @@ mod tests {
|
|||
.expect("Failed to begin credential update.");
|
||||
idms_prox_write.commit().expect("Failed to commit txn");
|
||||
|
||||
let cutxn = idms.cred_update_transaction().await;
|
||||
let cutxn = idms.cred_update_transaction().await.unwrap();
|
||||
|
||||
let pw = crate::utils::password_from_random();
|
||||
|
||||
|
|
@ -312,7 +312,7 @@ mod tests {
|
|||
assert!(c_status.can_commit());
|
||||
|
||||
drop(cutxn);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
idms_prox_write
|
||||
.commit_credential_update(&cust, ct)
|
||||
|
|
@ -329,7 +329,7 @@ mod tests {
|
|||
wa: &mut WebauthnAuthenticator<SoftPasskey>,
|
||||
idms_delayed: &mut IdmServerDelayed,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let origin = idms_auth.get_origin().clone();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
|
@ -409,7 +409,7 @@ mod tests {
|
|||
token: &Totp,
|
||||
idms_delayed: &mut IdmServerDelayed,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
|
||||
let auth_init = AuthEvent::named_init("testperson");
|
||||
|
||||
|
|
@ -478,7 +478,7 @@ mod tests {
|
|||
ct: Duration,
|
||||
client_auth_info: ClientAuthInfo,
|
||||
) -> Identity {
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
idms_prox_read
|
||||
.validate_client_auth_info_to_ident(client_auth_info, ct)
|
||||
|
|
@ -492,7 +492,7 @@ mod tests {
|
|||
wa: &mut WebauthnAuthenticator<SoftPasskey>,
|
||||
idms_delayed: &mut IdmServerDelayed,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let origin = idms_auth.get_origin().clone();
|
||||
|
||||
let auth_allowed = idms_auth
|
||||
|
|
@ -559,7 +559,7 @@ mod tests {
|
|||
token: &Totp,
|
||||
idms_delayed: &mut IdmServerDelayed,
|
||||
) -> Option<JwsCompact> {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
|
||||
let auth_allowed = idms_auth
|
||||
.reauth_init(
|
||||
|
|
|
|||
|
|
@ -1573,13 +1573,13 @@ mod tests {
|
|||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (sync_uuid, sync_token) = create_scim_sync_account(&mut idms_prox_write, ct);
|
||||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Do a get_state to get the current "state cookie" if any.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let ident = idms_prox_read
|
||||
.validate_sync_client_auth_info_to_ident(sync_token.into(), ct)
|
||||
|
|
@ -1608,7 +1608,7 @@ mod tests {
|
|||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let sync_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
@ -1636,7 +1636,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// -- Check the happy path.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let ident = idms_prox_read
|
||||
.validate_sync_client_auth_info_to_ident(sync_token.clone().into(), ct)
|
||||
.expect("Failed to validate sync token");
|
||||
|
|
@ -1645,7 +1645,7 @@ mod tests {
|
|||
|
||||
// -- Revoke the session
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let me_inv_m = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(
|
||||
Attribute::Name,
|
||||
|
|
@ -1657,14 +1657,14 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Must fail
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let fail =
|
||||
idms_prox_read.validate_sync_client_auth_info_to_ident(sync_token.clone().into(), ct);
|
||||
assert!(matches!(fail, Err(OperationError::NotAuthenticated)));
|
||||
drop(idms_prox_read);
|
||||
|
||||
// -- New session, reset the JWS
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let gte = GenerateScimSyncTokenEvent::new_internal(sync_uuid, "Sync Connector");
|
||||
let sync_token = idms_prox_write
|
||||
|
|
@ -1686,7 +1686,7 @@ mod tests {
|
|||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let fail =
|
||||
idms_prox_read.validate_sync_client_auth_info_to_ident(sync_token.clone().into(), ct);
|
||||
assert!(matches!(fail, Err(OperationError::NotAuthenticated)));
|
||||
|
|
@ -1768,7 +1768,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -1794,7 +1794,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -1846,7 +1846,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
|
||||
let user_sync_uuid = Uuid::new_v4();
|
||||
|
|
@ -1904,7 +1904,7 @@ mod tests {
|
|||
entries: Vec<ScimEntryGeneric>,
|
||||
) -> Result<(), OperationError> {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -1954,7 +1954,7 @@ mod tests {
|
|||
.is_ok());
|
||||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let ent = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -2105,7 +2105,7 @@ mod tests {
|
|||
// Create an entry via sync
|
||||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent {
|
||||
ident: ident.clone(),
|
||||
|
|
@ -2133,7 +2133,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now we can attempt the delete.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
let changes = ScimSyncRequest {
|
||||
|
|
@ -2174,7 +2174,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -2203,7 +2203,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let user_sync_uuid = Uuid::new_v4();
|
||||
assert!(idms_prox_write
|
||||
|
|
@ -2240,7 +2240,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let user_sync_uuid = Uuid::new_v4();
|
||||
assert!(idms_prox_write
|
||||
|
|
@ -2288,7 +2288,7 @@ mod tests {
|
|||
// Create an entry via sync
|
||||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent {
|
||||
ident: ident.clone(),
|
||||
|
|
@ -2328,7 +2328,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now retain only a single entry
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
let changes = ScimSyncRequest {
|
||||
|
|
@ -2372,7 +2372,7 @@ mod tests {
|
|||
let sync_uuid_b = Uuid::new_v4();
|
||||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent {
|
||||
ident: ident.clone(),
|
||||
|
|
@ -2412,7 +2412,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now retain no entries at all
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
let changes = ScimSyncRequest {
|
||||
|
|
@ -2470,7 +2470,7 @@ mod tests {
|
|||
let sync_uuid_a = Uuid::new_v4();
|
||||
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent {
|
||||
ident: ident.clone(),
|
||||
|
|
@ -2498,7 +2498,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now retain no entries at all
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
let changes = ScimSyncRequest {
|
||||
|
|
@ -2532,7 +2532,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent {
|
||||
ident: ident.clone(),
|
||||
|
|
@ -2551,7 +2551,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Advance the from -> to state.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
let changes = ScimSyncRequest {
|
||||
|
|
@ -2601,7 +2601,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -2613,7 +2613,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Test properties of the imported entries.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let testgroup = get_single_entry("testgroup", &mut idms_prox_write);
|
||||
assert!(
|
||||
|
|
@ -2676,7 +2676,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now apply updates.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let changes =
|
||||
serde_json::from_str(TEST_SYNC_SCIM_IPA_2).expect("failed to parse scim sync");
|
||||
|
||||
|
|
@ -2684,7 +2684,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Test properties of the updated entries.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// Deleted
|
||||
assert!(idms_prox_write
|
||||
|
|
@ -2738,7 +2738,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (_sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -2870,7 +2870,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -2927,7 +2927,7 @@ mod tests {
|
|||
#[idm_test]
|
||||
async fn test_idm_scim_sync_finalise_1(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -2939,7 +2939,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Finalise the sync account.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let ident = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -2975,7 +2975,7 @@ mod tests {
|
|||
#[idm_test]
|
||||
async fn test_idm_scim_sync_finalise_2(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -2994,7 +2994,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Finalise the sync account.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let ident = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -3039,7 +3039,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -3051,7 +3051,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Terminate the sync account
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let ident = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -3090,7 +3090,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let (sync_uuid, ident) = test_scim_sync_apply_setup_ident(&mut idms_prox_write, ct);
|
||||
let sse = ScimSyncUpdateEvent { ident };
|
||||
|
||||
|
|
@ -3109,7 +3109,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Terminate the sync account
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let ident = idms_prox_write
|
||||
.qs_write
|
||||
|
|
|
|||
|
|
@ -146,7 +146,7 @@ impl IdmServer {
|
|||
|
||||
// Get the domain name, as the relying party id.
