OAuth2 Token Type (#3008)

* fix(OAuth2): Invalid `token_type` for token introspection
Fixes #3005

* fix(aut): `assert_eq` instead of `assert ==`

* fix(OAuth2): IANA registry access token types

* fix(OAuth2): deserialize case insensitively

proto/src/internal/credupdate.rs

@@ -419,7 +419,7 @@ mod tests {
             digits: 6,
         };
         let s = totp.to_uri();
-        assert!(s == "otpauth://totp/blackhats:william?secret=VK54ZXI&issuer=blackhats&algorithm=SHA256&digits=6&period=30");
+        assert_eq!(s,"otpauth://totp/blackhats:william?secret=VK54ZXI&issuer=blackhats&algorithm=SHA256&digits=6&period=30");
 
         // check that invalid issuer/accounts are cleaned up.
         let totp = TotpSecret {
@@ -432,6 +432,6 @@ mod tests {
         };
         let s = totp.to_uri();
         println!("{}", s);
-        assert!(s == "otpauth://totp/blackhats%20australia:william%3A%253A?secret=VK54ZXI&issuer=blackhats%20australia&algorithm=SHA256&digits=6&period=30");
+        assert_eq!(s,"otpauth://totp/blackhats%20australia:william%3A%253A?secret=VK54ZXI&issuer=blackhats%20australia&algorithm=SHA256&digits=6&period=30");
     }
 }

proto/src/oauth2.rs

@@ -173,7 +173,7 @@ pub struct OAuth2RFC9068TokenExtensions {
 #[derive(Serialize, Deserialize, Debug)]
 pub struct AccessTokenResponse {
     pub access_token: String,
-    pub token_type: String,
+    pub token_type: AccessTokenType,
     /// Expiration relative to `now` in seconds.
     pub expires_in: u32,
     pub refresh_token: Option<String>,
@@ -184,6 +184,31 @@ pub struct AccessTokenResponse {
     pub id_token: Option<String>,
 }
 
+/// Access token types, per [IANA Registry - OAuth Access Token Types](https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-types)
+#[derive(Serialize, Deserialize, Debug, Eq, PartialEq)]
+#[serde(try_from = "&str")]
+pub enum AccessTokenType {
+    Bearer,
+    PoP,
+    #[serde(rename = "N_A")]
+    NA,
+    DPoP,
+}
+
+impl TryFrom<&str> for AccessTokenType {
+    type Error = String;
+
+    fn try_from(s: &str) -> Result<Self, Self::Error> {
+        match s.to_lowercase().as_str() {
+            "bearer" => Ok(AccessTokenType::Bearer),
+            "pop" => Ok(AccessTokenType::PoP),
+            "n_a" => Ok(AccessTokenType::NA),
+            "dpop" => Ok(AccessTokenType::DPoP),
+            _ => Err(format!("Unknown AccessTokenType: {}", s)),
+        }
+    }
+}
+
 /// Request revocation of an Access or Refresh token. On success the response is OK 200
 /// with no body.
 #[skip_serializing_none]
@@ -214,7 +239,7 @@ pub struct AccessTokenIntrospectResponse {
     pub scope: Option<String>,
     pub client_id: Option<String>,
     pub username: Option<String>,
-    pub token_type: Option<String>,
+    pub token_type: Option<AccessTokenType>,
     pub exp: Option<i64>,
     pub iat: Option<i64>,
     pub nbf: Option<i64>,
@@ -479,4 +504,24 @@ mod tests {
 
         println!("{:?}", serde_json::to_string(&atr).expect("JSON failure"));
     }
+
+    #[test]
+    fn test_oauth2_access_token_type_serde() {
+        for testcase in ["bearer", "Bearer", "BeArEr"] {
+            let at: super::AccessTokenType =
+                serde_json::from_str(&format!("\"{}\"", testcase)).expect("Failed to parse");
+            assert_eq!(at, super::AccessTokenType::Bearer);
+        }
+
+        for testcase in ["dpop", "dPoP", "DPOP", "DPoP"] {
+            let at: super::AccessTokenType =
+                serde_json::from_str(&format!("\"{}\"", testcase)).expect("Failed to parse");
+            assert_eq!(at, super::AccessTokenType::DPoP);
+        }
+
+        for testcase in ["cheese"] {
+            let at = serde_json::from_str::<super::AccessTokenType>(&format!("\"{}\"", testcase));
+            assert!(at.is_err())
+        }
+    }
 }

server/core/src/repl/codec.rs

@@ -211,7 +211,7 @@ mod tests {
         // Length header reports a zero size request.
         let zero = [0, 0, 0, 0];
         buf.extend_from_slice(&zero);
-        assert!(buf.len() == 8);
+        assert_eq!(buf.len(), 8);
         assert!(consumer_codec.decode(&mut buf).is_err());
 
         // Clear buffer - setup a request with a length > allowed max.
@@ -221,7 +221,7 @@ mod tests {
 
         // Even though the buf len is only 8, this will error as the overall
         // request will be too large.
-        assert!(buf.len() == 8);
+        assert_eq!(buf.len(), 8);
         assert!(consumer_codec.decode(&mut buf).is_err());
 
         // Assert that we request more data on a validly sized req
@@ -230,7 +230,7 @@ mod tests {
         buf.extend_from_slice(&len_bytes);
         // Pad in some extra bytes.
         buf.extend_from_slice(&zero);
-        assert!(buf.len() == 12);
+        assert_eq!(buf.len(), 12);
         assert!(matches!(consumer_codec.decode(&mut buf), Ok(None)));
 
         // Make a request that is correctly sized.

server/core/src/repl/mod.rs

@@ -731,7 +731,7 @@ async fn repl_acceptor(
                     ));
 
                     task_handles.push_back(handle);
-                    debug_assert!(task_handles.len() == task_tx.receiver_count());
+                    debug_assert_eq!(task_handles.len(), task_tx.receiver_count());
                 }
                 RepNodeConfig::AllowPull { consumer_cert: _ } => {}
             };

server/lib-macros/src/entry.rs

@@ -152,7 +152,7 @@ pub(crate) fn qs_test(args: TokenStream, item: TokenStream) -> TokenStream {
                 // Make sure there are no errors.
                 let verifications = test_server.verify().await;
                 trace!("Verification result: {:?}", verifications);
-                assert!(verifications.len() == 0);
+                assert_eq!(verifications.len(),0);
             };
             #[allow(clippy::expect_used, clippy::diverging_sub_expression)]
             {
@@ -351,7 +351,7 @@ pub(crate) fn idm_test(args: &TokenStream, item: TokenStream) -> TokenStream {
                 let mut idm_read_txn = test_server.proxy_read().await.unwrap();
                 let verifications = idm_read_txn.qs_read.verify();
                 trace!("Verification result: {:?}", verifications);
-                assert!(verifications.len() == 0);
+                assert_eq!(verifications.len(),0);
 
                 idms_delayed.check_is_empty_or_panic();
                 idms_audit.check_is_empty_or_panic();

server/lib/src/be/dbvalue.rs

@@ -951,6 +951,6 @@ mod tests {
 
         let _e_dbcred: Vec<DbCred> = serde_json::from_str(&json).unwrap();
 
-        // assert!(dbcred == e_dbcred);
+        // assert_eq!(dbcred,e_dbcred);
     }
 }

server/lib/src/be/idl_sqlite.rs

@@ -1741,7 +1741,7 @@ impl IdlSqliteWriteTransaction {
 impl IdlSqlite {
     pub fn new(cfg: &BackendConfig, vacuum: bool) -> Result<Self, OperationError> {
         if cfg.path.is_empty() {
-            debug_assert!(cfg.pool_size == 1);
+            debug_assert_eq!(cfg.pool_size, 1);
         }
         // If provided, set the page size to match the tuning we want. By default we use 4096. The VACUUM
         // immediately after is so that on db create the page size takes effect.

server/lib/src/be/mod.rs

@@ -1164,7 +1164,7 @@ impl<'a> BackendWriteTransaction<'a> {
             return Err(OperationError::EmptyRequest);
         }
 
-        assert!(post_entries.len() == pre_entries.len());
+        assert_eq!(post_entries.len(), pre_entries.len());
 
         let post_entries_iter = post_entries.iter().filter(|e| {
             trace!(?cid);
@@ -1464,7 +1464,7 @@ impl<'a> BackendWriteTransaction<'a> {
             }
             (Some(pre), Some(post)) => {
                 trace!("Attempting to modify entry indexes");
-                assert!(pre.get_id() == post.get_id());
+                assert_eq!(pre.get_id(), post.get_id());
                 (
                     post.get_uuid(),
                     post.get_id(),
@@ -2689,11 +2689,11 @@ mod tests {
         run_test!(|be: &mut BackendWriteTransaction| {
             let sid1 = be.get_db_s_uuid().unwrap();
             let sid2 = be.get_db_s_uuid().unwrap();
-            assert!(sid1 == sid2);
+            assert_eq!(sid1, sid2);
             let sid3 = be.reset_db_s_uuid().unwrap();
             assert!(sid1 != sid3);
             let sid4 = be.get_db_s_uuid().unwrap();
-            assert!(sid3 == sid4);
+            assert_eq!(sid3, sid4);
         });
     }
 
@@ -2702,7 +2702,7 @@ mod tests {
         run_test!(|be: &mut BackendWriteTransaction| {
             // Add some test data?
             let missing = be.missing_idxs().unwrap();
-            assert!(missing.len() == 7);
+            assert_eq!(missing.len(), 7);
             assert!(be.reindex().is_ok());
             let missing = be.missing_idxs().unwrap();
             debug!("{:?}", missing);
@@ -2736,7 +2736,7 @@ mod tests {
             be.danger_purge_idxs().unwrap();
             // Check they are gone
             let missing = be.missing_idxs().unwrap();
-            assert!(missing.len() == 7);
+            assert_eq!(missing.len(), 7);
             assert!(be.reindex().is_ok());
             let missing = be.missing_idxs().unwrap();
             debug!("{:?}", missing);
@@ -2852,15 +2852,30 @@ mod tests {
             let claire_uuid = uuid!("bd651620-00dd-426b-aaa0-4494f7b7906f");
             let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
 
-            assert!(be.name2uuid("claire") == Ok(Some(claire_uuid)));
-            assert!(be.name2uuid("william") == Ok(Some(william_uuid)));
-            assert!(be.name2uuid("db237e8a-0079-4b8c-8a56-593b22aa44d1") == Ok(None));
+            assert_eq!(be.name2uuid("claire"), Ok(Some(claire_uuid)));
+            assert_eq!(be.name2uuid("william"), Ok(Some(william_uuid)));
+            assert_eq!(
+                be.name2uuid("db237e8a-0079-4b8c-8a56-593b22aa44d1"),
+                Ok(None)
+            );
             // check uuid2spn
-            assert!(be.uuid2spn(claire_uuid) == Ok(Some(Value::new_iname("claire"))));
-            assert!(be.uuid2spn(william_uuid) == Ok(Some(Value::new_iname("william"))));
+            assert_eq!(
+                be.uuid2spn(claire_uuid),
+                Ok(Some(Value::new_iname("claire")))
+            );
+            assert_eq!(
+                be.uuid2spn(william_uuid),
+                Ok(Some(Value::new_iname("william")))
+            );
             // check uuid2rdn
-            assert!(be.uuid2rdn(claire_uuid) == Ok(Some("name=claire".to_string())));
-            assert!(be.uuid2rdn(william_uuid) == Ok(Some("name=william".to_string())));
+            assert_eq!(
+                be.uuid2rdn(claire_uuid),
+                Ok(Some("name=claire".to_string()))
+            );
+            assert_eq!(
+                be.uuid2rdn(william_uuid),
+                Ok(Some("name=william".to_string()))
+            );
         });
     }
 
@@ -2916,9 +2931,12 @@ mod tests {
             );
 
             let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
-            assert!(be.name2uuid("william") == Ok(Some(william_uuid)));
-            assert!(be.uuid2spn(william_uuid) == Ok(Some(Value::from("william"))));
-            assert!(be.uuid2rdn(william_uuid) == Ok(Some("name=william".to_string())));
+            assert_eq!(be.name2uuid("william"), Ok(Some(william_uuid)));
+            assert_eq!(be.uuid2spn(william_uuid), Ok(Some(Value::from("william"))));
+            assert_eq!(
+                be.uuid2rdn(william_uuid),
+                Ok(Some("name=william".to_string()))
+            );
 
             // == Now we reap_tombstones, and assert we removed the items.
             let e1_ts = e1.to_tombstone(CID_ONE.clone()).into_sealed_committed();
@@ -2957,9 +2975,9 @@ mod tests {
                 Some(Vec::with_capacity(0))
             );
 
-            assert!(be.name2uuid("william") == Ok(None));
-            assert!(be.uuid2spn(william_uuid) == Ok(None));
-            assert!(be.uuid2rdn(william_uuid) == Ok(None));
+            assert_eq!(be.name2uuid("william"), Ok(None));
+            assert_eq!(be.uuid2spn(william_uuid), Ok(None));
+            assert_eq!(be.uuid2rdn(william_uuid), Ok(None));
         })
     }
 
@@ -3043,19 +3061,25 @@ mod tests {
             let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
             let lucy_uuid = uuid!("7b23c99d-c06b-4a9a-a958-3afa56383e1d");
 
-            assert!(be.name2uuid("claire") == Ok(Some(claire_uuid)));
+            assert_eq!(be.name2uuid("claire"), Ok(Some(claire_uuid)));
             let x = be.uuid2spn(claire_uuid);
             trace!(?x);
-            assert!(be.uuid2spn(claire_uuid) == Ok(Some(Value::new_iname("claire"))));
-            assert!(be.uuid2rdn(claire_uuid) == Ok(Some("name=claire".to_string())));
+            assert_eq!(
+                be.uuid2spn(claire_uuid),
+                Ok(Some(Value::new_iname("claire")))
+            );
+            assert_eq!(
+                be.uuid2rdn(claire_uuid),
+                Ok(Some("name=claire".to_string()))
+            );
 
-            assert!(be.name2uuid("william") == Ok(None));
-            assert!(be.uuid2spn(william_uuid) == Ok(None));
-            assert!(be.uuid2rdn(william_uuid) == Ok(None));
+            assert_eq!(be.name2uuid("william"), Ok(None));
+            assert_eq!(be.uuid2spn(william_uuid), Ok(None));
+            assert_eq!(be.uuid2rdn(william_uuid), Ok(None));
 
-            assert!(be.name2uuid("lucy") == Ok(None));
-            assert!(be.uuid2spn(lucy_uuid) == Ok(None));
-            assert!(be.uuid2rdn(lucy_uuid) == Ok(None));
+            assert_eq!(be.name2uuid("lucy"), Ok(None));
+            assert_eq!(be.uuid2spn(lucy_uuid), Ok(None));
+            assert_eq!(be.uuid2rdn(lucy_uuid), Ok(None));
         })
     }
 
@@ -3125,10 +3149,16 @@ mod tests {
             );
 
             let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
-            assert!(be.name2uuid("william") == Ok(None));
-            assert!(be.name2uuid("claire") == Ok(Some(william_uuid)));
-            assert!(be.uuid2spn(william_uuid) == Ok(Some(Value::new_iname("claire"))));
-            assert!(be.uuid2rdn(william_uuid) == Ok(Some("name=claire".to_string())));
+            assert_eq!(be.name2uuid("william"), Ok(None));
+            assert_eq!(be.name2uuid("claire"), Ok(Some(william_uuid)));
+            assert_eq!(
+                be.uuid2spn(william_uuid),
+                Ok(Some(Value::new_iname("claire")))
+            );
+            assert_eq!(
+                be.uuid2rdn(william_uuid),
+                Ok(Some("name=claire".to_string()))
+            );
         })
     }
 
@@ -3210,12 +3240,18 @@ mod tests {
 
             let claire_uuid = uuid!("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8");
             let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
-            assert!(be.name2uuid("william") == Ok(None));
-            assert!(be.name2uuid("claire") == Ok(Some(claire_uuid)));
-            assert!(be.uuid2spn(william_uuid) == Ok(None));
-            assert!(be.uuid2rdn(william_uuid) == Ok(None));
-            assert!(be.uuid2spn(claire_uuid) == Ok(Some(Value::new_iname("claire"))));
-            assert!(be.uuid2rdn(claire_uuid) == Ok(Some("name=claire".to_string())));
+            assert_eq!(be.name2uuid("william"), Ok(None));
+            assert_eq!(be.name2uuid("claire"), Ok(Some(claire_uuid)));
+            assert_eq!(be.uuid2spn(william_uuid), Ok(None));
+            assert_eq!(be.uuid2rdn(william_uuid), Ok(None));
+            assert_eq!(
+                be.uuid2spn(claire_uuid),
+                Ok(Some(Value::new_iname("claire")))
+            );
+            assert_eq!(
+                be.uuid2rdn(claire_uuid),
+                Ok(Some("name=claire".to_string()))
+            );
         })
     }
 
@@ -3262,7 +3298,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(feq.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => {
                     panic!("");
@@ -3282,7 +3318,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_in_and.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => {
                     panic!("");
@@ -3303,7 +3339,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_p1.to_inner(), 0).unwrap();
             match r {
                 IdList::Partial(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => unreachable!(),
             }
@@ -3311,7 +3347,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_p2.to_inner(), 0).unwrap();
             match r {
                 IdList::Partial(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => unreachable!(),
             }
@@ -3323,7 +3359,7 @@ mod tests {
             trace!(?r, ?plan);
             match r {
                 IdList::Partial(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => unreachable!(),
             }
@@ -3351,7 +3387,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_in_or.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => {
                     panic!("");
@@ -3380,7 +3416,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_r_andnot.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0)));
+                    assert_eq!(idl, IDLBitRange::from_iter(Vec::with_capacity(0)));
                 }
                 _ => {
                     panic!("");
@@ -3396,7 +3432,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_and_andnot.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0)));
+                    assert_eq!(idl, IDLBitRange::from_iter(Vec::with_capacity(0)));
                 }
                 _ => {
                     panic!("");
@@ -3411,7 +3447,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_or_andnot.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(Vec::with_capacity(0)));
+                    assert_eq!(idl, IDLBitRange::from_iter(Vec::with_capacity(0)));
                 }
                 _ => {
                     panic!("");
@@ -3428,7 +3464,7 @@ mod tests {
             match r {
                 IdList::Indexed(idl) => {
                     debug!("{:?}", idl);
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => {
                     panic!("");
@@ -3443,7 +3479,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_and_andnot.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![1]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![1]));
                 }
                 _ => {
                     panic!("");
@@ -3482,7 +3518,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_e_or.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![]));
                 }
                 _ => {
                     panic!("");
@@ -3494,7 +3530,7 @@ mod tests {
             let (r, _plan) = be.filter2idl(f_e_and.to_inner(), 0).unwrap();
             match r {
                 IdList::Indexed(idl) => {
-                    assert!(idl == IDLBitRange::from_iter(vec![]));
+                    assert_eq!(idl, IDLBitRange::from_iter(vec![]));
                 }
                 _ => {
                     panic!("");
@@ -3658,9 +3694,9 @@ mod tests {
 
             // check deny on allids
             let res = be.search(&lim_deny_allids, &filt);
-            assert!(res == Err(OperationError::ResourceLimit));
+            assert_eq!(res, Err(OperationError::ResourceLimit));
             let res = be.exists(&lim_deny_allids, &filt);
-            assert!(res == Err(OperationError::ResourceLimit));
+            assert_eq!(res, Err(OperationError::ResourceLimit));
         })
     }
 
@@ -3698,7 +3734,7 @@ mod tests {
 
             // check deny on entry max
             let res = be.search(&lim_deny, &filt);
-            assert!(res == Err(OperationError::ResourceLimit));
+            assert_eq!(res, Err(OperationError::ResourceLimit));
             // we don't limit on exists because we never load the entries.
             let res = be.exists(&lim_deny, &filt);
             assert!(res.is_ok());
@@ -3706,7 +3742,7 @@ mod tests {
             // --> This will shortcut due to indexing.
             assert!(be.reindex().is_ok());
             let res = be.search(&lim_deny, &filt);
-            assert!(res == Err(OperationError::ResourceLimit));
+            assert_eq!(res, Err(OperationError::ResourceLimit));
             // we don't limit on exists because we never load the entries.
             let res = be.exists(&lim_deny, &filt);
             assert!(res.is_ok());
@@ -3775,10 +3811,10 @@ mod tests {
 
             // check deny on entry max
             let res = be.search(&lim_deny, &filt);
-            assert!(res == Err(OperationError::ResourceLimit));
+            assert_eq!(res, Err(OperationError::ResourceLimit));
             // we don't limit on exists because we never load the entries.
             let res = be.exists(&lim_deny, &filt);
-            assert!(res == Err(OperationError::ResourceLimit));
+            assert_eq!(res, Err(OperationError::ResourceLimit));
         })
     }
 

server/lib/src/constants/entries.rs

@@ -20,8 +20,8 @@ use uuid::Uuid;
 
 #[test]
 fn test_valueattribute_as_str() {
-    assert!(Attribute::Class.as_ref() == "class");
-    assert!(Attribute::Class.to_string() == *"class");
+    assert_eq!(Attribute::Class.as_ref(), "class");
+    assert_eq!(Attribute::Class.to_string(), *"class");
 }
 
 #[test]
@@ -32,7 +32,7 @@ fn test_valueattribute_round_trip() {
     for attr in the_list {
         let s: &'static str = attr.into();
         let attr2 = Attribute::try_from(s).unwrap();
-        assert!(attr == attr2);
+        assert_eq!(attr, attr2);
     }
 }
 

server/lib/src/credential/softlock.rs

@@ -277,7 +277,10 @@ mod tests {
         let ct4 = ct2 + Duration::from_secs(2);
         slock2.apply_time_step(ct4);
         eprintln!("{:?}", slock2.peek_state());
-        assert!(slock2.peek_state() == &LockState::Unlocked(2, Duration::from_secs(ONEDAY)));
+        assert_eq!(
+            slock2.peek_state(),
+            &LockState::Unlocked(2, Duration::from_secs(ONEDAY))
+        );
         slock2.apply_time_step(ct3);
         assert!(slock2.is_state_init());
         assert!(slock2.is_valid());

server/lib/src/credential/totp.rs

@@ -289,11 +289,11 @@ mod tests {
     #[test]
     fn hotp_basic() {
         let otp_sha1 = Totp::new(vec![0], 30, TotpAlgo::Sha1, TotpDigits::Six);
-        assert!(otp_sha1.digest(0) == Ok(328482));
+        assert_eq!(otp_sha1.digest(0), Ok(328482));
         let otp_sha256 = Totp::new(vec![0], 30, TotpAlgo::Sha256, TotpDigits::Six);
-        assert!(otp_sha256.digest(0) == Ok(356306));
+        assert_eq!(otp_sha256.digest(0), Ok(356306));
         let otp_sha512 = Totp::new(vec![0], 30, TotpAlgo::Sha512, TotpDigits::Six);
-        assert!(otp_sha512.digest(0) == Ok(674061));
+        assert_eq!(otp_sha512.digest(0), Ok(674061));
     }
 
     fn do_test(

server/lib/src/entry.rs

@@ -718,7 +718,7 @@ impl Entry<EntryIncremental, EntryNew> {
 
     pub(crate) fn is_add_conflict(&self, db_entry: &EntrySealedCommitted) -> bool {
         use crate::repl::entry::State;
-        debug_assert!(self.valid.uuid == db_entry.valid.uuid);
+        debug_assert_eq!(self.valid.uuid, db_entry.valid.uuid);
         // This is a conflict if the state 'at' is not identical
         let self_cs = &self.valid.ecstate;
         let db_cs = db_entry.get_changestate();
@@ -739,7 +739,7 @@ impl Entry<EntryIncremental, EntryNew> {
         db_ent: &EntrySealedCommitted,
     ) -> (Option<EntrySealedNew>, EntryIncrementalCommitted) {
         use crate::repl::entry::State;
-        debug_assert!(self.valid.uuid == db_ent.valid.uuid);
+        debug_assert_eq!(self.valid.uuid, db_ent.valid.uuid);
         let self_cs = &self.valid.ecstate;
         let db_cs = db_ent.get_changestate();
 
@@ -867,7 +867,7 @@ impl Entry<EntryIncremental, EntryNew> {
         use crate::repl::entry::State;
 
         // Paranoid check.
-        debug_assert!(self.valid.uuid == db_ent.valid.uuid);
+        debug_assert_eq!(self.valid.uuid, db_ent.valid.uuid);
 
         // First, determine if either side is a tombstone. This is needed so that only
         // when both sides are live
@@ -885,7 +885,7 @@ impl Entry<EntryIncremental, EntryNew> {
                     changes: changes_right,
                 },
             ) => {
-                debug_assert!(at_left == at_right);
+                debug_assert_eq!(at_left, at_right);
                 // Given the current db entry, compare and merge our attributes to
                 // form a resultant entry attr and ecstate
                 //
@@ -1702,7 +1702,7 @@ impl Entry<EntrySealed, EntryCommitted> {
                     .collect()
             }
             (Some(pre_e), Some(post_e)) => {
-                assert!(pre_e.state.id == post_e.state.id);
+                assert_eq!(pre_e.state.id, post_e.state.id);
                 idxmeta
                     .keys()
                     .flat_map(|ikey| {
@@ -3718,7 +3718,7 @@ mod tests {
         // When we do None, None, we get nothing back.
         let r1 = Entry::idx_diff(&idxmeta, None, None);
         eprintln!("{r1:?}");
-        assert!(r1 == Vec::with_capacity(0));
+        assert_eq!(r1, Vec::with_capacity(0));
 
         // Check generating a delete diff
         let mut del_r = Entry::idx_diff(&idxmeta, Some(&e1), None);
@@ -3836,7 +3836,7 @@ mod tests {
     fn test_entry_idx_name2uuid_diff() {
         // none, none,
         let r = Entry::idx_name2uuid_diff(None, None);
-        assert!(r == (None, None));
+        assert_eq!(r, (None, None));
 
         // none, some - test adding an entry gives back add sets
         {

server/lib/src/filter.rs

@@ -1650,7 +1650,7 @@ mod tests {
             debug!("init   --> {:?}", f_init_r);
             debug!("opt    --> {:?}", f_init_o);
             debug!("expect --> {:?}", f_init_e);
-            assert!(f_init_o == f_init_e);
+            assert_eq!(f_init_o, f_init_e);
         }};
     }
 
@@ -1767,14 +1767,14 @@ mod tests {
         let f_t1b = filter!(f_pres(Attribute::UserId));
         let f_t1c = filter!(f_pres(Attribute::NonExist));
 
-        assert!(f_t1a == f_t1b);
+        assert_eq!(f_t1a, f_t1b);
         assert!(f_t1a != f_t1c);
         assert!(f_t1b != f_t1c);
 
         let f_t2a = filter!(f_and!([f_pres(Attribute::UserId)]));
         let f_t2b = filter!(f_and!([f_pres(Attribute::UserId)]));
         let f_t2c = filter!(f_and!([f_pres(Attribute::NonExist)]));
-        assert!(f_t2a == f_t2b);
+        assert_eq!(f_t2a, f_t2b);
         assert!(f_t2a != f_t2c);
         assert!(f_t2b != f_t2c);
 
@@ -1821,14 +1821,14 @@ mod tests {
         let f_t1b = f_t1a.clone();
         let f_t1c = filter_resolved!(f_pres(Attribute::NonExist));
 
-        assert!(f_t1a == f_t1b);
+        assert_eq!(f_t1a, f_t1b);
         assert!(f_t1a != f_t1c);
 
         let f_t2a = filter_resolved!(f_and!([f_pres(Attribute::UserId)]));
         let f_t2b = f_t2a.clone();
         let f_t2c = filter_resolved!(f_and!([f_pres(Attribute::NonExist)]));
 
-        assert!(f_t2a == f_t2b);
+        assert_eq!(f_t2a, f_t2b);
         assert!(f_t2a != f_t2c);
     }
 
@@ -2021,7 +2021,7 @@ mod tests {
             f_eq(Attribute::Class, PartialValue::new_iutf8("1001")),
         ]));
 
-        assert!(f_t1a.get_attr_set() == f_expect);
+        assert_eq!(f_t1a.get_attr_set(), f_expect);
 
         let f_t2a = filter_valid!(f_and!([
             f_eq(Attribute::UserId, PartialValue::new_iutf8("alice")),
@@ -2029,7 +2029,7 @@ mod tests {
             f_eq(Attribute::UserId, PartialValue::new_iutf8("claire")),
         ]));
 
-        assert!(f_t2a.get_attr_set() == f_expect);
+        assert_eq!(f_t2a.get_attr_set(), f_expect);
     }
 
     #[qs_test]
@@ -2106,31 +2106,37 @@ mod tests {
         // Resolving most times should yield expected results
         let t1 = vs_utf8!["teststring".to_string()] as _;
         let r1 = server_txn.resolve_valueset(&t1);
-        assert!(r1 == Ok(vec!["teststring".to_string()]));
+        assert_eq!(r1, Ok(vec!["teststring".to_string()]));
 
         // Resolve UUID with matching spn
         let t_uuid = vs_refer![uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930")] as _;
         let r_uuid = server_txn.resolve_valueset(&t_uuid);
         debug!("{:?}", r_uuid);
-        assert!(r_uuid == Ok(vec!["testperson1@example.com".to_string()]));
+        assert_eq!(r_uuid, Ok(vec!["testperson1@example.com".to_string()]));
 