|
||||
let (rp_id, rp_name, domain_level, oauth2rs_set) = {
|
||||
let mut qs_read = qs.read().await;
|
||||
let mut qs_read = qs.read().await?;
|
||||
(
|
||||
qs_read.get_domain_name().to_string(),
|
||||
qs_read.get_domain_display_name().to_string(),
|
||||
|
|
@ -212,14 +212,14 @@ impl IdmServer {
|
|||
}
|
||||
|
||||
/// Start an auth txn
|
||||
pub async fn auth(&self) -> IdmServerAuthTransaction<'_> {
|
||||
let qs_read = self.qs.read().await;
|
||||
pub async fn auth(&self) -> Result<IdmServerAuthTransaction<'_>, OperationError> {
|
||||
let qs_read = self.qs.read().await?;
|
||||
|
||||
let mut sid = [0; 4];
|
||||
let mut rng = StdRng::from_entropy();
|
||||
rng.fill(&mut sid);
|
||||
|
||||
IdmServerAuthTransaction {
|
||||
Ok(IdmServerAuthTransaction {
|
||||
session_ticket: &self.session_ticket,
|
||||
sessions: &self.sessions,
|
||||
softlocks: &self.softlocks,
|
||||
|
|
@ -228,45 +228,52 @@ impl IdmServer {
|
|||
async_tx: self.async_tx.clone(),
|
||||
audit_tx: self.audit_tx.clone(),
|
||||
webauthn: &self.webauthn,
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
/// Read from the database, in a transaction.
|
||||
#[instrument(level = "debug", skip_all)]
|
||||
pub async fn proxy_read(&self) -> IdmServerProxyReadTransaction<'_> {
|
||||
IdmServerProxyReadTransaction {
|
||||
qs_read: self.qs.read().await,
|
||||
pub async fn proxy_read(&self) -> Result<IdmServerProxyReadTransaction<'_>, OperationError> {
|
||||
let qs_read = self.qs.read().await?;
|
||||
Ok(IdmServerProxyReadTransaction {
|
||||
qs_read,
|
||||
oauth2rs: self.oauth2rs.read(),
|
||||
// async_tx: self.async_tx.clone(),
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
#[instrument(level = "debug", skip_all)]
|
||||
pub async fn proxy_write(&self, ts: Duration) -> IdmServerProxyWriteTransaction<'_> {
|
||||
let qs_write = self.qs.write(ts).await;
|
||||
pub async fn proxy_write(
|
||||
&self,
|
||||
ts: Duration,
|
||||
) -> Result<IdmServerProxyWriteTransaction<'_>, OperationError> {
|
||||
let qs_write = self.qs.write(ts).await?;
|
||||
|
||||
let mut sid = [0; 4];
|
||||
let mut rng = StdRng::from_entropy();
|
||||
rng.fill(&mut sid);
|
||||
|
||||
IdmServerProxyWriteTransaction {
|
||||
Ok(IdmServerProxyWriteTransaction {
|
||||
cred_update_sessions: self.cred_update_sessions.write(),
|
||||
qs_write,
|
||||
sid,
|
||||
crypto_policy: &self.crypto_policy,
|
||||
webauthn: &self.webauthn,
|
||||
oauth2rs: self.oauth2rs.write(),
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
pub async fn cred_update_transaction(&self) -> IdmServerCredUpdateTransaction<'_> {
|
||||
IdmServerCredUpdateTransaction {
|
||||
qs_read: self.qs.read().await,
|
||||
pub async fn cred_update_transaction(
|
||||
&self,
|
||||
) -> Result<IdmServerCredUpdateTransaction<'_>, OperationError> {
|
||||
let qs_read = self.qs.read().await?;
|
||||
Ok(IdmServerCredUpdateTransaction {
|
||||
qs_read,
|
||||
// sid: Sid,
|
||||
webauthn: &self.webauthn,
|
||||
cred_update_sessions: self.cred_update_sessions.read(),
|
||||
crypto_policy: &self.crypto_policy,
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
|
|
@ -275,7 +282,7 @@ impl IdmServer {
|
|||
ct: Duration,
|
||||
da: DelayedAction,
|
||||
) -> Result<bool, OperationError> {
|
||||
let mut pw = self.proxy_write(ct).await;
|
||||
let mut pw = self.proxy_write(ct).await?;
|
||||
pw.process_delayedaction(&da, ct)
|
||||
.and_then(|_| pw.commit())
|
||||
.map(|()| true)
|
||||
|
|
@ -2107,7 +2114,7 @@ mod tests {
|
|||
#[idm_test]
|
||||
async fn test_idm_anonymous_auth(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
// Start and test anonymous auth.
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
// Send the initial auth event for initialising the session
|
||||
let anon_init = AuthEvent::anonymous_init();
|
||||
// Expect success
|
||||
|
|
@ -2150,7 +2157,7 @@ mod tests {
|
|||
|
||||
idms_auth.commit().expect("Must not fail");
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_begin = AuthEvent::begin_mech(sid, AuthMech::Anonymous);
|
||||
|
||||
let r2 = idms_auth
|
||||
|
|
@ -2190,7 +2197,7 @@ mod tests {
|
|||
|
||||
idms_auth.commit().expect("Must not fail");
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
// Now send the anonymous request, given the session id.
|
||||
let anon_step = AuthEvent::cred_step_anonymous(sid);
|
||||
|
||||
|
|
@ -2238,7 +2245,7 @@ mod tests {
|
|||
_idms_delayed: &IdmServerDelayed,
|
||||
) {
|
||||
{
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let sid = Uuid::new_v4();
|
||||
let anon_step = AuthEvent::cred_step_anonymous(sid);
|
||||
|
||||
|
|
@ -2273,7 +2280,7 @@ mod tests {
|
|||
let cred = Credential::new_password_only(&p, pw)?;
|
||||
let cred_id = cred.uuid;
|
||||
let v_cred = Value::new_credential("primary", cred);
|
||||
let mut idms_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
idms_write
|
||||
.qs_write
|
||||
|
|
@ -2295,7 +2302,7 @@ mod tests {
|
|||
}
|
||||
|
||||
async fn init_authsession_sid(idms: &IdmServer, ct: Duration, name: &str) -> Uuid {
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let admin_init = AuthEvent::named_init(name);
|
||||
|
||||
let r1 = idms_auth
|
||||
|
|
@ -2331,7 +2338,7 @@ mod tests {
|
|||
async fn check_testperson_password(idms: &IdmServer, pw: &str, ct: Duration) -> JwsCompact {
|
||||
let sid = init_authsession_sid(idms, ct, "testperson1").await;
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid, pw);
|
||||
|
||||
// Expect success
|
||||
|
|
@ -2400,7 +2407,7 @@ mod tests {
|
|||
)
|
||||
.await;
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD);
|
||||
|
||||
// Expect success
|
||||
|
|
@ -2455,7 +2462,7 @@ mod tests {
|
|||
.expect("Failed to setup admin account");
|
||||
let sid =
|
||||
init_authsession_sid(idms, Duration::from_secs(TEST_CURRENT_TIME), "testperson1").await;
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD_INC);
|
||||
|
||||
// Expect success
|
||||
|
|
@ -2504,7 +2511,7 @@ mod tests {
|
|||
async fn test_idm_simple_password_reset(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(idms_prox_write.set_account_password(&pce).is_ok());
|
||||
assert!(idms_prox_write.set_account_password(&pce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
|
@ -2517,14 +2524,14 @@ mod tests {
|
|||
) {
|
||||
let pce = PasswordChangeEvent::new_internal(UUID_ANONYMOUS, TEST_PASSWORD);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(idms_prox_write.set_account_password(&pce).is_err());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
}
|
||||
|
||||
#[idm_test]
|
||||
async fn test_idm_regenerate_radius_secret(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -2546,7 +2553,7 @@ mod tests {
|
|||
|
||||
#[idm_test]
|
||||
async fn test_idm_radiusauthtoken(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -2559,7 +2566,7 @@ mod tests {
|
|||
.expect("Failed to reset radius credential 1");
|
||||
idms_prox_write.commit().expect("failed to commit");
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let person_entry = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_TESTPERSON_1)
|
||||
|
|
@ -2576,7 +2583,7 @@ mod tests {
|
|||
|
||||
#[idm_test]
|
||||
async fn test_idm_unixusertoken(idms: &IdmServer, _idms_delayed: &IdmServerDelayed) {
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
// Modify admin to have posixaccount
|
||||
let me_posix = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Name, PartialValue::new_iname("admin"))),
|
||||
|
|
@ -2609,7 +2616,7 @@ mod tests {
|
|||
|
||||
idms_prox_write.commit().expect("failed to commit");
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Get the account that will be doing the actual reads.
|
||||
let admin_entry = idms_prox_read
|
||||
|
|
@ -2658,7 +2665,7 @@ mod tests {
|
|||
idms: &IdmServer,
|
||||
_idms_delayed: &IdmServerDelayed,
|
||||
) {
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
// make the admin a valid posix account
|
||||
let me_posix = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Name, PartialValue::new_iname("admin"))),
|
||||
|
|
@ -2674,7 +2681,7 @@ mod tests {
|
|||
assert!(idms_prox_write.set_unix_account_password(&pce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
// Check auth verification of the password
|
||||
|
||||
let uuae_good = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
|
||||
|
|
@ -2697,7 +2704,7 @@ mod tests {
|
|||
assert!(idms_auth.commit().is_ok());
|
||||
|
||||
// Check deleting the password
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let me_purge_up = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Name, PartialValue::new_iname("admin"))),
|
||||
ModifyList::new_list(vec![Modify::Purged(Attribute::UnixPassword.into())]),
|
||||
|
|
@ -2707,7 +2714,7 @@ mod tests {
|
|||
|
||||
// And auth should now fail due to the lack of PW material (note that
|
||||
// softlocking WON'T kick in because the cred_uuid is gone!)
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let a3 = idms_auth
|
||||
.auth_unix(&uuae_good, Duration::from_secs(TEST_CURRENT_TIME))
|
||||
.await;
|
||||
|
|
@ -2728,7 +2735,7 @@ mod tests {
|
|||
idms_delayed.check_is_empty_or_panic();
|
||||
// Setup the admin w_ an imported password.
|
||||
{
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
// now modify and provide a primary credential.
|
||||
|
||||
idms_prox_write
|
||||
|
|
@ -2751,7 +2758,7 @@ mod tests {
|
|||
// Still empty
|
||||
idms_delayed.check_is_empty_or_panic();
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let person_entry = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_TESTPERSON_1)
|
||||
|
|
@ -2782,7 +2789,7 @@ mod tests {
|
|||
assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
|
||||
assert!(Ok(true) == r);
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let person_entry = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_TESTPERSON_1)
|
||||
|
|
@ -2810,7 +2817,7 @@ mod tests {
|
|||
// Assert the delayed action queue is empty
|
||||
idms_delayed.check_is_empty_or_panic();
|
||||
// Setup the admin with an imported unix pw.
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let im_pw = "{SSHA512}JwrSUHkI7FTAfHRVR6KoFlSN0E3dmaQWARjZ+/UsShYlENOqDtFVU77HJLLrY2MuSp0jve52+pwtdVl2QUAHukQ0XUf5LDtM";
|
||||
let pw = Password::try_from(im_pw).expect("failed to parse");
|
||||
|
|
@ -2830,7 +2837,7 @@ mod tests {
|
|||
idms_delayed.check_is_empty_or_panic();
|
||||
// Get the auth ready.
|
||||
let uuae = UnixUserAuthEvent::new_internal(UUID_ADMIN, "password");
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let a1 = idms_auth
|
||||
.auth_unix(&uuae, Duration::from_secs(TEST_CURRENT_TIME))
|
||||
.await;
|
||||
|
|
@ -2844,7 +2851,7 @@ mod tests {
|
|||
let da = idms_delayed.try_recv().expect("invalid");
|
||||
let _r = idms.delayed_action(duration_from_epoch_now(), da).await;
|
||||
// Go again
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let a2 = idms_auth
|
||||
.auth_unix(&uuae, Duration::from_secs(TEST_CURRENT_TIME))
|
||||
.await;
|
||||
|
|
@ -2866,7 +2873,7 @@ mod tests {
|
|||
const TEST_AFTER_EXPIRY: u64 = TEST_CURRENT_TIME + 240;
|
||||
|
||||
async fn set_testperson_valid_time(idms: &IdmServer) {
|
||||
let mut idms_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let v_valid_from = Value::new_datetime_epoch(Duration::from_secs(TEST_VALID_FROM_TIME));
|
||||
let v_expire = Value::new_datetime_epoch(Duration::from_secs(TEST_EXPIRE_TIME));
|
||||
|
|
@ -2902,7 +2909,7 @@ mod tests {
|
|||
let time_low = Duration::from_secs(TEST_NOT_YET_VALID_TIME);
|
||||
let time_high = Duration::from_secs(TEST_AFTER_EXPIRY);
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let admin_init = AuthEvent::named_init("admin");
|
||||
let r1 = idms_auth
|
||||
.auth(&admin_init, time_low, Source::Internal.into())
|
||||
|
|
@ -2924,7 +2931,7 @@ mod tests {
|
|||
idms_auth.commit().expect("Must not fail");
|
||||
|
||||
// And here!
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let admin_init = AuthEvent::named_init("admin");
|
||||
let r1 = idms_auth
|
||||
.auth(&admin_init, time_high, Source::Internal.into())
|
||||
|
|
@ -2961,7 +2968,7 @@ mod tests {
|
|||
let time_high = Duration::from_secs(TEST_AFTER_EXPIRY);
|
||||
|
||||
// make the admin a valid posix account
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let me_posix = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_TESTPERSON_1))),
|
||||
ModifyList::new_list(vec![
|
||||
|
|
@ -2977,7 +2984,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now check auth when the time is too high or too low.
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let uuae_good = UnixUserAuthEvent::new_internal(UUID_TESTPERSON_1, TEST_PASSWORD);
|
||||
|
||||
let a1 = idms_auth.auth_unix(&uuae_good, time_low).await;
|
||||
|
|
@ -2996,7 +3003,7 @@ mod tests {
|
|||
|
||||
idms_auth.commit().expect("Must not fail");
|
||||
// Also check the generated unix tokens are invalid.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let uute = UnixUserTokenEvent::new_internal(UUID_TESTPERSON_1);
|
||||
|
||||
let tok_r = idms_prox_read
|
||||
|
|
@ -3029,14 +3036,14 @@ mod tests {
|
|||
let time_low = Duration::from_secs(TEST_NOT_YET_VALID_TIME);
|
||||
let time_high = Duration::from_secs(TEST_AFTER_EXPIRY);
|
||||
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let rrse = RegenerateRadiusSecretEvent::new_internal(UUID_TESTPERSON_1);
|
||||
let _r1 = idms_prox_write
|
||||
.regenerate_radius_secret(&rrse)
|
||||
.expect("Failed to reset radius credential 1");
|
||||
idms_prox_write.commit().expect("failed to commit");
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let admin_entry = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_ADMIN)
|
||||
|
|
@ -3073,7 +3080,7 @@ mod tests {
|
|||
// Auth invalid, no softlock present.
|
||||
let sid =
|
||||
init_authsession_sid(idms, Duration::from_secs(TEST_CURRENT_TIME), "testperson1").await;
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD_INC);
|
||||
|
||||
let r2 = idms_auth
|
||||
|
|
@ -3118,7 +3125,7 @@ mod tests {
|
|||
// Auth init, softlock present, count == 1, same time (so before unlock_at)
|
||||
// aka Auth valid immediate, (ct < exp), autofail
|
||||
// aka Auth invalid immediate, (ct < exp), autofail
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let admin_init = AuthEvent::named_init("testperson1");
|
||||
|
||||
let r1 = idms_auth
|
||||
|
|
@ -3171,7 +3178,7 @@ mod tests {
|
|||
)
|
||||
.await;
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid, TEST_PASSWORD);
|
||||
|
||||
// Expect success
|
||||
|
|
@ -3240,7 +3247,7 @@ mod tests {
|
|||
let sid_later =
|
||||
init_authsession_sid(idms, Duration::from_secs(TEST_CURRENT_TIME), "testperson1").await;
|
||||
// Get the detail wrong in sid_later.