         // Resolve UUID with matching name
         let t_uuid = vs_refer![uuid!("a67c0c71-0b35-4218-a6b0-22d23d131d27")] as _;
         let r_uuid = server_txn.resolve_valueset(&t_uuid);
         debug!("{:?}", r_uuid);
-        assert!(r_uuid == Ok(vec!["testperson2@example.com".to_string()]));
+        assert_eq!(r_uuid, Ok(vec!["testperson2@example.com".to_string()]));
 
         // Resolve UUID non-exist
         let t_uuid_non = vs_refer![uuid!("b83e98f0-3d2e-41d2-9796-d8d993289c86")] as _;
         let r_uuid_non = server_txn.resolve_valueset(&t_uuid_non);
         debug!("{:?}", r_uuid_non);
-        assert!(r_uuid_non == Ok(vec!["b83e98f0-3d2e-41d2-9796-d8d993289c86".to_string()]));
+        assert_eq!(
+            r_uuid_non,
+            Ok(vec!["b83e98f0-3d2e-41d2-9796-d8d993289c86".to_string()])
+        );
 
         // Resolve UUID to tombstone/recycled (same an non-exst)
         let t_uuid_ts = vs_refer![uuid!("9557f49c-97a5-4277-a9a5-097d17eb8317")] as _;
         let r_uuid_ts = server_txn.resolve_valueset(&t_uuid_ts);
         debug!("{:?}", r_uuid_ts);
-        assert!(r_uuid_ts == Ok(vec!["9557f49c-97a5-4277-a9a5-097d17eb8317".to_string()]));
+        assert_eq!(
+            r_uuid_ts,
+            Ok(vec!["9557f49c-97a5-4277-a9a5-097d17eb8317".to_string()])
+        );
     }
 
     #[qs_test]
@@ -2151,11 +2157,11 @@ mod tests {
 
         // Test proto + read
         let res = Filter::from_ro(&ev, &inv_proto, &mut r_txn);
-        assert!(res == Err(OperationError::ResourceLimit));
+        assert_eq!(res, Err(OperationError::ResourceLimit));
 
         // ldap
         let res = Filter::from_ldap_ro(&ev, &inv_ldap, &mut r_txn);
-        assert!(res == Err(OperationError::ResourceLimit));
+        assert_eq!(res, Err(OperationError::ResourceLimit));
 
         // Can only have one db conn at a time.
         std::mem::drop(r_txn);
@@ -2163,7 +2169,7 @@ mod tests {
         // proto + write
         let mut wr_txn = server.write(duration_from_epoch_now()).await.expect("txn");
         let res = Filter::from_rw(&ev, &inv_proto, &mut wr_txn);
-        assert!(res == Err(OperationError::ResourceLimit));
+        assert_eq!(res, Err(OperationError::ResourceLimit));
     }
 
     #[qs_test]
@@ -2188,11 +2194,11 @@ mod tests {
 
         // Test proto + read
         let res = Filter::from_ro(&ev, &inv_proto, &mut r_txn);
-        assert!(res == Err(OperationError::ResourceLimit));
+        assert_eq!(res, Err(OperationError::ResourceLimit));
 
         // ldap
         let res = Filter::from_ldap_ro(&ev, &inv_ldap, &mut r_txn);
-        assert!(res == Err(OperationError::ResourceLimit));
+        assert_eq!(res, Err(OperationError::ResourceLimit));
 
         // Can only have one db conn at a time.
         std::mem::drop(r_txn);
@@ -2200,6 +2206,6 @@ mod tests {
         // proto + write
         let mut wr_txn = server.write(duration_from_epoch_now()).await.expect("txn");
         let res = Filter::from_rw(&ev, &inv_proto, &mut wr_txn);
-        assert!(res == Err(OperationError::ResourceLimit));
+        assert_eq!(res, Err(OperationError::ResourceLimit));
     }
 }

server/lib/src/idm/account.rs

@@ -1066,7 +1066,7 @@ mod tests {
             .expect("Unable to create uat");
 
         // Check the ui hints are as expected.
-        assert!(uat.ui_hints.len() == 1);
+        assert_eq!(uat.ui_hints.len(), 1);
         assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
 
         // Modify the user to be a posix account, ensure they get the hint.
@@ -1096,7 +1096,7 @@ mod tests {
             )
             .expect("Unable to create uat");
 
-        assert!(uat.ui_hints.len() == 2);
+        assert_eq!(uat.ui_hints.len(), 2);
         assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
         assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));
 
@@ -1129,7 +1129,7 @@ mod tests {
             )
             .expect("Unable to create uat");
 
-        assert!(uat.ui_hints.len() == 3);
+        assert_eq!(uat.ui_hints.len(), 3);
         assert!(uat.ui_hints.contains(&UiHint::PosixAccount));
         assert!(uat.ui_hints.contains(&UiHint::ExperimentalFeatures));
         assert!(uat.ui_hints.contains(&UiHint::CredentialUpdate));

server/lib/src/idm/application.rs

@@ -630,7 +630,7 @@ mod tests {
                 })
                 .expect("Failed to search for account");
 
-            assert!(account.apps_pwds.values().count() == 0);
+            assert_eq!(account.apps_pwds.values().count(), 0);
         }
     }
 
@@ -691,7 +691,7 @@ mod tests {
             .validate_client_auth_info_to_ident(api_token.clone().into(), ct)
             .expect("Unable to verify api token.");
 
-        assert!(ident.get_uuid() == Some(test_entry_uuid));
+        assert_eq!(ident.get_uuid(), Some(test_entry_uuid));
 
         // Check the expiry
         assert!(
@@ -713,7 +713,7 @@ mod tests {
         let ident = idms_prox_write
             .validate_client_auth_info_to_ident(api_token.clone().into(), ct)
             .expect("Unable to verify api token.");
-        assert!(ident.get_uuid() == Some(test_entry_uuid));
+        assert_eq!(ident.get_uuid(), Some(test_entry_uuid));
 
         // Past gracewindow?
         assert!(

server/lib/src/idm/authsession.rs

@@ -1932,7 +1932,7 @@ mod tests {
             &webauthn,
             &pw_badlist_cache,
         ) {
-            Ok(AuthState::Denied(msg)) => assert!(msg == PW_BADLIST_MSG),
+            Ok(AuthState::Denied(msg)) => assert_eq!(msg, PW_BADLIST_MSG),
             _ => panic!(),
         };
 
@@ -2120,7 +2120,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -2144,7 +2144,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -2165,7 +2165,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_TOTP_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_TOTP_MSG),
                 _ => panic!(),
             };
 
@@ -2188,7 +2188,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2199,7 +2199,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_PASSWORD_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_PASSWORD_MSG),
                 _ => panic!(),
             };
 
@@ -2222,7 +2222,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2295,7 +2295,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2306,7 +2306,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == PW_BADLIST_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, PW_BADLIST_MSG),
                 _ => panic!(),
             };
 
@@ -2351,7 +2351,7 @@ mod tests {
                 .expect("Failed to select Passkey mech.");
 
             let wan_chal = if let AuthState::Continue(auth_mechs) = state {
-                assert!(auth_mechs.len() == 1);
+                assert_eq!(auth_mechs.len(), 1);
                 auth_mechs
                     .into_iter()
                     .fold(None, |_acc, x| match x {
@@ -2452,7 +2452,7 @@ mod tests {
                 &webauthn,
                 &Default::default(),
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -2513,7 +2513,7 @@ mod tests {
                 &webauthn,
                 &Default::default(),
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_WEBAUTHN_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_WEBAUTHN_MSG),
                 _ => panic!(),
             };
 
@@ -2561,7 +2561,7 @@ mod tests {
                 &webauthn,
                 &Default::default(),
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_WEBAUTHN_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_WEBAUTHN_MSG),
                 _ => panic!(),
             };
 
@@ -2611,7 +2611,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -2633,7 +2633,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -2665,7 +2665,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_WEBAUTHN_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_WEBAUTHN_MSG),
                 _ => panic!(),
             };
 
@@ -2693,7 +2693,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2704,7 +2704,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_PASSWORD_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_PASSWORD_MSG),
                 _ => panic!(),
             };
 
@@ -2738,7 +2738,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2815,7 +2815,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -2837,7 +2837,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_TOTP_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_TOTP_MSG),
                 _ => panic!(),
             };
 
@@ -2867,7 +2867,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_WEBAUTHN_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_WEBAUTHN_MSG),
                 _ => panic!(),
             };
 
@@ -2895,7 +2895,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2906,7 +2906,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_PASSWORD_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_PASSWORD_MSG),
                 _ => panic!(),
             };
 
@@ -2934,7 +2934,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -2945,7 +2945,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_PASSWORD_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_PASSWORD_MSG),
                 _ => panic!(),
             };
 
@@ -2967,7 +2967,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -3006,7 +3006,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -3094,7 +3094,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_AUTH_TYPE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_AUTH_TYPE_MSG),
                 _ => panic!(),
             };
 
@@ -3115,7 +3115,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_BACKUPCODE_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_BACKUPCODE_MSG),
                 _ => panic!(),
             };
 
@@ -3137,7 +3137,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -3148,7 +3148,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Denied(msg)) => assert!(msg == BAD_PASSWORD_MSG),
+                Ok(AuthState::Denied(msg)) => assert_eq!(msg, BAD_PASSWORD_MSG),
                 _ => panic!(),
             };
 
@@ -3176,7 +3176,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -3217,7 +3217,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -3296,7 +3296,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(
@@ -3329,7 +3329,7 @@ mod tests {
                 &webauthn,
                 &pw_badlist_cache,
             ) {
-                Ok(AuthState::Continue(cont)) => assert!(cont == vec![AuthAllowed::Password]),
+                Ok(AuthState::Continue(cont)) => assert_eq!(cont, vec![AuthAllowed::Password]),
                 _ => panic!(),
             };
             match session.validate_creds(

server/lib/src/idm/credupdatesession.rs

@@ -3473,7 +3473,7 @@ mod tests {
 
         // Check we have the passkey
         trace!(?c_status);
-        assert!(c_status.passkeys.len() == 1);
+        assert_eq!(c_status.passkeys.len(), 1);
 
         c_status
     }
@@ -3514,7 +3514,7 @@ mod tests {
 
         trace!(?c_status);
         assert!(c_status.primary.is_none());
-        assert!(c_status.passkeys.len() == 1);
+        assert_eq!(c_status.passkeys.len(), 1);
 
         let c_status = cutxn
             .credential_passkey_remove(&cust, ct, pk_uuid)
@@ -3809,7 +3809,7 @@ mod tests {
 
         assert!(c_status.can_commit);
         assert!(c_status.warnings.is_empty());
-        assert!(c_status.passkeys.len() == 1);
+        assert_eq!(c_status.passkeys.len(), 1);
 
         drop(cutxn);
         commit_session(idms, ct, cust).await;
@@ -3867,7 +3867,7 @@ mod tests {
 
         assert!(c_status.can_commit);
         assert!(c_status.warnings.is_empty());
-        assert!(c_status.passkeys.len() == 1);
+        assert_eq!(c_status.passkeys.len(), 1);
 
         drop(cutxn);
         commit_session(idms, ct, cust).await;
@@ -4047,7 +4047,7 @@ mod tests {
         trace!(?c_status);
         assert!(c_status.primary.is_none());
         assert!(c_status.passkeys.is_empty());
-        assert!(c_status.attested_passkeys.len() == 1);
+        assert_eq!(c_status.attested_passkeys.len(), 1);
 
         let c_status = cutxn
             .credential_attested_passkey_remove(&cust, ct, pk_uuid)

server/lib/src/idm/ldap.rs

@@ -884,13 +884,13 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(idms, "admin@example.com", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
 
         // Setting UNIX_PW_BIND flag to false:
         // Hence all of the below authentication will fail (asserts are still satisfied)
@@ -905,7 +905,10 @@ mod tests {
             .is_ok());
         assert!(idms_prox_write.commit().is_ok());
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
         assert!(
             ldaps.do_bind(idms, "", "test").await.unwrap_err() == OperationError::NotAuthenticated
         );
@@ -927,25 +930,25 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(idms, "admin@example.com", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(idms, STR_UUID_ADMIN, TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(idms, "name=admin,dc=example,dc=com", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(
                 idms,
@@ -955,7 +958,7 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(
                 idms,
@@ -965,20 +968,20 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
 
         let admin_t = ldaps
             .do_bind(idms, "name=admin", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(idms, "spn=admin@example.com", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(
                 idms,
@@ -988,20 +991,20 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
 
         let admin_t = ldaps
             .do_bind(idms, "admin,dc=example,dc=com", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(idms, "admin@example.com,dc=example,dc=com", TEST_PASSWORD)
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
         let admin_t = ldaps
             .do_bind(
                 idms,
@@ -1011,7 +1014,7 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(admin_t.effective_session == LdapSession::UnixBind(UUID_ADMIN));
+        assert_eq!(admin_t.effective_session, LdapSession::UnixBind(UUID_ADMIN));
 
         // Bad password, check last to prevent softlocking of the admin account.
         assert!(ldaps
@@ -1120,7 +1123,10 @@ mod tests {
 
         // Setup the anonymous login
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         // Searches under application base DN must show same content
         let sr = SearchRequest {
@@ -1149,7 +1155,7 @@ mod tests {
             .await
             .unwrap();
         assert!(!r1.is_empty());
-        assert!(r1.len() == r2.len());
+        assert_eq!(r1.len(), r2.len());
     }
 
     #[idm_test]
@@ -1606,7 +1612,7 @@ mod tests {
             .application_auth_ldap(&lae, time_low)
             .await
             .expect_err("Authentication succeeded");
-        assert!(r1 == OperationError::SessionExpired);
+        assert_eq!(r1, OperationError::SessionExpired);
 
         let r1 = idms_auth
             .application_auth_ldap(&lae, time)
@@ -1618,7 +1624,7 @@ mod tests {
             .application_auth_ldap(&lae, time_high)
             .await
             .expect_err("Authentication succeeded");
-        assert!(r1 == OperationError::SessionExpired);
+        assert_eq!(r1, OperationError::SessionExpired);
     }
 
     macro_rules! assert_entry_contains {
@@ -1688,7 +1694,10 @@ mod tests {
 
         // Setup the anonymous login.
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         // Check that when we request *, we get default list.
         let sr = SearchRequest {
@@ -1704,7 +1713,7 @@ mod tests {
             .unwrap();
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -1739,7 +1748,7 @@ mod tests {
             .unwrap();
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -1786,7 +1795,7 @@ mod tests {
             .unwrap();
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -1912,13 +1921,16 @@ mod tests {
 