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid_later, TEST_PASSWORD_INC);
|
||||
|
||||
let r2 = idms_auth
|
||||
|
|
@ -3282,7 +3289,7 @@ mod tests {
|
|||
idms_auth.commit().expect("Must not fail");
|
||||
|
||||
// Now check that sid_early is denied due to softlock.
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_step = AuthEvent::cred_step_password(sid_early, TEST_PASSWORD);
|
||||
|
||||
// Expect success
|
||||
|
|
@ -3327,7 +3334,7 @@ mod tests {
|
|||
.await
|
||||
.expect("Failed to setup admin account");
|
||||
// make the admin a valid posix account
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await;
|
||||
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
|
||||
let me_posix = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_TESTPERSON_1))),
|
||||
ModifyList::new_list(vec![
|
||||
|
|
@ -3341,7 +3348,7 @@ mod tests {
|
|||
assert!(idms_prox_write.set_unix_account_password(&pce).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let uuae_good = UnixUserAuthEvent::new_internal(UUID_TESTPERSON_1, TEST_PASSWORD);
|
||||
let uuae_bad = UnixUserAuthEvent::new_internal(UUID_TESTPERSON_1, TEST_PASSWORD_INC);
|
||||
|
||||
|
|
@ -3392,7 +3399,7 @@ mod tests {
|
|||
assert!(Ok(true) == r);
|
||||
idms_delayed.check_is_empty_or_panic();
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Check it's valid - This is within the time window so will pass.
|
||||
idms_prox_read
|
||||
|
|
@ -3424,7 +3431,7 @@ mod tests {
|
|||
.expect("Failed to setup admin account");
|
||||
|
||||
// Assert no sessions present
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let admin = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_TESTPERSON_1)
|
||||
|
|
@ -3449,7 +3456,7 @@ mod tests {
|
|||
assert!(Ok(true) == r);
|
||||
|
||||
// Check it was written, and check
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let admin = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_TESTPERSON_1)
|
||||
|
|
@ -3480,7 +3487,7 @@ mod tests {
|
|||
let r = idms.delayed_action(expiry_a, da).await;
|
||||
assert!(Ok(true) == r);
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
let admin = idms_prox_read
|
||||
.qs_read
|
||||
.internal_search_uuid(UUID_TESTPERSON_1)
|
||||
|
|
@ -3527,7 +3534,7 @@ mod tests {
|
|||
let r = idms.delayed_action(ct, da).await;
|
||||
assert!(Ok(true) == r);
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
let token_kid = uat_unverified.kid().expect("no key id present");
|
||||
|
||||
|
|
@ -3563,13 +3570,13 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Mark the session as invalid now.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let dte = DestroySessionTokenEvent::new_internal(uat_inner.uuid, uat_inner.session_id);
|
||||
assert!(idms_prox_write.account_destroy_session_token(&dte).is_ok());
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Now check again with the session destroyed.
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Now, within gracewindow, it's NOT valid because the session entry exists and is in
|
||||
// the revoked state!
|
||||
|
|
@ -3582,7 +3589,7 @@ mod tests {
|
|||
drop(idms_prox_read);
|
||||
|
||||
// Force trim the session out so that we can check the grate handling.
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let filt = filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(uat_inner.uuid)));
|
||||
let mut work_set = idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -3598,7 +3605,7 @@ mod tests {
|
|||
|
||||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
idms_prox_read
|
||||
.validate_client_auth_info_to_ident(uat_unverified.clone().into(), ct)
|
||||
.expect("Failed to validate");
|
||||
|
|
@ -3620,7 +3627,7 @@ mod tests {
|
|||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
|
||||
//we first set the expiry to a custom value
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let new_authsession_expiry = 1000;
|
||||
|
||||
|
|
@ -3636,7 +3643,7 @@ mod tests {
|
|||
assert!(idms_prox_write.commit().is_ok());
|
||||
|
||||
// Start anonymous auth.
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
// Send the initial auth event for initialising the session
|
||||
let anon_init = AuthEvent::anonymous_init();
|
||||
// Expect success
|
||||
|
|
@ -3673,7 +3680,7 @@ mod tests {
|
|||
|
||||
idms_auth.commit().expect("Must not fail");
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
let anon_begin = AuthEvent::begin_mech(sid, AuthMech::Anonymous);
|
||||
|
||||
let r2 = idms_auth
|
||||
|
|
@ -3708,7 +3715,7 @@ mod tests {
|
|||
|
||||
idms_auth.commit().expect("Must not fail");
|
||||
|
||||
let mut idms_auth = idms.auth().await;
|
||||
let mut idms_auth = idms.auth().await.unwrap();
|
||||
// Now send the anonymous request, given the session id.
|
||||
let anon_step = AuthEvent::cred_step_anonymous(sid);
|
||||
|
||||
|
|
@ -3746,6 +3753,7 @@ mod tests {
|
|||
let Token::UserAuthToken(uat) = idms
|
||||
.proxy_read()
|
||||
.await
|
||||
.unwrap()
|
||||
.validate_and_parse_token_to_token(&token, ct)
|
||||
.expect("Must not fail")
|
||||
else {
|
||||
|
|
@ -3762,7 +3770,7 @@ mod tests {
|
|||
#[idm_test]
|
||||
async fn test_idm_uat_claim_insertion(idms: &IdmServer, _idms_delayed: &mut IdmServerDelayed) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
// get an account.
|
||||
let account = idms_prox_write
|
||||
|
|
@ -3895,7 +3903,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
idms_prox_write
|
||||
.qs_write
|
||||
|
|
@ -3950,7 +3958,7 @@ mod tests {
|
|||
assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
|
||||
idms_delayed.check_is_empty_or_panic();
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Check it's valid.
|
||||
idms_prox_read
|
||||
|
|
@ -3963,7 +3971,7 @@ mod tests {
|
|||
let revoke_kid = token.kid().expect("token does not contain a key id");
|
||||
|
||||
// Now revoke the token_key
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
let me_reset_tokens = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_DOMAIN_INFO))),
|
||||
ModifyList::new_append(
|
||||
|
|
@ -3981,7 +3989,7 @@ mod tests {
|
|||
assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
|
||||
idms_delayed.check_is_empty_or_panic();
|
||||
|
||||
let mut idms_prox_read = idms.proxy_read().await;
|
||||
let mut idms_prox_read = idms.proxy_read().await.unwrap();
|
||||
|
||||
// Check the old token is invalid, due to reload.