         // Bind with anonymous, search and show mail attr isn't accessible.
         let anon_lbt = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_lbt.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_lbt.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         let r1 = ldaps
             .do_search(idms, &sr, &anon_lbt, Source::Internal)
             .await
             .unwrap();
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -1945,7 +1957,10 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(sa_lbt.effective_session == LdapSession::ApiToken(apitoken_inner.clone()));
+        assert_eq!(
+            sa_lbt.effective_session,
+            LdapSession::ApiToken(apitoken_inner.clone())
+        );
 
         // Bind using the token as a pw
         let sa_lbt = ldaps
@@ -1953,14 +1968,17 @@ mod tests {
             .await
             .unwrap()
             .unwrap();
-        assert!(sa_lbt.effective_session == LdapSession::ApiToken(apitoken_inner));
+        assert_eq!(
+            sa_lbt.effective_session,
+            LdapSession::ApiToken(apitoken_inner)
+        );
 
         // Search and retrieve mail that's now accessible.
         let r1 = ldaps
             .do_search(idms, &sr, &sa_lbt, Source::Internal)
             .await
             .unwrap();
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2020,7 +2038,7 @@ mod tests {
             .await
             .unwrap();
 
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2073,7 +2091,10 @@ mod tests {
 
         // Setup the anonymous login.
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         // Check that when we request a virtual attr by name *and* all_attrs we get all the requested values.
         let sr = SearchRequest {
@@ -2095,7 +2116,7 @@ mod tests {
             .unwrap();
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2142,7 +2163,10 @@ mod tests {
 
         // Setup the anonymous login.
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         // If we request only 1.1, we get no attributes.
         let sr = SearchRequest {
@@ -2158,7 +2182,7 @@ mod tests {
             .unwrap();
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_eq!(
@@ -2188,7 +2212,7 @@ mod tests {
             .unwrap();
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2209,7 +2233,10 @@ mod tests {
         let ldaps = LdapServer::new(idms).await.expect("failed to start ldap");
 
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         let sr = SearchRequest {
             msgid: 1,
@@ -2226,7 +2253,7 @@ mod tests {
         trace!(?r1);
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2262,7 +2289,10 @@ mod tests {
         let ldaps = LdapServer::new(idms).await.expect("failed to start ldap");
 
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         let sr = SearchRequest {
             msgid: 1,
@@ -2279,7 +2309,7 @@ mod tests {
         trace!(?r1);
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2324,7 +2354,10 @@ mod tests {
 
         // Setup the anonymous login.
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         // SSSD tries to just search for silly attrs all the time. We ignore them.
         let sr = SearchRequest {
@@ -2356,7 +2389,7 @@ mod tests {
             .unwrap();
 
         // Empty results and ldap proto success msg.
-        assert!(r1.len() == 1);
+        assert_eq!(r1.len(), 1);
 
         // Second search
 
@@ -2382,7 +2415,7 @@ mod tests {
         trace!(?r1);
 
         // The result, and the ldap proto success msg.
-        assert!(r1.len() == 2);
+        assert_eq!(r1.len(), 2);
         match &r1[0].op {
             LdapOp::SearchResultEntry(lsre) => {
                 assert_entry_contains!(
@@ -2432,11 +2465,14 @@ mod tests {
 
         // Setup the anonymous login.
         let anon_t = ldaps.do_bind(idms, "", "").await.unwrap().unwrap();
-        assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
+        assert_eq!(
+            anon_t.effective_session,
+            LdapSession::UnixBind(UUID_ANONYMOUS)
+        );
 
         #[track_caller]
         fn assert_compare_result(r: &[LdapMsg], code: &LdapResultCode) {
-            assert!(r.len() == 1);
+            assert_eq!(r.len(), 1);
             match &r[0].op {
                 LdapOp::CompareResult(lcr) => {
                     assert_eq!(&lcr.code, code);

server/lib/src/idm/oauth2.rs

@@ -34,8 +34,8 @@ pub use kanidm_proto::oauth2::{
     OidcDiscoveryResponse, PkceAlg, TokenRevokeRequest,
 };
 use kanidm_proto::oauth2::{
-    ClaimType, DisplayValue, GrantType, IdTokenSignAlg, ResponseMode, ResponseType, SubjectType,
-    TokenEndpointAuthMethod,
+    AccessTokenType, ClaimType, DisplayValue, GrantType, IdTokenSignAlg, ResponseMode,
+    ResponseType, SubjectType, TokenEndpointAuthMethod,
 };
 use openssl::sha;
 use serde::{Deserialize, Serialize};
@@ -1364,7 +1364,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
 
         Ok(AccessTokenResponse {
             access_token,
-            token_type: "Bearer".to_string(),
+            token_type: AccessTokenType::Bearer,
             expires_in,
             refresh_token: None,
             scope,
@@ -1572,7 +1572,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
 
         Ok(AccessTokenResponse {
             access_token: access_token.to_string(),
-            token_type: "Bearer".to_string(),
+            token_type: AccessTokenType::Bearer,
             expires_in,
             refresh_token: Some(refresh_token),
             scope,
@@ -2135,7 +2135,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
                 Some(account.spn.clone())
             };
 
-            let token_type = Some("access_token".to_string());
+            let token_type = Some(AccessTokenType::Bearer);
             Ok(AccessTokenIntrospectResponse {
                 active: true,
                 scope,
@@ -2199,7 +2199,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
                         Some(str_join(&scopes))
                     };
 
-                    let token_type = Some("access_token".to_string());
+                    let token_type = Some(AccessTokenType::Bearer);
 
                     let username = if prefer_short_username {
                         entry
@@ -3125,7 +3125,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert!(permit_success.state == "123");
+        assert_eq!(permit_success.state, "123");
 
         // == Submit the token exchange code.
 
@@ -3145,7 +3145,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token! In the future we can then check introspection from this point.
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -3187,7 +3187,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert!(permit_success.state == "123");
+        assert_eq!(permit_success.state, "123");
 
         // == Submit the token exchange code.
 
@@ -3207,7 +3207,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token! In the future we can then check introspection from this point.
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -3701,7 +3701,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert!(permit_success.state == "123");
+        assert_eq!(permit_success.state, "123");
 
         // == Submit the token exchange code.
         // ⚠️  This is where we submit a different origin!
@@ -3721,7 +3721,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token! In the future we can then check introspection from this point.
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
 
         assert!(idms_prox_write.commit().is_ok());
 
@@ -3762,7 +3762,7 @@ mod tests {
 
         // == Manually submit the consent token to the permit for the permit_success
         // Check we are reflecting the CSRF properly.
-        assert!(permit_success.state == "123");
+        assert_eq!(permit_success.state, "123");
 
         // == Submit the token exchange code.
         // ⚠️  This is where we submit a different origin!
@@ -3785,7 +3785,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token! In the future we can then check introspection from this point.
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
     }
 
     #[idm_test]
@@ -3847,12 +3847,18 @@ mod tests {
 
         eprintln!("👉  {intr_response:?}");
         assert!(intr_response.active);
-        assert!(intr_response.scope.as_deref() == Some("openid supplement"));
-        assert!(intr_response.client_id.as_deref() == Some("test_resource_server"));
-        assert!(intr_response.username.as_deref() == Some("testperson1@example.com"));
-        assert!(intr_response.token_type.as_deref() == Some("access_token"));
-        assert!(intr_response.iat == Some(ct.as_secs() as i64));
-        assert!(intr_response.nbf == Some(ct.as_secs() as i64));
+        assert_eq!(intr_response.scope.as_deref(), Some("openid supplement"));
+        assert_eq!(
+            intr_response.client_id.as_deref(),
+            Some("test_resource_server")
+        );
+        assert_eq!(
+            intr_response.username.as_deref(),
+            Some("testperson1@example.com")
+        );
+        assert_eq!(intr_response.token_type, Some(AccessTokenType::Bearer));
+        assert_eq!(intr_response.iat, Some(ct.as_secs() as i64));
+        assert_eq!(intr_response.nbf, Some(ct.as_secs() as i64));
 
         drop(idms_prox_read);
         // start a write,
@@ -4195,7 +4201,7 @@ mod tests {
             .check_oauth2_authorise_reject(&ident, &consent_token, ct)
             .expect("Failed to perform OAuth2 reject");
 
-        assert!(reject_success == redirect_uri);
+        assert_eq!(reject_success, redirect_uri);
 
         // Too much time past to reject
         let past_ct = Duration::from_secs(TEST_CURRENT_TIME + 301);
@@ -4282,9 +4288,15 @@ mod tests {
                 ])
         );
 
-        assert!(discovery.response_types_supported == vec![ResponseType::Code]);
-        assert!(discovery.response_modes_supported == vec![ResponseMode::Query]);
-        assert!(discovery.grant_types_supported == vec![GrantType::AuthorisationCode]);
+        assert_eq!(discovery.response_types_supported, vec![ResponseType::Code]);
+        assert_eq!(
+            discovery.response_modes_supported,
+            vec![ResponseMode::Query]
+        );
+        assert_eq!(
+            discovery.grant_types_supported,
+            vec![GrantType::AuthorisationCode]
+        );
         assert!(
             discovery.token_endpoint_auth_methods_supported
                 == vec![
@@ -4376,7 +4388,7 @@ mod tests {
                     (JwaAlg::ES256, IdTokenSignAlg::ES256) => {}
                     _ => panic!(),
                 };
-                assert!(use_.unwrap() == JwkUse::Sig);
+                assert_eq!(use_.unwrap(), JwkUse::Sig);
                 assert!(kid.is_some())
             }
             _ => panic!(),
@@ -4424,11 +4436,20 @@ mod tests {
                 ])
         );
 
-        assert!(discovery.response_types_supported == vec![ResponseType::Code]);
-        assert!(discovery.response_modes_supported == vec![ResponseMode::Query]);
-        assert!(discovery.grant_types_supported == vec![GrantType::AuthorisationCode]);
-        assert!(discovery.subject_types_supported == vec![SubjectType::Public]);
-        assert!(discovery.id_token_signing_alg_values_supported == vec![IdTokenSignAlg::ES256]);
+        assert_eq!(discovery.response_types_supported, vec![ResponseType::Code]);
+        assert_eq!(
+            discovery.response_modes_supported,
+            vec![ResponseMode::Query]
+        );
+        assert_eq!(
+            discovery.grant_types_supported,
+            vec![GrantType::AuthorisationCode]
+        );
+        assert_eq!(discovery.subject_types_supported, vec![SubjectType::Public]);
+        assert_eq!(
+            discovery.id_token_signing_alg_values_supported,
+            vec![IdTokenSignAlg::ES256]
+        );
         assert!(discovery.userinfo_signing_alg_values_supported.is_none());
         assert!(
             discovery.token_endpoint_auth_methods_supported
@@ -4437,8 +4458,11 @@ mod tests {
                     TokenEndpointAuthMethod::ClientSecretPost
                 ]
         );
-        assert!(discovery.display_values_supported == Some(vec![DisplayValue::Page]));
-        assert!(discovery.claim_types_supported == vec![ClaimType::Normal]);
+        assert_eq!(
+            discovery.display_values_supported,
+            Some(vec![DisplayValue::Page])
+        );
+        assert_eq!(discovery.claim_types_supported, vec![ClaimType::Normal]);
         assert!(discovery.claims_supported.is_none());
         assert!(discovery.service_documentation.is_some());
 
@@ -4522,7 +4546,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token!
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
 
         let id_token = token_response.id_token.expect("No id_token in response!");
 
@@ -4566,22 +4590,25 @@ mod tests {
                 == Url::parse("https://idm.example.com/oauth2/openid/test_resource_server")
                     .unwrap()
         );
-        assert!(oidc.sub == OidcSubject::U(UUID_TESTPERSON_1));
-        assert!(oidc.aud == "test_resource_server");
-        assert!(oidc.iat == iat);
-        assert!(oidc.nbf == Some(iat));
+        assert_eq!(oidc.sub, OidcSubject::U(UUID_TESTPERSON_1));
+        assert_eq!(oidc.aud, "test_resource_server");
+        assert_eq!(oidc.iat, iat);
+        assert_eq!(oidc.nbf, Some(iat));
         // Previously this was the auth session but it's now inline with the access token expiry.
-        assert!(oidc.exp == iat + (OAUTH2_ACCESS_TOKEN_EXPIRY as i64));
+        assert_eq!(oidc.exp, iat + (OAUTH2_ACCESS_TOKEN_EXPIRY as i64));
         assert!(oidc.auth_time.is_none());
         // Is nonce correctly passed through?
-        assert!(oidc.nonce == Some("abcdef".to_string()));
+        assert_eq!(oidc.nonce, Some("abcdef".to_string()));
         assert!(oidc.at_hash.is_none());
         assert!(oidc.acr.is_none());
         assert!(oidc.amr.is_none());
-        assert!(oidc.azp == Some("test_resource_server".to_string()));
+        assert_eq!(oidc.azp, Some("test_resource_server".to_string()));
         assert!(oidc.jti.is_none());
-        assert!(oidc.s_claims.name == Some("Test Person 1".to_string()));
-        assert!(oidc.s_claims.preferred_username == Some("testperson1@example.com".to_string()));
+        assert_eq!(oidc.s_claims.name, Some("Test Person 1".to_string()));
+        assert_eq!(
+            oidc.s_claims.preferred_username,
+            Some("testperson1@example.com".to_string())
+        );
         assert!(
             oidc.s_claims.scopes == vec![OAUTH2_SCOPE_OPENID.to_string(), "supplement".to_string()]
         );
@@ -4592,20 +4619,20 @@ mod tests {
             .oauth2_openid_userinfo("test_resource_server", access_token, ct)
             .expect("failed to get userinfo");
 
-        assert!(oidc.iss == userinfo.iss);
-        assert!(oidc.sub == userinfo.sub);
-        assert!(oidc.aud == userinfo.aud);
-        assert!(oidc.iat == userinfo.iat);
-        assert!(oidc.nbf == userinfo.nbf);
-        assert!(oidc.exp == userinfo.exp);
+        assert_eq!(oidc.iss, userinfo.iss);
+        assert_eq!(oidc.sub, userinfo.sub);
+        assert_eq!(oidc.aud, userinfo.aud);
+        assert_eq!(oidc.iat, userinfo.iat);
+        assert_eq!(oidc.nbf, userinfo.nbf);
+        assert_eq!(oidc.exp, userinfo.exp);
         assert!(userinfo.auth_time.is_none());
-        assert!(userinfo.nonce == Some("abcdef".to_string()));
+        assert_eq!(userinfo.nonce, Some("abcdef".to_string()));
         assert!(userinfo.at_hash.is_none());
         assert!(userinfo.acr.is_none());
-        assert!(oidc.amr == userinfo.amr);
-        assert!(oidc.azp == userinfo.azp);
+        assert_eq!(oidc.amr, userinfo.amr);
+        assert_eq!(oidc.azp, userinfo.azp);
         assert!(userinfo.jti.is_none());
-        assert!(oidc.s_claims == userinfo.s_claims);
+        assert_eq!(oidc.s_claims, userinfo.s_claims);
         assert!(userinfo.claims.is_empty());
 
         drop(idms_prox_read);
@@ -4637,20 +4664,20 @@ mod tests {
             .oauth2_openid_userinfo("test_resource_server", access_token, ct)
             .expect("failed to get userinfo");
 
-        assert!(oidc.iss == userinfo.iss);
-        assert!(oidc.sub == userinfo.sub);
-        assert!(oidc.aud == userinfo.aud);
-        assert!(oidc.iat == userinfo.iat);
-        assert!(oidc.nbf == userinfo.nbf);
-        assert!(oidc.exp == userinfo.exp);
+        assert_eq!(oidc.iss, userinfo.iss);
+        assert_eq!(oidc.sub, userinfo.sub);
+        assert_eq!(oidc.aud, userinfo.aud);
+        assert_eq!(oidc.iat, userinfo.iat);
+        assert_eq!(oidc.nbf, userinfo.nbf);
+        assert_eq!(oidc.exp, userinfo.exp);
         assert!(userinfo.auth_time.is_none());
-        assert!(userinfo.nonce == Some("abcdef".to_string()));
+        assert_eq!(userinfo.nonce, Some("abcdef".to_string()));
         assert!(userinfo.at_hash.is_none());
         assert!(userinfo.acr.is_none());
-        assert!(oidc.amr == userinfo.amr);
-        assert!(oidc.azp == userinfo.azp);
+        assert_eq!(oidc.amr, userinfo.amr);
+        assert_eq!(oidc.azp, userinfo.azp);
         assert!(userinfo.jti.is_none());
-        assert!(oidc.s_claims == userinfo.s_claims);
+        assert_eq!(oidc.s_claims, userinfo.s_claims);
         assert!(userinfo.claims.is_empty());
     }
 
@@ -4730,13 +4757,16 @@ mod tests {
             .expect("Failed to verify oidc");
 
         // Do we have the short username in the token claims?
-        assert!(oidc.s_claims.preferred_username == Some("testperson1".to_string()));
+        assert_eq!(
+            oidc.s_claims.preferred_username,
+            Some("testperson1".to_string())
+        );
         // Do the id_token details line up to the userinfo?
         let userinfo = idms_prox_read
             .oauth2_openid_userinfo("test_resource_server", access_token, ct)
             .expect("failed to get userinfo");
 
-        assert!(oidc.s_claims == userinfo.s_claims);
+        assert_eq!(oidc.s_claims, userinfo.s_claims);
     }
 
     #[idm_test]
@@ -4831,7 +4861,7 @@ mod tests {
             .expect("failed to get userinfo");
 
         // does the userinfo endpoint provide the same groups?
-        assert!(oidc.claims.get("groups") == userinfo.claims.get("groups"));
+        assert_eq!(oidc.claims.get("groups"), userinfo.claims.get("groups"));
     }
 
     //  Check insecure pkce behaviour.
@@ -4904,7 +4934,7 @@ mod tests {
                     (JwaAlg::RS256, IdTokenSignAlg::RS256) => {}
                     _ => panic!(),
                 };
-                assert!(use_.unwrap() == JwkUse::Sig);
+                assert_eq!(use_.unwrap(), JwkUse::Sig);
                 assert!(kid.is_some());
             }
             _ => panic!(),
@@ -4950,7 +4980,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token!
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
         let id_token = token_response.id_token.expect("No id_token in response!");
 
         let jws_validator =
@@ -4967,7 +4997,7 @@ mod tests {
             .verify_exp(iat)
             .expect("Failed to verify oidc");
 
-        assert!(oidc.sub == OidcSubject::U(UUID_TESTPERSON_1));
+        assert_eq!(oidc.sub, OidcSubject::U(UUID_TESTPERSON_1));
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -5587,7 +5617,7 @@ mod tests {
             .check_oauth2_token_exchange(&client_authz, &token_req, ct)
             .unwrap_err();
 
-        assert!(access_token_response_4 == Oauth2Error::InvalidGrant);
+        assert_eq!(access_token_response_4, Oauth2Error::InvalidGrant);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -5637,7 +5667,7 @@ mod tests {
             // Should be unable to exchange.
             .unwrap_err();
 
-        assert!(access_token_response_2 == Oauth2Error::InvalidGrant);
+        assert_eq!(access_token_response_2, Oauth2Error::InvalidGrant);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -5676,7 +5706,7 @@ mod tests {
             .check_oauth2_token_exchange(&bad_client_authz, &token_req, ct)
             .unwrap_err();
 
-        assert!(access_token_response_2 == Oauth2Error::AuthenticationRequired);
+        assert_eq!(access_token_response_2, Oauth2Error::AuthenticationRequired);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -5713,7 +5743,7 @@ mod tests {
             .check_oauth2_token_exchange(&client_authz, &token_req, ct)
             .unwrap_err();
 
-        assert!(access_token_response_2 == Oauth2Error::InvalidScope);
+        assert_eq!(access_token_response_2, Oauth2Error::InvalidScope);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -5775,7 +5805,7 @@ mod tests {
             .check_oauth2_token_exchange(&client_authz, &token_req, ct)
             .unwrap_err();
 
-        assert!(access_token_response_3 == Oauth2Error::InvalidGrant);
+        assert_eq!(access_token_response_3, Oauth2Error::InvalidGrant);
 
         let entry = idms_prox_write
             .qs_write
@@ -6145,7 +6175,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token!
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
 
         let id_token = token_response.id_token.expect("No id_token in response!");
         let access_token =
@@ -6182,22 +6212,25 @@ mod tests {
                 == Url::parse("https://idm.example.com/oauth2/openid/test_resource_server")
                     .unwrap()
         );
-        assert!(oidc.sub == OidcSubject::U(UUID_TESTPERSON_1));
-        assert!(oidc.aud == "test_resource_server");
-        assert!(oidc.iat == iat);
-        assert!(oidc.nbf == Some(iat));
+        assert_eq!(oidc.sub, OidcSubject::U(UUID_TESTPERSON_1));
+        assert_eq!(oidc.aud, "test_resource_server");
+        assert_eq!(oidc.iat, iat);
+        assert_eq!(oidc.nbf, Some(iat));
         // Previously this was the auth session but it's now inline with the access token expiry.
-        assert!(oidc.exp == iat + (OAUTH2_ACCESS_TOKEN_EXPIRY as i64));
+        assert_eq!(oidc.exp, iat + (OAUTH2_ACCESS_TOKEN_EXPIRY as i64));
         assert!(oidc.auth_time.is_none());
         // Is nonce correctly passed through?
-        assert!(oidc.nonce == Some("abcdef".to_string()));
+        assert_eq!(oidc.nonce, Some("abcdef".to_string()));
         assert!(oidc.at_hash.is_none());
         assert!(oidc.acr.is_none());
         assert!(oidc.amr.is_none());
-        assert!(oidc.azp == Some("test_resource_server".to_string()));
+        assert_eq!(oidc.azp, Some("test_resource_server".to_string()));
         assert!(oidc.jti.is_none());
-        assert!(oidc.s_claims.name == Some("Test Person 1".to_string()));
-        assert!(oidc.s_claims.preferred_username == Some("testperson1@example.com".to_string()));
+        assert_eq!(oidc.s_claims.name, Some("Test Person 1".to_string()));
+        assert_eq!(
+            oidc.s_claims.preferred_username,
+            Some("testperson1@example.com".to_string())
+        );
         assert!(
             oidc.s_claims.scopes == vec![OAUTH2_SCOPE_OPENID.to_string(), "supplement".to_string()]
         );
@@ -6217,20 +6250,20 @@ mod tests {
             .oauth2_openid_userinfo("test_resource_server", access_token, ct)
             .expect("failed to get userinfo");
 
-        assert!(oidc.iss == userinfo.iss);
-        assert!(oidc.sub == userinfo.sub);
-        assert!(oidc.aud == userinfo.aud);
-        assert!(oidc.iat == userinfo.iat);
-        assert!(oidc.nbf == userinfo.nbf);
-        assert!(oidc.exp == userinfo.exp);
+        assert_eq!(oidc.iss, userinfo.iss);
+        assert_eq!(oidc.sub, userinfo.sub);
+        assert_eq!(oidc.aud, userinfo.aud);
+        assert_eq!(oidc.iat, userinfo.iat);
+        assert_eq!(oidc.nbf, userinfo.nbf);
+        assert_eq!(oidc.exp, userinfo.exp);
         assert!(userinfo.auth_time.is_none());
-        assert!(userinfo.nonce == Some("abcdef".to_string()));
+        assert_eq!(userinfo.nonce, Some("abcdef".to_string()));
         assert!(userinfo.at_hash.is_none());
         assert!(userinfo.acr.is_none());
-        assert!(oidc.amr == userinfo.amr);
-        assert!(oidc.azp == userinfo.azp);
+        assert_eq!(oidc.amr, userinfo.amr);
+        assert_eq!(oidc.azp, userinfo.azp);
         assert!(userinfo.jti.is_none());
-        assert!(oidc.s_claims == userinfo.s_claims);
+        assert_eq!(oidc.s_claims, userinfo.s_claims);
         assert_eq!(oidc.claims, userinfo.claims);
 
         // Check the oauth2 introspect bits.
@@ -6244,12 +6277,18 @@ mod tests {
 
         eprintln!("👉  {intr_response:?}");
         assert!(intr_response.active);
-        assert!(intr_response.scope.as_deref() == Some("openid supplement"));
-        assert!(intr_response.client_id.as_deref() == Some("test_resource_server"));
-        assert!(intr_response.username.as_deref() == Some("testperson1@example.com"));
-        assert!(intr_response.token_type.as_deref() == Some("access_token"));
-        assert!(intr_response.iat == Some(ct.as_secs() as i64));
-        assert!(intr_response.nbf == Some(ct.as_secs() as i64));
+        assert_eq!(intr_response.scope.as_deref(), Some("openid supplement"));
+        assert_eq!(
+            intr_response.client_id.as_deref(),
+            Some("test_resource_server")
+        );
+        assert_eq!(
+            intr_response.username.as_deref(),
+            Some("testperson1@example.com")
+        );
+        assert_eq!(intr_response.token_type, Some(AccessTokenType::Bearer));
+        assert_eq!(intr_response.iat, Some(ct.as_secs() as i64));
+        assert_eq!(intr_response.nbf, Some(ct.as_secs() as i64));
         // Introspect doesn't have custom claims.
 
         drop(idms_prox_read);
@@ -6318,7 +6357,7 @@ mod tests {
             .expect("Failed to perform OAuth2 permit");
 
         // Check we are reflecting the CSRF properly.
-        assert!(permit_success.state == "123");
+        assert_eq!(permit_success.state, "123");
 
         // == Submit the token exchange code.
         let token_req = AccessTokenRequest {
@@ -6337,7 +6376,7 @@ mod tests {
             .expect("Failed to perform OAuth2 token exchange");
 
         // 🎉 We got a token! In the future we can then check introspection from this point.
-        assert!(token_response.token_type == "Bearer");
+        assert_eq!(token_response.token_type, AccessTokenType::Bearer);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -6368,7 +6407,7 @@ mod tests {
         assert!(idms_prox_write.commit().is_ok());
 
         // 🎉 We got a token! In the future we can then check introspection from this point.
-        assert!(oauth2_token.token_type == "Bearer");
+        assert_eq!(oauth2_token.token_type, AccessTokenType::Bearer);
 
         // Check Oauth2 Token Introspection
         let mut idms_prox_read = idms.proxy_read().await.unwrap();
@@ -6392,7 +6431,7 @@ mod tests {
             intr_response.username.as_deref(),
             Some("test_resource_server@example.com")
         );
-        assert_eq!(intr_response.token_type.as_deref(), Some("access_token"));
+        assert_eq!(intr_response.token_type, Some(AccessTokenType::Bearer));
         assert_eq!(intr_response.iat, Some(ct.as_secs() as i64));
         assert_eq!(intr_response.nbf, Some(ct.as_secs() as i64));
 

server/lib/src/idm/scim.rs

@@ -1583,7 +1583,7 @@ mod tests {
             .validate_sync_client_auth_info_to_ident(sync_token.into(), ct)
             .expect("Failed to validate sync token");
 
-        assert!(Some(sync_uuid) == ident.get_uuid());
+        assert_eq!(Some(sync_uuid), ident.get_uuid());
 
         let sync_state = idms_prox_read
             .scim_sync_get_state(&ident)
@@ -1638,7 +1638,7 @@ mod tests {
         let ident = idms_prox_read
             .validate_sync_client_auth_info_to_ident(sync_token.clone().into(), ct)
             .expect("Failed to validate sync token");
-        assert!(Some(sync_uuid) == ident.get_uuid());
+        assert_eq!(Some(sync_uuid), ident.get_uuid());
         drop(idms_prox_read);
 
         // -- Revoke the session
@@ -1833,7 +1833,7 @@ mod tests {
             synced_entry.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("dn=william,ou=people,dc=test")
         );
-        assert!(synced_entry.get_uuid() == user_sync_uuid);
+        assert_eq!(synced_entry.get_uuid(), user_sync_uuid);
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -1959,7 +1959,7 @@ mod tests {
             .internal_search_uuid(user_sync_uuid)
             .expect("Unable to access entry");
 
-        assert!(ent.get_ava_single_iname(Attribute::Name) == Some("testgroup"));
+        assert_eq!(ent.get_ava_single_iname(Attribute::Name), Some("testgroup"));
         assert!(
             ent.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("cn=testgroup,ou=people,dc=test")
@@ -2156,7 +2156,7 @@ mod tests {
             )))
             // Should be none as the entry was masked by being recycled.
             .map(|entries| {
-                assert!(entries.len() == 1);
+                assert_eq!(entries.len(), 1);
                 let ent = entries.first().unwrap();
                 ent.mask_recycled_ts().is_none()
             })
@@ -2351,7 +2351,7 @@ mod tests {
             )))
             // Should be none as the entry was masked by being recycled.
             .map(|entries| {
-                assert!(entries.len() == 1);
+                assert_eq!(entries.len(), 1);
                 let ent = entries.first().unwrap();
                 ent.mask_recycled_ts().is_none()
             })
@@ -2435,7 +2435,7 @@ mod tests {
             )))
             // Should be none as the entry was masked by being recycled.
             .map(|entries| {
-                assert!(entries.len() == 1);
+                assert_eq!(entries.len(), 1);
                 let ent = entries.first().unwrap();
                 ent.mask_recycled_ts().is_none()
             })
@@ -2450,7 +2450,7 @@ mod tests {
             )))
             // Should be none as the entry was masked by being recycled.
             .map(|entries| {
-                assert!(entries.len() == 1);
+                assert_eq!(entries.len(), 1);
                 let ent = entries.first().unwrap();
                 ent.mask_recycled_ts().is_none()
             })
@@ -2518,7 +2518,7 @@ mod tests {
             .internal_search_uuid(sync_uuid_a)
             .expect("Unable to access entry");
 