|
||||
assert!(idms_prox_read
|
||||
|
|
@ -4000,7 +4008,7 @@ mod tests {
|
|||
_idms_delayed: &mut IdmServerDelayed,
|
||||
) {
|
||||
let ct = Duration::from_secs(TEST_CURRENT_TIME);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let ident = Identity::from_internal();
|
||||
let target_uuid = Uuid::new_v4();
|
||||
|
|
|
|||
|
|
@ -441,7 +441,7 @@ mod tests {
|
|||
let past_grc = Duration::from_secs(TEST_CURRENT_TIME + 1) + AUTH_TOKEN_GRACE_WINDOW;
|
||||
let exp = Duration::from_secs(TEST_CURRENT_TIME + 6000);
|
||||
let post_exp = Duration::from_secs(TEST_CURRENT_TIME + 6010);
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await;
|
||||
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
|
||||
|
||||
let testaccount_uuid = Uuid::new_v4();
|
||||
|
||||
|
|
|
|||
|
|
@ -52,7 +52,8 @@ macro_rules! setup_test {
|
|||
.enable_all()
|
||||
.build()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
.block_on(qs.write(duration_from_epoch_now()))
|
||||
.expect("txn");
|
||||
qs_write
|
||||
.internal_create($preload_entries)
|
||||
.expect("Failed to preload entries");
|
||||
|
|
@ -93,7 +94,8 @@ macro_rules! run_create_test {
|
|||
.enable_all()
|
||||
.build()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
.block_on(qs.write(duration_from_epoch_now()))
|
||||
.unwrap();
|
||||
let r = qs_write.create(&ce);
|
||||
trace!("test result: {:?}", r);
|
||||
assert!(r == $expect);
|
||||
|
|
@ -149,7 +151,8 @@ macro_rules! run_modify_test {
|
|||
.enable_all()
|
||||
.build()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
.block_on(qs.write(duration_from_epoch_now()))
|
||||
.expect("txn");
|
||||
$pre_hook(&mut qs_write);
|
||||
qs_write.commit().expect("commit failure!");
|
||||
}
|
||||
|
|
@ -164,7 +167,8 @@ macro_rules! run_modify_test {
|
|||
.enable_all()
|
||||
.build()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
.block_on(qs.write(duration_from_epoch_now()))
|
||||
.expect("txn");
|
||||
let r = qs_write.modify(&me);
|
||||
$check(&mut qs_write);
|
||||
trace!("test result: {:?}", r);
|
||||
|
|
@ -217,7 +221,8 @@ macro_rules! run_delete_test {
|
|||
.enable_all()
|
||||
.build()
|
||||
.unwrap()
|
||||
.block_on(qs.write(duration_from_epoch_now()));
|
||||
.block_on(qs.write(duration_from_epoch_now()))
|
||||
.expect("txn");
|
||||
let r = qs_write.delete(&de);
|
||||
trace!("test result: {:?}", r);
|
||||
$check(&mut qs_write);
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ mod tests {
|
|||
// test we can create and generate the id
|
||||
#[qs_test]
|
||||
async fn test_default_values_idm_all_accounts(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let e_all_accounts = server_txn
|
||||
.internal_search_uuid(UUID_IDM_ALL_ACCOUNTS)
|
||||
.expect("must not fail");
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ mod tests {
|
|||
// test we can create and generate the id
|
||||
#[qs_test]
|
||||
async fn test_domain_generate_uuid(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let e_dom = server_txn
|
||||
.internal_search_uuid(UUID_DOMAIN_INFO)
|
||||
.expect("must not fail");
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ mod tests {
|
|||
|
||||
#[qs_test(domain_level=DOMAIN_LEVEL_7)]
|
||||
async fn test_gidnumber_generate(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.expect("txn");
|
||||
|
||||
// Test that the gid number is generated on create
|
||||
{
|
||||
|
|
@ -427,7 +427,7 @@ mod tests {
|
|||
|
||||
#[qs_test(domain_level=DOMAIN_LEVEL_6)]
|
||||
async fn test_gidnumber_domain_level_6(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.expect("txn");
|
||||
|
||||
// This will be INVALID in DL 7 but it's allowed for DL6
|
||||
let user_a_uuid = uuid!("d90fb0cb-6785-4f36-94cb-e364d9c13255");
|
||||
|
|
@ -460,7 +460,7 @@ mod tests {
|
|||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
// Now, do the DL6 upgrade check - will FAIL because the above user has an invalid ID.
|
||||
let mut server_txn = server.read().await;
|
||||
let mut server_txn = server.read().await.unwrap();
|
||||
|
||||
let check_item = server_txn
|
||||
.domain_upgrade_check_6_to_7_gidnumber()
|
||||
|
|
@ -473,7 +473,7 @@ mod tests {
|
|||
|
||||
drop(server_txn);
|
||||
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.expect("txn");
|
||||
|
||||
// Test rejection of important gid values.
|
||||
let user_b_uuid = uuid!("33afc396-2434-47e5-b143-05176148b50e");
|
||||
|
|
|
|||
|
|
@ -1079,7 +1079,7 @@ mod tests {
|
|||
let cred_id = cred.uuid;
|
||||
|
||||
// Create a user
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tuuid = Uuid::parse_str(TEST_TESTGROUP_B_UUID).unwrap();
|
||||
let rs_uuid = Uuid::new_v4();
|
||||
|
|
@ -1222,7 +1222,7 @@ mod tests {
|
|||
// we still want to ignore invalid memberOf values and certain invalid
|
||||
// member sets from dyngroups to allow them to self-heal at run time.
|
||||
let curtime = duration_from_epoch_now();
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tgroup_uuid = Uuid::new_v4();
|
||||
let dyn_uuid = Uuid::new_v4();
|
||||
|
|
@ -1282,7 +1282,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_entry_managed_by_references(server: &QueryServer) {
|
||||
let curtime = duration_from_epoch_now();
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let manages_uuid = Uuid::new_v4();
|
||||
let e_manages: Entry<EntryInit, EntryNew> = entry_init!(
|
||||
|
|
|
|||
|
|
@ -214,7 +214,7 @@ mod tests {
|
|||
let exp_curtime_odt = OffsetDateTime::UNIX_EPOCH + exp_curtime;
|
||||
|
||||
// Create a user
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
|
||||
|
||||
|
|
@ -281,7 +281,7 @@ mod tests {
|
|||
assert!(matches!(session.state, SessionState::ExpiresAt(_)));
|
||||
|
||||
assert!(server_txn.commit().is_ok());
|
||||
let mut server_txn = server.write(exp_curtime).await;
|
||||
let mut server_txn = server.write(exp_curtime).await.unwrap();
|
||||
|
||||
// Mod again - anything will do.
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
|
|
@ -324,7 +324,7 @@ mod tests {
|
|||
let exp_curtime_odt = OffsetDateTime::UNIX_EPOCH + exp_curtime;
|
||||
|
||||
// Create a user
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
|
||||
let rs_uuid = Uuid::new_v4();
|
||||
|
|
@ -452,7 +452,7 @@ mod tests {
|
|||
|
||||
// Note as we are now past exp time, the oauth2 session will be removed, but the uat session
|
||||
// will remain.
|
||||
let mut server_txn = server.write(exp_curtime).await;
|
||||
let mut server_txn = server.write(exp_curtime).await.unwrap();
|
||||
|
||||
// Mod again - anything will do.
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
|
|
@ -498,7 +498,7 @@ mod tests {
|
|||
let cred_id = cred.uuid;
|
||||
|
||||
// Create a user
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
|
||||
let rs_uuid = Uuid::new_v4();
|
||||
|
|
@ -623,7 +623,7 @@ mod tests {
|
|||
|
||||
// We need the time to be past grace_window.
|
||||
assert!(server_txn.commit().is_ok());
|
||||
let mut server_txn = server.write(exp_curtime).await;
|
||||
let mut server_txn = server.write(exp_curtime).await.unwrap();
|
||||
|
||||
// Mod again - remove the parent session.
|
||||
let modlist = ModifyList::new_remove(
|
||||
|
|
@ -669,7 +669,7 @@ mod tests {
|
|||
// let exp_curtime_odt = OffsetDateTime::UNIX_EPOCH + exp_curtime;
|
||||
|
||||
// Create a user
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
|
||||
let rs_uuid = Uuid::new_v4();
|
||||
|
|
@ -760,7 +760,7 @@ mod tests {
|
|||
|
||||
// Note the exp_curtime now is past the gracewindow. This will trigger
|
||||
// consistency to purge the un-matched session.
|
||||
let mut server_txn = server.write(exp_curtime).await;
|
||||
let mut server_txn = server.write(exp_curtime).await.unwrap();
|
||||
|
||||
// Mod again - anything will do.