-        assert!(ent.get_ava_single_iname(Attribute::Name) == Some("testgroup"));
+        assert_eq!(ent.get_ava_single_iname(Attribute::Name), Some("testgroup"));
 
         assert!(idms_prox_write.commit().is_ok());
     }
@@ -2627,7 +2627,10 @@ mod tests {
             testposix.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("cn=testposix,cn=groups,cn=accounts,dc=dev,dc=blackhats,dc=net,dc=au")
         );
-        assert!(testposix.get_ava_single_uint32(Attribute::GidNumber) == Some(1234567));
+        assert_eq!(
+            testposix.get_ava_single_uint32(Attribute::GidNumber),
+            Some(1234567)
+        );
 
         let testexternal = get_single_entry("testexternal", &mut idms_prox_write);
         assert!(
@@ -2643,9 +2646,18 @@ mod tests {
             testuser.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("uid=testuser,cn=users,cn=accounts,dc=dev,dc=blackhats,dc=net,dc=au")
         );
-        assert!(testuser.get_ava_single_uint32(Attribute::GidNumber) == Some(12345));
-        assert!(testuser.get_ava_single_utf8(Attribute::DisplayName) == Some("Test User"));
-        assert!(testuser.get_ava_single_iutf8(Attribute::LoginShell) == Some("/bin/sh"));
+        assert_eq!(
+            testuser.get_ava_single_uint32(Attribute::GidNumber),
+            Some(12345)
+        );
+        assert_eq!(
+            testuser.get_ava_single_utf8(Attribute::DisplayName),
+            Some("Test User")
+        );
+        assert_eq!(
+            testuser.get_ava_single_iutf8(Attribute::LoginShell),
+            Some("/bin/sh")
+        );
 
         let mut ssh_keyiter = testuser
             .get_ava_iter_sshpubkeys(Attribute::SshPublicKey)
@@ -2700,7 +2712,10 @@ mod tests {
             testposix.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("cn=testposix,cn=groups,cn=accounts,dc=dev,dc=blackhats,dc=net,dc=au")
         );
-        assert!(testposix.get_ava_single_uint32(Attribute::GidNumber) == Some(1234567));
+        assert_eq!(
+            testposix.get_ava_single_uint32(Attribute::GidNumber),
+            Some(1234567)
+        );
 
         let testexternal = get_single_entry("testexternal2", &mut idms_prox_write);
         info!("{:?}", testexternal);
@@ -2768,7 +2783,10 @@ mod tests {
             testposix.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("cn=testposix,cn=groups,cn=accounts,dc=dev,dc=blackhats,dc=net,dc=au")
         );
-        assert!(testposix.get_ava_single_uint32(Attribute::GidNumber) == Some(1234567));
+        assert_eq!(
+            testposix.get_ava_single_uint32(Attribute::GidNumber),
+            Some(1234567)
+        );
 
         let testexternal = get_single_entry("testexternal", &mut idms_prox_write);
         assert!(
@@ -2784,9 +2802,18 @@ mod tests {
             testuser.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("uid=testuser,cn=users,cn=accounts,dc=dev,dc=blackhats,dc=net,dc=au")
         );
-        assert!(testuser.get_ava_single_uint32(Attribute::GidNumber) == Some(12345));
-        assert!(testuser.get_ava_single_utf8(Attribute::DisplayName) == Some("Test User"));
-        assert!(testuser.get_ava_single_iutf8(Attribute::LoginShell) == Some("/bin/sh"));
+        assert_eq!(
+            testuser.get_ava_single_uint32(Attribute::GidNumber),
+            Some(12345)
+        );
+        assert_eq!(
+            testuser.get_ava_single_utf8(Attribute::DisplayName),
+            Some("Test User")
+        );
+        assert_eq!(
+            testuser.get_ava_single_iutf8(Attribute::LoginShell),
+            Some("/bin/sh")
+        );
 
         // Check memberof works.
         let testgroup_mb = testgroup
@@ -2844,9 +2871,18 @@ mod tests {
             testuser.get_ava_single_iutf8(Attribute::SyncExternalId)
                 == Some("uid=testuser,cn=users,cn=accounts,dc=dev,dc=blackhats,dc=net,dc=au")
         );
-        assert!(testuser.get_ava_single_uint32(Attribute::GidNumber) == Some(12345));
-        assert!(testuser.get_ava_single_utf8(Attribute::DisplayName) == Some("Test User"));
-        assert!(testuser.get_ava_single_iutf8(Attribute::LoginShell) == Some("/bin/sh"));
+        assert_eq!(
+            testuser.get_ava_single_uint32(Attribute::GidNumber),
+            Some(12345)
+        );
+        assert_eq!(
+            testuser.get_ava_single_utf8(Attribute::DisplayName),
+            Some("Test User")
+        );
+        assert_eq!(
+            testuser.get_ava_single_iutf8(Attribute::LoginShell),
+            Some("/bin/sh")
+        );
 
         // Check memberof works.
         let testgroup_mb = testgroup

server/lib/src/idm/server.rs

@@ -2217,10 +2217,10 @@ mod tests {
                 match state {
                     AuthState::Choose(mut conts) => {
                         // Should only be one auth mech
-                        assert!(conts.len() == 1);
+                        assert_eq!(conts.len(), 1);
                         // And it should be anonymous
                         let m = conts.pop().expect("Should not fail");
-                        assert!(m == AuthMech::Anonymous);
+                        assert_eq!(m, AuthMech::Anonymous);
                     }
                     _ => {
                         error!("A critical error has occurred! We have a non-continue result!");
@@ -2263,8 +2263,8 @@ mod tests {
                 match state {
                     AuthState::Continue(allowed) => {
                         // Check the uat.
-                        assert!(allowed.len() == 1);
-                        assert!(allowed.first() == Some(&AuthAllowed::Anonymous));
+                        assert_eq!(allowed.len(), 1);
+                        assert_eq!(allowed.first(), Some(&AuthAllowed::Anonymous));
                     }
                     _ => {
                         error!("A critical error has occurred! We have a non-continue result!");
@@ -2662,7 +2662,7 @@ mod tests {
             .expect("Failed to generate radius auth token");
 
         // view the token?
-        assert!(r1 == tok_r.secret);
+        assert_eq!(r1, tok_r.secret);
     }
 
     #[idm_test]
@@ -2716,19 +2716,19 @@ mod tests {
             .get_unixgrouptoken(&ugte)
             .expect("Failed to generate unix group token");
 
-        assert!(tok_g.name == "testgroup");
-        assert!(tok_g.spn == "testgroup@example.com");
+        assert_eq!(tok_g.name, "testgroup");
+        assert_eq!(tok_g.spn, "testgroup@example.com");
 
         let uute = UnixUserTokenEvent::new_internal(UUID_ADMIN);
         let tok_r = idms_prox_read
             .get_unixusertoken(&uute, duration_from_epoch_now())
             .expect("Failed to generate unix user token");
 
-        assert!(tok_r.name == "admin");
-        assert!(tok_r.spn == "admin@example.com");
-        assert!(tok_r.groups.len() == 2);
-        assert!(tok_r.groups[0].name == "admin");
-        assert!(tok_r.groups[1].name == "testgroup");
+        assert_eq!(tok_r.name, "admin");
+        assert_eq!(tok_r.spn, "admin@example.com");
+        assert_eq!(tok_r.groups.len(), 2);
+        assert_eq!(tok_r.groups[0].name, "admin");
+        assert_eq!(tok_r.groups[1].name, "testgroup");
         assert!(tok_r.valid);
 
         // Show we can get the admin as a unix group token too
@@ -2740,8 +2740,8 @@ mod tests {
             .get_unixgrouptoken(&ugte)
             .expect("Failed to generate unix group token");
 
-        assert!(tok_g.name == "admin");
-        assert!(tok_g.spn == "admin@example.com");
+        assert_eq!(tok_g.name, "admin");
+        assert_eq!(tok_g.spn, "admin@example.com");
     }
 
     #[idm_test]
@@ -2871,7 +2871,7 @@ mod tests {
         // The second is the auth session record
         let da = idms_delayed.try_recv().expect("invalid");
         assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
-        assert!(Ok(true) == r);
+        assert_eq!(Ok(true), r);
 
         let mut idms_prox_read = idms.proxy_read().await.unwrap();
         let person_entry = idms_prox_read
@@ -3094,14 +3094,14 @@ mod tests {
             .get_unixusertoken(&uute, time_low)
             .expect("Failed to generate unix user token");
 
-        assert!(tok_r.name == "testperson1");
+        assert_eq!(tok_r.name, "testperson1");
         assert!(!tok_r.valid);
 
         let tok_r = idms_prox_read
             .get_unixusertoken(&uute, time_high)
             .expect("Failed to generate unix user token");
 
-        assert!(tok_r.name == "testperson1");
+        assert_eq!(tok_r.name, "testperson1");
         assert!(!tok_r.valid);
     }
 
@@ -3241,7 +3241,7 @@ mod tests {
 
         match state {
             AuthState::Denied(reason) => {
-                assert!(reason == "Account is temporarily locked");
+                assert_eq!(reason, "Account is temporarily locked");
             }
             _ => {
                 error!("Sessions was not denied (softlock)");
@@ -3393,7 +3393,7 @@ mod tests {
                 } = ar;
                 match state {
                     AuthState::Denied(reason) => {
-                        assert!(reason == "Account is temporarily locked");
+                        assert_eq!(reason, "Account is temporarily locked");
                     }
                     _ => {
                         error!("A critical error has occurred! We have a non-denied result!");
@@ -3480,7 +3480,7 @@ mod tests {
         assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
         // Persist it.
         let r = idms.delayed_action(ct, da).await;
-        assert!(Ok(true) == r);
+        assert_eq!(Ok(true), r);
         idms_delayed.check_is_empty_or_panic();
 
         let mut idms_prox_read = idms.proxy_read().await.unwrap();
@@ -3537,7 +3537,7 @@ mod tests {
         });
         // Persist it.
         let r = idms.delayed_action(ct, da).await;
-        assert!(Ok(true) == r);
+        assert_eq!(Ok(true), r);
 
         // Check it was written, and check
         let mut idms_prox_read = idms.proxy_read().await.unwrap();
@@ -3548,7 +3548,7 @@ mod tests {
         let sessions = admin
             .get_ava_as_session_map(Attribute::UserAuthTokenSession)
             .expect("Sessions must be present!");
-        assert!(sessions.len() == 1);
+        assert_eq!(sessions.len(), 1);
         let session_data_a = sessions.get(&session_a).expect("Session A is missing!");
         assert!(matches!(session_data_a.state, SessionState::ExpiresAt(_)));
 
@@ -3569,7 +3569,7 @@ mod tests {
         });
         // Persist it.
         let r = idms.delayed_action(expiry_a, da).await;
-        assert!(Ok(true) == r);
+        assert_eq!(Ok(true), r);
 
         let mut idms_prox_read = idms.proxy_read().await.unwrap();
         let admin = idms_prox_read
@@ -3580,7 +3580,7 @@ mod tests {
             .get_ava_as_session_map(Attribute::UserAuthTokenSession)
             .expect("Sessions must be present!");
         trace!(?sessions);
-        assert!(sessions.len() == 2);
+        assert_eq!(sessions.len(), 2);
 
         let session_data_a = sessions.get(&session_a).expect("Session A is missing!");
         assert!(matches!(session_data_a.state, SessionState::RevokedAt(_)));
@@ -3616,7 +3616,7 @@ mod tests {
         let da = idms_delayed.try_recv().expect("invalid");
         assert!(matches!(da, DelayedAction::AuthSessionRecord(_)));
         let r = idms.delayed_action(ct, da).await;
-        assert!(Ok(true) == r);
+        assert_eq!(Ok(true), r);
 
         let mut idms_prox_read = idms.proxy_read().await.unwrap();
 
@@ -3742,10 +3742,10 @@ mod tests {
                 match state {
                     AuthState::Choose(mut conts) => {
                         // Should only be one auth mech
-                        assert!(conts.len() == 1);
+                        assert_eq!(conts.len(), 1);
                         // And it should be anonymous
                         let m = conts.pop().expect("Should not fail");
-                        assert!(m == AuthMech::Anonymous);
+                        assert_eq!(m, AuthMech::Anonymous);
                     }
                     _ => {
                         error!("A critical error has occurred! We have a non-continue result!");
@@ -3781,8 +3781,8 @@ mod tests {
                 match state {
                     AuthState::Continue(allowed) => {
                         // Check the uat.
-                        assert!(allowed.len() == 1);
-                        assert!(allowed.first() == Some(&AuthAllowed::Anonymous));
+                        assert_eq!(allowed.len(), 1);
+                        assert_eq!(allowed.first(), Some(&AuthAllowed::Anonymous));
                     }
                     _ => {
                         error!("A critical error has occurred! We have a non-continue result!");

server/lib/src/idm/serviceaccount.rs

@@ -475,7 +475,7 @@ mod tests {
             .validate_client_auth_info_to_ident(api_token.clone().into(), ct)
             .expect("Unable to verify api token.");
 
-        assert!(ident.get_uuid() == Some(testaccount_uuid));
+        assert_eq!(ident.get_uuid(), Some(testaccount_uuid));
 
         // Woohoo! Okay lets test the other edge cases.
 
@@ -499,7 +499,7 @@ mod tests {
         let ident = idms_prox_write
             .validate_client_auth_info_to_ident(api_token.clone().into(), ct)
             .expect("Unable to verify api token.");
-        assert!(ident.get_uuid() == Some(testaccount_uuid));
+        assert_eq!(ident.get_uuid(), Some(testaccount_uuid));
 
         // Past gracewindow?
         assert!(

server/lib/src/macros.rs

@@ -98,7 +98,7 @@ macro_rules! run_create_test {
                 .unwrap();
             let r = qs_write.create(&ce);
             trace!("test result: {:?}", r);
-            assert!(r == $expect);
+            assert_eq!(r, $expect);
             $check(&mut qs_write);
             match r {
                 Ok(_) => {
@@ -117,7 +117,7 @@ macro_rules! run_create_test {
             .unwrap()
             .block_on(qs.verify());
         trace!("verification -> {:?}", ver);
-        assert!(ver.len() == 0);
+        assert_eq!(ver.len(), 0);
     }};
 }
 
@@ -172,7 +172,7 @@ macro_rules! run_modify_test {
             let r = qs_write.modify(&me);
             $check(&mut qs_write);
             trace!("test result: {:?}", r);
-            assert!(r == $expect);
+            assert_eq!(r, $expect);
             match r {
                 Ok(_) => {
                     qs_write.commit().expect("commit failure!");
@@ -190,7 +190,7 @@ macro_rules! run_modify_test {
             .unwrap()
             .block_on(qs.verify());
         trace!("verification -> {:?}", ver);
-        assert!(ver.len() == 0);
+        assert_eq!(ver.len(), 0);
     }};
 }
 
@@ -226,7 +226,7 @@ macro_rules! run_delete_test {
             let r = qs_write.delete(&de);
             trace!("test result: {:?}", r);
             $check(&mut qs_write);
-            assert!(r == $expect);
+            assert_eq!(r, $expect);
             match r {
                 Ok(_) => {
                     qs_write.commit().expect("commit failure!");
@@ -244,7 +244,7 @@ macro_rules! run_delete_test {
             .unwrap()
             .block_on(qs.verify());
         trace!("verification -> {:?}", ver);
-        assert!(ver.len() == 0);
+        assert_eq!(ver.len(), 0);
     }};
 }
 

server/lib/src/plugins/cred_import.rs

@@ -338,7 +338,7 @@ mod tests {
                     .expect("failed to get primary cred.");
                 match &c.type_ {
                     CredentialType::PasswordMfa(_pw, totp, webauthn, backup_code) => {
-                        assert!(totp.len() == 1);
+                        assert_eq!(totp.len(), 1);
                         assert!(webauthn.is_empty());
                         assert!(backup_code.is_none());
                     }
@@ -399,12 +399,12 @@ mod tests {
                     .expect("failed to get primary cred.");
                 match &c.type_ {
                     CredentialType::PasswordMfa(_pw, totp, webauthn, backup_code) => {
-                        assert!(totp.len() == 2);
+                        assert_eq!(totp.len(), 2);
                         assert!(webauthn.is_empty());
                         assert!(backup_code.is_none());
 
-                        assert!(totp.get("a") == Some(&totp_a));
-                        assert!(totp.get("b") == Some(&totp_b));
+                        assert_eq!(totp.get("a"), Some(&totp_a));
+                        assert_eq!(totp.get("b"), Some(&totp_b));
                     }
                     _ => panic!("Oh no"),
                 };

server/lib/src/plugins/dyngroup.rs

@@ -476,7 +476,7 @@ mod tests {
                     .get_ava_set(Attribute::DynMember)
                     .expect("No members on dyn group");
 
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
             }
         );
     }
@@ -525,7 +525,7 @@ mod tests {
                     .get_ava_set(Attribute::DynMember)
                     .expect("No members on dyn group");
 
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
             }
         );
     }
@@ -619,7 +619,7 @@ mod tests {
                     .get_ava_set(Attribute::DynMember)
                     .expect("No members on dyn group");
 
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
                 assert!(d_group.get_ava_set(Attribute::Member).is_none());
             }
         );
@@ -681,7 +681,7 @@ mod tests {
                     .get_ava_set(Attribute::DynMember)
                     .expect("No members on dyn group");
 
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
             }
         );
     }
@@ -794,7 +794,7 @@ mod tests {
                     .expect("No members on dyn group");
                 // We assert to refer single here because we should have "removed" uuid_admin being added
                 // at all.
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
             }
         );
     }
@@ -846,7 +846,7 @@ mod tests {
                     .get_ava_set(Attribute::DynMember)
                     .expect("No members on dyn group");
                 // We assert to refer single here because we should have re-added the members
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
             }
         );
     }
@@ -901,7 +901,7 @@ mod tests {
                     .get_ava_set(Attribute::DynMember)
                     .expect("No members on dyn group");
 
-                assert!(members.to_refer_single() == Some(UUID_TEST_GROUP));
+                assert_eq!(members.to_refer_single(), Some(UUID_TEST_GROUP));
             }
         );
     }

server/lib/src/plugins/memberof.rs

@@ -809,7 +809,7 @@ mod tests {
             ]));
             let cands = $qs.internal_search(filt).expect("Internal search failure");
             debug!("assert_mo_cands {:?}", cands);
-            assert!(cands.len() == $cand);
+            assert_eq!(cands.len(), $cand);
         }};
     }
 

server/lib/src/plugins/refint.rs

@@ -1263,7 +1263,7 @@ mod tests {
         let dyn_member = dyna
             .get_ava_refer(Attribute::DynMember)
             .expect("Failed to get dyn member attribute");
-        assert!(dyn_member.len() == 1);
+        assert_eq!(dyn_member.len(), 1);
         assert!(dyn_member.contains(&tgroup_uuid));
 
         let group = server_txn
@@ -1273,7 +1273,7 @@ mod tests {
         let grp_member = group
             .get_ava_refer(Attribute::MemberOf)
             .expect("Failed to get memberof attribute");
-        assert!(grp_member.len() == 1);
+        assert_eq!(grp_member.len(), 1);
         assert!(grp_member.contains(&dyn_uuid));
 
         assert!(server_txn.commit().is_ok());

server/lib/src/plugins/spn.rs

@@ -341,7 +341,7 @@ mod tests {
             .expect("must not fail");
 
         let e_pre_spn = e_pre.get_ava_single(Attribute::Spn).expect("must not fail");
-        assert!(e_pre_spn == ex1);
+        assert_eq!(e_pre_spn, ex1);
 
         // trigger the domain_name change (this will be a cli option to the server
         // in the final version), but it will still call the same qs function to perform the
@@ -360,7 +360,7 @@ mod tests {
             .expect("must not fail");
         debug!("{:?}", e_post_spn);
         debug!("{:?}", ex2);
-        assert!(e_post_spn == ex2);
+        assert_eq!(e_post_spn, ex2);
 
         server_txn.commit().expect("Must not fail");
     }

server/lib/src/repl/cid.rs

@@ -100,9 +100,9 @@ mod tests {
             Duration::new(15, 0),
         );
 
-        assert!(cid_a.cmp(&cid_a) == Ordering::Equal);
-        assert!(cid_a.cmp(&cid_b) == Ordering::Less);
-        assert!(cid_b.cmp(&cid_a) == Ordering::Greater);
+        assert_eq!(cid_a.cmp(&cid_a), Ordering::Equal);
+        assert_eq!(cid_a.cmp(&cid_b), Ordering::Less);
+        assert_eq!(cid_b.cmp(&cid_a), Ordering::Greater);
 
         // check same ts, d_uuid, diff s_uuid
         let cid_e = Cid::new(
@@ -114,9 +114,9 @@ mod tests {
             Duration::new(5, 0),
         );
 
-        assert!(cid_e.cmp(&cid_e) == Ordering::Equal);
-        assert!(cid_e.cmp(&cid_f) == Ordering::Less);
-        assert!(cid_f.cmp(&cid_e) == Ordering::Greater);
+        assert_eq!(cid_e.cmp(&cid_e), Ordering::Equal);
+        assert_eq!(cid_e.cmp(&cid_f), Ordering::Less);
+        assert_eq!(cid_f.cmp(&cid_e), Ordering::Greater);
     }
 
     #[test]
@@ -130,11 +130,11 @@ mod tests {
         let cid_z = Cid::new_zero();
 
         let cid_a = Cid::new_lamport(s_uuid, ts5, &ts5);
-        assert!(cid_a.cmp(&cid_z) == Ordering::Greater);
+        assert_eq!(cid_a.cmp(&cid_z), Ordering::Greater);
         let cid_b = Cid::new_lamport(s_uuid, ts15, &ts10);
-        assert!(cid_b.cmp(&cid_a) == Ordering::Greater);
+        assert_eq!(cid_b.cmp(&cid_a), Ordering::Greater);
         // Even with an older ts, we should still step forward.
         let cid_c = Cid::new_lamport(s_uuid, ts10, &ts15);
-        assert!(cid_c.cmp(&cid_b) == Ordering::Greater);
+        assert_eq!(cid_c.cmp(&cid_b), Ordering::Greater);
     }
 }

server/lib/src/repl/tests.rs

@@ -41,7 +41,7 @@ fn repl_initialise(
 
     trace!(?a_ruv_range);
     trace!(?b_ruv_range);
-    assert!(a_ruv_range == b_ruv_range);
+    assert_eq!(a_ruv_range, b_ruv_range);
 
     Ok(())
 }
@@ -238,7 +238,7 @@ async fn test_repl_increment_basic_entry_add(server_a: &QueryServer, server_b: &
 
     trace!(?a_ruv_range);
     trace!(?b_ruv_range);
-    assert!(a_ruv_range == b_ruv_range);
+    assert_eq!(a_ruv_range, b_ruv_range);
 
     server_a_txn.commit().expect("Failed to commit");
 
@@ -321,7 +321,7 @@ async fn test_repl_increment_basic_entry_add(server_a: &QueryServer, server_b: &
 
     trace!(?a_ruv_range);
     trace!(?b_ruv_range);
-    assert!(a_ruv_range == b_ruv_range);
+    assert_eq!(a_ruv_range, b_ruv_range);
 
     // Assert the entry is now present, and the same on both sides
     let e1 = server_a_txn
@@ -331,7 +331,7 @@ async fn test_repl_increment_basic_entry_add(server_a: &QueryServer, server_b: &
         .internal_search_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -387,7 +387,7 @@ async fn test_repl_increment_basic_entry_recycle(server_a: &QueryServer, server_
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -455,7 +455,7 @@ async fn test_repl_increment_basic_entry_tombstone(server_a: &QueryServer, serve
 
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Tombstone.into()));
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -617,7 +617,7 @@ async fn test_repl_increment_basic_bidirectional_write(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     // Now perform a write on A
     assert!(server_a_txn
@@ -642,7 +642,7 @@ async fn test_repl_increment_basic_bidirectional_write(
         .expect("Unable to access entry.");
 
     // They are consistent again.
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(e1.get_ava_set(Attribute::Description).is_none());
 
     server_b_txn.commit().expect("Failed to commit");
@@ -703,11 +703,11 @@ async fn test_repl_increment_basic_deleted_attr(server_a: &QueryServer, server_b
 
     // They are consistent again.
     assert!(e1.get_ava_set(Attribute::Description).is_none());
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
     assert!(e1_cs.get_attr_cid(Attribute::Description).is_some());
 
     server_b_txn.commit().expect("Failed to commit");
@@ -766,7 +766,7 @@ async fn test_repl_increment_simultaneous_bidirectional_write(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     // Now perform a write on A
     assert!(server_a_txn
@@ -817,9 +817,15 @@ async fn test_repl_increment_simultaneous_bidirectional_write(
         .expect("Unable to access entry.");
 
     // They are consistent again.
-    assert!(e1 == e2);
-    assert!(e1.get_ava_single_utf8(Attribute::Description) == Some("repl_test"));
-    assert!(e1.get_ava_single_utf8(Attribute::DisplayName) == Some("repl_test"));
+    assert_eq!(e1, e2);
+    assert_eq!(
+        e1.get_ava_single_utf8(Attribute::Description),
+        Some("repl_test")
+    );
+    assert_eq!(
+        e1.get_ava_single_utf8(Attribute::DisplayName),
+        Some("repl_test")
+    );
 }
 
 // Create entry on A -> B
@@ -878,7 +884,7 @@ async fn test_repl_increment_basic_bidirectional_lifecycle(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -902,7 +908,7 @@ async fn test_repl_increment_basic_bidirectional_lifecycle(
         .expect("Unable to access entry.");
 
     // They are consistent again.
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Recycled.into()));
 
     server_b_txn.commit().expect("Failed to commit");
@@ -959,7 +965,7 @@ async fn test_repl_increment_basic_bidirectional_lifecycle(
 
     // Ts on both.
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Tombstone.into()));
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -1015,7 +1021,7 @@ async fn test_repl_increment_basic_bidirectional_recycle(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -1049,7 +1055,7 @@ async fn test_repl_increment_basic_bidirectional_recycle(
 
     // They are equal, but their CL states are not. e2 should have been
     // retained due to being the latest!
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Recycled.into()));
 
     // Remember entry comparison doesn't compare last_mod_cid.
@@ -1092,11 +1098,11 @@ async fn test_repl_increment_basic_bidirectional_recycle(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -1143,7 +1149,7 @@ async fn test_repl_increment_basic_bidirectional_tombstone(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -1196,7 +1202,7 @@ async fn test_repl_increment_basic_bidirectional_tombstone(
 
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Tombstone.into()));
     assert!(e2.attribute_equality(Attribute::Class, &EntryClass::Tombstone.into()));
-    assert!(e1.get_last_changed() == e2.get_last_changed());
+    assert_eq!(e1.get_last_changed(), e2.get_last_changed());
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
@@ -1314,7 +1320,7 @@ async fn test_repl_increment_creation_uuid_conflict(
     trace!(?e1_acc);
     trace!(?e2_acc);
 
-    assert!(e1.get_last_changed() == e2.get_last_changed());
+    assert_eq!(e1.get_last_changed(), e2.get_last_changed());
 
     let cnf_a = server_a_txn
         .internal_search_conflict_uuid(t_uuid)
@@ -1322,7 +1328,10 @@ async fn test_repl_increment_creation_uuid_conflict(
         // Should be a vec.
         .pop()
         .expect("No conflict entries present");
-    assert!(cnf_a.get_ava_single_iname(Attribute::Name) == Some("testperson1"));
+    assert_eq!(
+        cnf_a.get_ava_single_iname(Attribute::Name),
+        Some("testperson1")
+    );
 
     let cnf_b = server_b_txn
         .internal_search_conflict_uuid(t_uuid)
@@ -1364,7 +1373,7 @@ async fn test_repl_increment_creation_uuid_conflict(
     trace!(?cnf_a);
     trace!(?cnf_b);
 
-    assert!(cnf_a.get_last_changed() == cnf_b.get_last_changed());
+    assert_eq!(cnf_a.get_last_changed(), cnf_b.get_last_changed());
 
     let e1 = server_a_txn
         .internal_search_all_uuid(t_uuid)
@@ -1477,7 +1486,7 @@ async fn test_repl_increment_create_tombstone_uuid_conflict(
     let e2 = server_b_txn
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Tombstone.into()));
 
     server_b_txn.commit().expect("Failed to commit");
@@ -1575,7 +1584,7 @@ async fn test_repl_increment_create_tombstone_conflict(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(e1.attribute_equality(Attribute::Class, &EntryClass::Tombstone.into()));
 
     server_a_txn.commit().expect("Failed to commit");
@@ -1624,7 +1633,7 @@ async fn test_repl_increment_schema_conflict(server_a: &QueryServer, server_b: &
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -1747,7 +1756,7 @@ async fn test_repl_increment_consumer_lagging_attributes(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -1874,7 +1883,7 @@ async fn test_repl_increment_consumer_ruv_trim_past_valid(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -2009,7 +2018,7 @@ async fn test_repl_increment_consumer_ruv_trim_idle_servers(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -2149,11 +2158,11 @@ async fn test_repl_increment_domain_rename(server_a: &QueryServer, server_b: &Qu
         .internal_search_all_uuid(UUID_DOMAIN_INFO)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
 