|
||||
let modlist = ModifyList::new_purge_and_set(
|
||||
|
|
@ -798,7 +798,7 @@ mod tests {
|
|||
let cred_id = cred.uuid;
|
||||
|
||||
// Create a user
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
|
||||
|
||||
|
|
@ -867,7 +867,7 @@ mod tests {
|
|||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
// Notice we keep the time the same for the txn.
|
||||
let mut server_txn = server.write(curtime).await;
|
||||
let mut server_txn = server.write(curtime).await.unwrap();
|
||||
|
||||
// Remove the primary credential
|
||||
let modlist = ModifyList::new_purge(Attribute::PrimaryCredential);
|
||||
|
|
|
|||
|
|
@ -330,7 +330,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_spn_regen_domain_rename(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let ex1 = Value::new_spn_str("admin", "example.com");
|
||||
let ex2 = Value::new_spn_str("admin", "new.example.com");
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ mod tests {
|
|||
use crate::prelude::*;
|
||||
|
||||
async fn setup_name_deny(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let me_inv_m = ModifyEvent::new_internal_invalid(
|
||||
filter!(f_eq(Attribute::Uuid, PVUUID_SYSTEM_CONFIG.clone())),
|
||||
|
|
@ -131,7 +131,7 @@ mod tests {
|
|||
async fn test_valuedeny_create(server: &QueryServer) {
|
||||
setup_name_deny(server).await;
|
||||
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let t_uuid = Uuid::new_v4();
|
||||
assert!(server_txn
|
||||
.internal_create(vec![entry_init!(
|
||||
|
|
@ -150,7 +150,7 @@ mod tests {
|
|||
async fn test_valuedeny_modify(server: &QueryServer) {
|
||||
setup_name_deny(server).await;
|
||||
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let t_uuid = Uuid::new_v4();
|
||||
assert!(server_txn
|
||||
.internal_create(vec![entry_init!(
|
||||
|
|
@ -178,7 +178,7 @@ mod tests {
|
|||
async fn test_valuedeny_batch_modify(server: &QueryServer) {
|
||||
setup_name_deny(server).await;
|
||||
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let t_uuid = Uuid::new_v4();
|
||||
assert!(server_txn
|
||||
.internal_create(vec![entry_init!(
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load diff
|
|
@ -1121,7 +1121,7 @@ mod tests {
|
|||
// really protects us *a lot* here, but it's nice to have defence and
|
||||
// layers of validation.
|
||||
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
acp_from_entry_err!(
|
||||
&mut qs_write,
|
||||
|
|
@ -1190,7 +1190,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_access_acp_delete_parser(qs: &QueryServer) {
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
acp_from_entry_err!(
|
||||
&mut qs_write,
|
||||
|
|
@ -1238,7 +1238,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_access_acp_search_parser(qs: &QueryServer) {
|
||||
// Test that parsing search access controls works.
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
// Missing class acp
|
||||
acp_from_entry_err!(
|
||||
|
|
@ -1326,7 +1326,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_access_acp_modify_parser(qs: &QueryServer) {
|
||||
// Test that parsing modify access controls works.
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
acp_from_entry_err!(
|
||||
&mut qs_write,
|
||||
|
|
@ -1406,7 +1406,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_access_acp_create_parser(qs: &QueryServer) {
|
||||
// Test that parsing create access controls works.
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
acp_from_entry_err!(
|
||||
&mut qs_write,
|
||||
|
|
@ -1487,7 +1487,7 @@ mod tests {
|
|||
// given a single &str, we can evaluate all types from a single record.
|
||||
// This is valid, and could exist, IE a rule to allow create, search and modify
|
||||
// over a single scope.
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await;
|
||||
let mut qs_write = qs.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
|
|||
|
|
@ -302,7 +302,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_batch_modify_basic(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Setup entries.
|
||||
let uuid_a = Uuid::new_v4();
|
||||
let uuid_b = Uuid::new_v4();
|
||||
|
|
|
|||
|
|
@ -184,7 +184,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_create_user(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let filt = filter!(f_eq(Attribute::Name, PartialValue::new_iname("testperson")));
|
||||
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
|
||||
|
||||
|
|
@ -262,8 +262,8 @@ mod tests {
|
|||
|
||||
#[qs_pair_test]
|
||||
async fn test_pair_create_user(server_a: &QueryServer, server_b: &QueryServer) {
|
||||
let mut server_a_txn = server_a.write(duration_from_epoch_now()).await;
|
||||
let mut server_b_txn = server_b.write(duration_from_epoch_now()).await;
|
||||
let mut server_a_txn = server_a.write(duration_from_epoch_now()).await.unwrap();
|
||||
let mut server_b_txn = server_b.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
// Create on server a
|
||||
let filt = filter!(f_eq(Attribute::Name, PartialValue::new_iname("testperson")));
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_delete(server: &QueryServer) {
|
||||
// Create
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
|
|||
|
|
@ -985,7 +985,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_key_object_internal_es256(server: &QueryServer) {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut write_txn = server.write(ct).await;
|
||||
let mut write_txn = server.write(ct).await.unwrap();
|
||||
|
||||
// Assert the default provider is the internal one.
|
||||
let default_key_provider = write_txn
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ impl QueryServer {
|
|||
) -> Result<(), OperationError> {
|
||||
// We need to perform this in a single transaction pass to prevent tainting
|
||||
// databases during upgrades.
|
||||
let mut write_txn = self.write(ts).await;
|
||||
let mut write_txn = self.write(ts).await?;
|
||||
|
||||
// Check our database version - attempt to do an initial indexing
|
||||
// based on the in memory configuration. This ONLY triggers ONCE on
|
||||
|
|
@ -1130,23 +1130,23 @@ mod tests {
|
|||
async fn test_init_idempotent_schema_core(server: &QueryServer) {
|
||||
{
|
||||
// Setup and abort.
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn.initialise_schema_core().is_ok());
|
||||
}
|
||||
{
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn.initialise_schema_core().is_ok());
|
||||
assert!(server_txn.initialise_schema_core().is_ok());
|
||||
assert!(server_txn.commit().is_ok());
|
||||
}
|
||||
{
|
||||
// Now do it again in a new txn, but abort
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn.initialise_schema_core().is_ok());
|
||||
}
|
||||
{
|
||||
// Now do it again in a new txn.
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
assert!(server_txn.initialise_schema_core().is_ok());
|
||||
assert!(server_txn.commit().is_ok());
|
||||
}
|
||||
|
|
@ -1155,7 +1155,7 @@ mod tests {
|
|||
#[qs_test(domain_level=DOMAIN_LEVEL_6)]
|
||||
async fn test_migrations_dl6_dl7(server: &QueryServer) {
|
||||
// Assert our instance was setup to version 6
|
||||
let mut write_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut write_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let db_domain_version = write_txn
|
||||
.internal_search_uuid(UUID_DOMAIN_INFO)
|
||||
|
|
@ -1228,7 +1228,7 @@ mod tests {
|
|||
#[qs_test(domain_level=DOMAIN_LEVEL_7)]
|
||||
async fn test_migrations_dl7_dl8(server: &QueryServer) {
|
||||
// Assert our instance was setup to version 7
|
||||
let mut write_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut write_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let db_domain_version = write_txn
|
||||
.internal_search_uuid(UUID_DOMAIN_INFO)
|
||||
|
|
@ -1277,7 +1277,7 @@ mod tests {
|
|||
// pre migration verification.
|
||||
// check we currently would fail a migration.
|
||||
|
||||
let mut read_txn = server.read().await;
|
||||
let mut read_txn = server.read().await.unwrap();
|
||||
|
||||
match read_txn.domain_upgrade_check_7_to_8_oauth2_strict_redirect_uri() {
|
||||
Ok(ProtoDomainUpgradeCheckItem {
|
||||
|
|
@ -1296,7 +1296,7 @@ mod tests {
|
|||
|
||||
// Okay, fix the problem.
|
||||
|
||||
let mut write_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut write_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
write_txn
|
||||
.internal_modify_uuid(
|
||||
|
|
|
|||
|
|
@ -1338,7 +1338,7 @@ impl QueryServer {
|
|||
}
|
||||
|
||||
#[instrument(level = "debug", skip_all)]
|
||||
async fn read_acquire_ticket(&self) -> (SemaphorePermit<'_>, SemaphorePermit<'_>) {
|
||||
async fn read_acquire_ticket(&self) -> Option<(SemaphorePermit<'_>, SemaphorePermit<'_>)> {
|
||||
// Get a read ticket. Basically this forces us to queue with other readers, while preventing
|
||||
// us from competing with writers on the db tickets. This tilts us to write prioritising
|
||||
// on db operations by always making sure a writer can get a db ticket.
|
||||
|
|
@ -1348,11 +1348,22 @@ impl QueryServer {
|
|||
.try_acquire()
|
||||
.expect("unable to acquire db_ticket for qsr")
|
||||
} else {
|
||||
#[allow(clippy::expect_used)]
|
||||
self.read_tickets
|
||||
.acquire()
|
||||
.await
|
||||
.expect("unable to acquire db_ticket for qsr")
|
||||
let fut = tokio::time::timeout(
|
||||
Duration::from_millis(DB_LOCK_ACQUIRE_TIMEOUT_MILLIS),
|
||||
self.read_tickets.acquire(),
|
||||
);
|
||||
|
||||
match fut.await {
|
||||
Ok(Ok(ticket)) => ticket,
|
||||
Ok(Err(_)) => {
|
||||
error!("Failed to acquire read ticket, may be poisoned.");
|
||||
return None;
|
||||
}
|
||||
Err(_) => {
|
||||
error!("Failed to acquire read ticket, server is overloaded.");
|
||||
return None;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// We need to ensure a db conn will be available. At this point either a db ticket
|
||||
|
|
@ -1372,11 +1383,14 @@ impl QueryServer {
|
|||
.expect("unable to acquire db_ticket for qsr")
|
||||
};
|
||||
|
||||
(read_ticket, db_ticket)
|
||||
Some((read_ticket, db_ticket))
|
||||
}
|
||||
|
||||
pub async fn read(&self) -> QueryServerReadTransaction<'_> {
|
||||
let (read_ticket, db_ticket) = self.read_acquire_ticket().await;
|
||||
pub async fn read(&self) -> Result<QueryServerReadTransaction<'_>, OperationError> {
|
||||
let (read_ticket, db_ticket) = self
|
||||
.read_acquire_ticket()
|
||||
.await
|
||||
.ok_or(OperationError::DatabaseLockAcquisitionTimeout)?;
|
||||
// Point of no return - we now have a DB thread AND the read ticket, we MUST complete
|
||||
// as soon as possible! The following locks and elements below are SYNCHRONOUS but
|
||||
// will never be contented at this point, and will always progress.
|
||||
|
|
@ -1388,8 +1402,7 @@ impl QueryServer {
|
|||
.sub_secs(CHANGELOG_MAX_AGE)
|
||||
.expect("unable to generate trim cid");
|
||||
|
||||
#[allow(clippy::expect_used)]
|
||||
QueryServerReadTransaction {
|
||||
Ok(QueryServerReadTransaction {
|
||||
be_txn: self
|
||||
.be
|
||||
.read()
|
||||
|
|
@ -1403,11 +1416,11 @@ impl QueryServer {
|
|||
_read_ticket: read_ticket,
|
||||
resolve_filter_cache: self.resolve_filter_cache.read(),
|
||||
trim_cid,
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
#[instrument(level = "debug", skip_all)]
|
||||
async fn write_acquire_ticket(&self) -> (SemaphorePermit<'_>, SemaphorePermit<'_>) {
|
||||
async fn write_acquire_ticket(&self) -> Option<(SemaphorePermit<'_>, SemaphorePermit<'_>)> {
|
||||
// Guarantee we are the only writer on the thread pool
|
||||
#[allow(clippy::expect_used)]
|
||||
let write_ticket = if cfg!(test) {
|
||||
|
|
@ -1415,10 +1428,22 @@ impl QueryServer {
|
|||
.try_acquire()
|
||||
.expect("unable to acquire writer_ticket for qsw")
|
||||
} else {
|
||||
self.write_ticket
|
||||
.acquire()
|
||||
.await
|
||||
.expect("unable to acquire writer_ticket for qsw")
|
||||
let fut = tokio::time::timeout(
|
||||
Duration::from_millis(DB_LOCK_ACQUIRE_TIMEOUT_MILLIS),
|
||||
self.write_ticket.acquire(),
|
||||
);
|
||||
|
||||
match fut.await {
|
||||
Ok(Ok(ticket)) => ticket,
|
||||
Ok(Err(_)) => {
|
||||
error!("Failed to acquire write ticket, may be poisoned.");
|
||||
return None;
|
||||
}
|
||||
Err(_) => {
|
||||
error!("Failed to acquire write ticket, server is overloaded.");
|
||||
return None;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// We need to ensure a db conn will be available. At this point either a db ticket
|
||||
|
|
@ -1437,21 +1462,23 @@ impl QueryServer {
|
|||
.expect("unable to acquire db_ticket for qsw")
|
||||
};
|
||||
|
||||
(write_ticket, db_ticket)
|
||||
Some((write_ticket, db_ticket))
|
||||
}
|
||||
|
||||
pub async fn write(&self, curtime: Duration) -> QueryServerWriteTransaction<'_> {
|
||||
let (write_ticket, db_ticket) = self.write_acquire_ticket().await;
|
||||
pub async fn write(
|
||||
&self,
|
||||
curtime: Duration,
|
||||
) -> Result<QueryServerWriteTransaction<'_>, OperationError> {
|
||||
let (write_ticket, db_ticket) = self
|
||||
.write_acquire_ticket()
|
||||
.await
|
||||
.ok_or(OperationError::DatabaseLockAcquisitionTimeout)?;
|
||||
|
||||
// Point of no return - we now have a DB thread AND the write ticket, we MUST complete
|
||||
// as soon as possible! The following locks and elements below are SYNCHRONOUS but
|
||||
// will never be contented at this point, and will always progress.
|
||||
|
||||
#[allow(clippy::expect_used)]
|
||||
let be_txn = self
|
||||
.be
|
||||
.write()
|
||||
.expect("unable to create backend write transaction");
|
||||
let be_txn = self.be.write()?;
|
||||
|
||||
let schema_write = self.schema.write();
|
||||
let d_info = self.d_info.write();
|
||||
|
|
@ -1467,7 +1494,7 @@ impl QueryServer {
|
|||
.sub_secs(CHANGELOG_MAX_AGE)
|
||||
.expect("unable to generate trim cid");
|
||||
|
||||
QueryServerWriteTransaction {
|
||||
Ok(QueryServerWriteTransaction {
|
||||
// I think this is *not* needed, because commit is mut self which should
|
||||
// take ownership of the value, and cause the commit to "only be run
|
||||
// once".
|
||||
|
|
@ -1491,20 +1518,22 @@ impl QueryServer {
|
|||
resolve_filter_cache: self.resolve_filter_cache.read(),
|
||||
dyngroup_cache: self.dyngroup_cache.write(),
|
||||
key_providers: self.key_providers.write(),
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
#[cfg(any(test, debug_assertions))]
|
||||
pub async fn clear_cache(&self) -> Result<(), OperationError> {
|
||||
let ct = duration_from_epoch_now();
|
||||
let mut w_txn = self.write(ct).await;
|
||||
let mut w_txn = self.write(ct).await?;
|
||||
w_txn.clear_cache()?;
|
||||
w_txn.commit()
|
||||
}
|
||||
|
||||
pub async fn verify(&self) -> Vec<Result<(), ConsistencyError>> {
|
||||
let mut r_txn = self.read().await;
|
||||
r_txn.verify()
|
||||
match self.read().await {
|
||||
Ok(mut r_txn) => r_txn.verify(),
|
||||
Err(_) => vec![Err(ConsistencyError::Unknown)],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -2190,7 +2219,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_name_to_uuid(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let t_uuid = Uuid::new_v4();
|
||||
assert!(server_txn
|
||||
|
|
@ -2227,7 +2256,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_external_id_to_uuid(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let t_uuid = Uuid::new_v4();
|
||||
assert!(server_txn
|
||||
|
|
@ -2258,7 +2287,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_uuid_to_spn(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -2291,7 +2320,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_uuid_to_rdn(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -2324,7 +2353,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_clone_value(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
(Attribute::Class, EntryClass::Account.to_value()),
|
||||
|
|
@ -2388,7 +2417,7 @@ mod tests {
|
|||
(Attribute::Description, Value::new_utf8s("Test Class")),
|
||||
(Attribute::May, Attribute::Name.to_value())
|
||||
);
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Add a new class.
|
||||
let ce_class = CreateEvent::new_internal(vec![e_cd.clone()]);
|
||||
assert!(server_txn.create(&ce_class).is_ok());
|
||||
|
|
@ -2400,7 +2429,7 @@ mod tests {
|
|||
server_txn.commit().expect("should not fail");
|
||||
|
||||
// Start a new write
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Add the class to an object
|
||||
// should work
|
||||
let ce_work = CreateEvent::new_internal(vec![e1.clone()]);
|
||||
|
|
@ -2410,7 +2439,7 @@ mod tests {
|
|||
server_txn.commit().expect("should not fail");
|
||||
|
||||
// Start a new write
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// delete the class
|
||||
let de_class = DeleteEvent::new_internal_invalid(filter!(f_eq(
|
||||
Attribute::ClassName,
|
||||
|
|
@ -2421,7 +2450,7 @@ mod tests {
|
|||
server_txn.commit().expect("should not fail");
|
||||
|
||||
// Start a new write
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Trying to add now should fail
|
||||
let ce_fail = CreateEvent::new_internal(vec![e1.clone()]);
|
||||
assert!(server_txn.create(&ce_fail).is_err());
|
||||
|
|
@ -2467,7 +2496,7 @@ mod tests {
|
|||
)
|
||||
);
|
||||
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Add a new attribute.
|
||||
let ce_attr = CreateEvent::new_internal(vec![e_ad.clone()]);
|
||||
assert!(server_txn.create(&ce_attr).is_ok());
|
||||
|
|
@ -2479,7 +2508,7 @@ mod tests {
|
|||
server_txn.commit().expect("should not fail");
|
||||
|
||||
// Start a new write
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Add the attr to an object
|
||||
// should work
|
||||
let ce_work = CreateEvent::new_internal(vec![e1.clone()]);
|
||||
|
|
@ -2489,7 +2518,7 @@ mod tests {
|
|||
server_txn.commit().expect("should not fail");
|
||||
|
||||
// Start a new write
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// delete the attr
|
||||
let de_attr = DeleteEvent::new_internal_invalid(filter!(f_eq(
|
||||
Attribute::AttributeName,
|
||||
|
|
@ -2500,7 +2529,7 @@ mod tests {
|
|||
server_txn.commit().expect("should not fail");
|
||||
|
||||
// Start a new write
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Trying to add now should fail
|
||||
let ce_fail = CreateEvent::new_internal(vec![e1.clone()]);
|
||||
assert!(server_txn.create(&ce_fail).is_err());
|
||||
|
|
|
|||
|
|
@ -554,7 +554,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_modify(server: &QueryServer) {
|
||||
// Create an object
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -676,7 +676,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_modify_assert(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let t_uuid = Uuid::new_v4();
|
||||
let r_uuid = Uuid::new_v4();
|
||||
|
|
@ -716,7 +716,7 @@ mod tests {
|
|||
async fn test_modify_invalid_class(server: &QueryServer) {
|
||||
// Test modifying an entry and adding an extra class, that would cause the entry
|
||||
// to no longer conform to schema.
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -804,7 +804,7 @@ mod tests {
|
|||
(Attribute::Description, Value::new_utf8s("testperson1")),
|
||||
(Attribute::DisplayName, Value::new_utf8s("testperson1"))
|
||||
);
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
// Add the entry. Today we have no syntax to take simple str to a credential
|
||||
// but honestly, that's probably okay :)
|
||||
let ce = CreateEvent::new_internal(vec![e1]);
|
||||
|
|
|
|||
|
|
@ -255,7 +255,7 @@ mod tests {
|
|||
let time_p1 = duration_from_epoch_now();
|
||||
let time_p2 = time_p1 + Duration::from_secs(RECYCLEBIN_MAX_AGE * 2);
|
||||
|
||||
let mut server_txn = server.write(time_p1).await;
|
||||
let mut server_txn = server.write(time_p1).await.unwrap();
|
||||
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
|
||||
|
||||
let filt_i_rc = filter_all!(f_eq(Attribute::Class, EntryClass::Recycled.into()));
|
||||
|
|
@ -364,7 +364,7 @@ mod tests {
|
|||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
// Now, establish enough time for the recycled items to be purged.
|
||||
let mut server_txn = server.write(time_p2).await;
|
||||
let mut server_txn = server.write(time_p2).await.unwrap();
|
||||
|
||||
// purge to tombstone, now that time has passed.
|
||||
assert!(server_txn.purge_recycled().is_ok());
|
||||
|
|
@ -394,7 +394,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_qs_recycle_advanced(server: &QueryServer) {
|
||||
// Create items
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
|
||||
|
||||
let e1 = entry_init!(
|
||||
|
|
@ -435,7 +435,7 @@ mod tests {
|
|||
|
||||
#[qs_test]
|
||||
async fn test_uuid_to_star_recycle(server: &QueryServer) {
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
|
||||
let e1 = entry_init!(
|
||||
(Attribute::Class, EntryClass::Object.to_value()),
|
||||
|
|
@ -513,7 +513,7 @@ mod tests {
|
|||
let time_p3 = time_p2 + Duration::from_secs(CHANGELOG_MAX_AGE * 2);
|
||||
|
||||
trace!("test_tombstone_start");
|
||||
let mut server_txn = server.write(time_p1).await;
|
||||
let mut server_txn = server.write(time_p1).await.unwrap();
|
||||
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
|
||||
|
||||
let filt_i_ts = filter_all!(f_eq(Attribute::Class, EntryClass::Tombstone.into()));
|
||||
|
|
@ -560,7 +560,7 @@ mod tests {
|
|||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
// Now, establish enough time for the recycled items to be purged.
|
||||
let mut server_txn = server.write(time_p2).await;
|
||||
let mut server_txn = server.write(time_p2).await.unwrap();
|
||||
assert!(server_txn.purge_recycled().is_ok());
|
||||
|
||||
// Now test the tombstone properties.
|
||||
|
|
@ -596,7 +596,7 @@ mod tests {
|
|||
assert!(server_txn.commit().is_ok());
|
||||
|
||||
// New txn, push the cid forward.
|
||||
let mut server_txn = server.write(time_p3).await;
|
||||
let mut server_txn = server.write(time_p3).await.unwrap();
|
||||
|
||||
// Now purge
|
||||
assert!(server_txn.purge_tombstones().is_ok());
|
||||
|
|
@ -665,7 +665,7 @@ mod tests {
|
|||
#[qs_test]
|
||||
async fn test_revive_advanced_directmemberships(server: &QueryServer) {
|
||||
// Create items
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await;
|
||||
let mut server_txn = server.write(duration_from_epoch_now()).await.unwrap();
|
||||
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
|
||||
|
||||
// Right need a user in a direct group.
|
||||
|
|
|
|||
Loading…
Reference in a new issue