     // Check that an existing user was updated properly.
     let e1 = server_a_txn
@@ -2165,11 +2174,11 @@ async fn test_repl_increment_domain_rename(server_a: &QueryServer, server_b: &Qu
 
     let vx1 = e1.get_ava_single(Attribute::Spn).expect("spn not present");
     let ex1 = Value::new_spn_str("admin", "new.example.com");
-    assert!(vx1 == ex1);
+    assert_eq!(vx1, ex1);
 
     trace!(?e1);
     trace!(?e2);
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     // Due to the domain rename, the spn regens on everything. This only occurs
     // once per-replica, and is not unlimited.
@@ -2192,7 +2201,7 @@ async fn test_repl_increment_domain_rename(server_a: &QueryServer, server_b: &Qu
 
     let vx2 = e2.get_ava_single(Attribute::Spn).expect("spn not present");
     let ex2 = Value::new_spn_str("testperson1", "new.example.com");
-    assert!(vx2 == ex2);
+    assert_eq!(vx2, ex2);
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
@@ -2220,12 +2229,12 @@ async fn test_repl_increment_domain_rename(server_a: &QueryServer, server_b: &Qu
 
     let vx1 = e1.get_ava_single(Attribute::Spn).expect("spn not present");
     let ex1 = Value::new_spn_str("admin", "new.example.com");
-    assert!(vx1 == ex1);
-    assert!(e1 == e2);
+    assert_eq!(vx1, ex1);
+    assert_eq!(e1, e2);
 
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
 
     // Check the test person is back over and now in sync.
     let e1 = server_a_txn
@@ -2237,12 +2246,12 @@ async fn test_repl_increment_domain_rename(server_a: &QueryServer, server_b: &Qu
 
     let vx2 = e2.get_ava_single(Attribute::Spn).expect("spn not present");
     let ex2 = Value::new_spn_str("testperson1", "new.example.com");
-    assert!(vx2 == ex2);
-    assert!(e1 == e2);
+    assert_eq!(vx2, ex2);
+    assert_eq!(e1, e2);
 
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -2306,7 +2315,7 @@ async fn test_repl_increment_schema_dynamic(server_a: &QueryServer, server_b: &Q
         .internal_search_all_uuid(s_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     let e1 = server_a_txn
         .internal_search_all_uuid(t_uuid)
@@ -2315,7 +2324,7 @@ async fn test_repl_increment_schema_dynamic(server_a: &QueryServer, server_b: &Q
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
@@ -2379,7 +2388,7 @@ async fn test_repl_increment_memberof_basic(server_a: &QueryServer, server_b: &Q
         .internal_search_all_uuid(g_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     let e1 = server_a_txn
         .internal_search_all_uuid(t_uuid)
@@ -2388,7 +2397,7 @@ async fn test_repl_increment_memberof_basic(server_a: &QueryServer, server_b: &Q
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(e1.attribute_equality(Attribute::MemberOf, &PartialValue::Refer(g_uuid)));
     // We should also check dyngroups too here :)
     assert!(e1.attribute_equality(
@@ -2496,7 +2505,7 @@ async fn test_repl_increment_memberof_conflict(server_a: &QueryServer, server_b:
         .internal_search_all_uuid(g_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(!e1.attribute_equality(Attribute::Member, &PartialValue::Refer(t_uuid)));
     assert!(e1.attribute_equality(
         Attribute::Name,
@@ -2510,7 +2519,7 @@ async fn test_repl_increment_memberof_conflict(server_a: &QueryServer, server_b:
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(!e1.attribute_equality(Attribute::MemberOf, &PartialValue::Refer(g_uuid)));
 
     server_a_txn.commit().expect("Failed to commit");
@@ -2622,9 +2631,9 @@ async fn test_repl_increment_refint_tombstone(server_a: &QueryServer, server_b:
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
 
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(!e1.attribute_equality(Attribute::Member, &PartialValue::Refer(t_uuid)));
 
     server_a_txn.commit().expect("Failed to commit");
@@ -2723,9 +2732,9 @@ async fn test_repl_increment_refint_conflict(server_a: &QueryServer, server_b: &
 
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     assert!(!e1.attribute_equality(Attribute::Member, &PartialValue::Refer(t_uuid)));
 
     server_a_txn.commit().expect("Failed to commit");
@@ -2839,8 +2848,8 @@ async fn test_repl_increment_refint_delete_to_member_holder(
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
 
-    assert!(e1_cs == e2_cs);
-    assert!(e1 == e2);
+    assert_eq!(e1_cs, e2_cs);
+    assert_eq!(e1, e2);
     assert!(!e1.attribute_equality(Attribute::Member, &PartialValue::Refer(t_uuid)));
 
     server_b_txn.commit().expect("Failed to commit");
@@ -2933,7 +2942,7 @@ async fn test_repl_increment_attrunique_conflict_basic(
         .internal_search_all_uuid(g_a_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     let e1 = server_a_txn
         .internal_search_all_uuid(g_b_uuid)
@@ -2942,7 +2951,7 @@ async fn test_repl_increment_attrunique_conflict_basic(
         .internal_search_all_uuid(g_b_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
 
@@ -2986,14 +2995,20 @@ async fn test_repl_increment_attrunique_conflict_basic(
         .expect("Unable to search conflict entries.")
         .pop()
         .expect("No conflict entries present");
-    assert!(cnf_a.get_ava_single_iname(Attribute::Name) == Some("name_conflict"));
+    assert_eq!(
+        cnf_a.get_ava_single_iname(Attribute::Name),
+        Some("name_conflict")
+    );
 
     let cnf_b = server_a_txn
         .internal_search_conflict_uuid(g_b_uuid)
         .expect("Unable to search conflict entries.")
         .pop()
         .expect("No conflict entries present");
-    assert!(cnf_b.get_ava_single_iname(Attribute::Name) == Some("name_conflict"));
+    assert_eq!(
+        cnf_b.get_ava_single_iname(Attribute::Name),
+        Some("name_conflict")
+    );
 
     // Check the person has MO A/B removed.
     let e = server_a_txn
@@ -3025,14 +3040,20 @@ async fn test_repl_increment_attrunique_conflict_basic(
         .expect("Unable to search conflict entries.")
         .pop()
         .expect("No conflict entries present");
-    assert!(cnf_a.get_ava_single_iname(Attribute::Name) == Some("name_conflict"));
+    assert_eq!(
+        cnf_a.get_ava_single_iname(Attribute::Name),
+        Some("name_conflict")
+    );
 
     let cnf_b = server_b_txn
         .internal_search_conflict_uuid(g_b_uuid)
         .expect("Unable to search conflict entries.")
         .pop()
         .expect("No conflict entries present");
-    assert!(cnf_b.get_ava_single_iname(Attribute::Name) == Some("name_conflict"));
+    assert_eq!(
+        cnf_b.get_ava_single_iname(Attribute::Name),
+        Some("name_conflict")
+    );
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
@@ -3151,7 +3172,10 @@ async fn test_repl_increment_attrunique_conflict_complex(
         .expect("Unable to search conflict entries.")
         .pop()
         .expect("No conflict entries present");
-    assert!(cnf_a.get_ava_single_iname(Attribute::Name) == Some("name_conflict"));
+    assert_eq!(
+        cnf_a.get_ava_single_iname(Attribute::Name),
+        Some("name_conflict")
+    );
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
@@ -3342,7 +3366,7 @@ async fn test_repl_increment_session_new(server_a: &QueryServer, server_b: &Quer
         .get_ava_as_session_map(Attribute::UserAuthTokenSession)
         .unwrap();
 
-    assert!(sessions_a.len() == 1);
+    assert_eq!(sessions_a.len(), 1);
     assert!(sessions_a.get(&session_id_a).is_some());
     assert!(sessions_a.get(&session_id_b).is_none());
 
@@ -3350,7 +3374,7 @@ async fn test_repl_increment_session_new(server_a: &QueryServer, server_b: &Quer
         .get_ava_as_session_map(Attribute::UserAuthTokenSession)
         .unwrap();
 
-    assert!(sessions_b.len() == 2);
+    assert_eq!(sessions_b.len(), 2);
     assert!(sessions_b.get(&session_id_a).is_some());
     assert!(sessions_b.get(&session_id_b).is_some());
 
@@ -3374,10 +3398,10 @@ async fn test_repl_increment_session_new(server_a: &QueryServer, server_b: &Quer
     let e1_cs = e1.get_changestate();
     let e2_cs = e2.get_changestate();
 
-    assert!(e1_cs == e2_cs);
+    assert_eq!(e1_cs, e2_cs);
     trace!(?e1);
     trace!(?e2);
-    assert!(e1 == e2);
+    assert_eq!(e1, e2);
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -3460,7 +3484,7 @@ async fn test_repl_increment_consumer_lagging_refresh(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1.get_last_changed() == e2.get_last_changed());
+    assert_eq!(e1.get_last_changed(), e2.get_last_changed());
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);
@@ -3603,7 +3627,7 @@ async fn test_repl_increment_consumer_lagging_refresh(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1.get_last_changed() == e2.get_last_changed());
+    assert_eq!(e1.get_last_changed(), e2.get_last_changed());
 
     server_a_txn.commit().expect("Failed to commit");
     drop(server_b_txn);
@@ -3620,7 +3644,7 @@ async fn test_repl_increment_consumer_lagging_refresh(
         .internal_search_all_uuid(t_uuid)
         .expect("Unable to access entry.");
 
-    assert!(e1.get_last_changed() == e2.get_last_changed());
+    assert_eq!(e1.get_last_changed(), e2.get_last_changed());
 
     server_b_txn.commit().expect("Failed to commit");
     drop(server_a_txn);

server/lib/src/schema.rs

@@ -2976,7 +2976,7 @@ mod tests {
 
         assert!(schema.update_classes(vec![class]).is_ok());
 
-        assert!(schema.validate().len() == 1);
+        assert_eq!(schema.validate().len(), 1);
     }
 
     #[test]

server/lib/src/server/access/mod.rs

@@ -1544,7 +1544,7 @@ mod tests {
             debug!("result --> {:?}", res);
             debug!("expect --> {:?}", $expect);
             // should be ok, and same as expect.
-            assert!(res == $expect);
+            assert_eq!(res, $expect);
         }};
     }
 
@@ -1576,7 +1576,7 @@ mod tests {
             debug!("expect --> {:?}", expect_set);
             debug!("result --> {:?}", reduced);
             // should be ok, and same as expect.
-            assert!(reduced == expect_set);
+            assert_eq!(reduced, expect_set);
         }};
     }
 
@@ -1825,7 +1825,7 @@ mod tests {
             debug!("result --> {:?}", res);
             debug!("expect --> {:?}", $expect);
             // should be ok, and same as expect.
-            assert!(res == $expect);
+            assert_eq!(res, $expect);
         }};
         (
             $me:expr,
@@ -1852,7 +1852,7 @@ mod tests {
             debug!("result --> {:?}", res);
             debug!("expect --> {:?}", $expect);
             // should be ok, and same as expect.
-            assert!(res == $expect);
+            assert_eq!(res, $expect);
         }};
     }
 
@@ -2073,7 +2073,7 @@ mod tests {
             debug!("result --> {:?}", res);
             debug!("expect --> {:?}", $expect);
             // should be ok, and same as expect.
-            assert!(res == $expect);
+            assert_eq!(res, $expect);
         }};
     }
 
@@ -2227,7 +2227,7 @@ mod tests {
             debug!("result --> {:?}", res);
             debug!("expect --> {:?}", $expect);
             // should be ok, and same as expect.
-            assert!(res == $expect);
+            assert_eq!(res, $expect);
         }};
     }
 
@@ -2334,7 +2334,7 @@ mod tests {
             debug!("result --> {:?}", res);
             debug!("expect --> {:?}", $expect);
             // should be ok, and same as expect.
-            assert!(res == $expect);
+            assert_eq!(res, $expect);
         }};
     }
 

server/lib/src/server/batch_modify.rs

@@ -352,7 +352,7 @@ mod tests {
             .internal_search_uuid(uuid_b)
             .expect("Failed to get entry.");
 
-        assert!(ent_a.get_ava_single_utf8(Attribute::Description) == Some("a"));
-        assert!(ent_b.get_ava_single_utf8(Attribute::Description) == Some("b"));
+        assert_eq!(ent_a.get_ava_single_utf8(Attribute::Description), Some("a"));
+        assert_eq!(ent_b.get_ava_single_utf8(Attribute::Description), Some("b"));
     }
 }

server/lib/src/server/create.rs

@@ -226,7 +226,7 @@ mod tests {
 
         let r2 = server_txn.search(&se1).expect("search failure");
         debug!("--> {:?}", r2);
-        assert!(r2.len() == 1);
+        assert_eq!(r2.len(), 1);
 
         // We apply some member-of in the server now, so we add these before we seal.
         e.add_ava(Attribute::Class, EntryClass::MemberOf.into());

server/lib/src/server/mod.rs

@@ -2262,16 +2262,16 @@ mod tests {
         assert!(r2.is_err());
         // Name does exist
         let r3 = server_txn.name_to_uuid("testperson1");
-        assert!(r3 == Ok(t_uuid));
+        assert_eq!(r3, Ok(t_uuid));
         // Name is not syntax normalised (but exists)
         let r4 = server_txn.name_to_uuid("tEsTpErSoN1");
-        assert!(r4 == Ok(t_uuid));
+        assert_eq!(r4, Ok(t_uuid));
         // Name is an rdn
         let r5 = server_txn.name_to_uuid("name=testperson1");
-        assert!(r5 == Ok(t_uuid));
+        assert_eq!(r5, Ok(t_uuid));
         // Name is a dn
         let r6 = server_txn.name_to_uuid("name=testperson1,o=example");
-        assert!(r6 == Ok(t_uuid));
+        assert_eq!(r6, Ok(t_uuid));
     }
 
     #[qs_test]
@@ -2293,16 +2293,16 @@ mod tests {
 
         // Name doesn't exist
         let r1 = server_txn.sync_external_id_to_uuid("tobias");
-        assert!(r1 == Ok(None));
+        assert_eq!(r1, Ok(None));
         // Name doesn't exist (not syntax normalised)
         let r2 = server_txn.sync_external_id_to_uuid("tObIAs");
-        assert!(r2 == Ok(None));
+        assert_eq!(r2, Ok(None));
         // Name does exist
         let r3 = server_txn.sync_external_id_to_uuid("uid=testperson");
-        assert!(r3 == Ok(Some(t_uuid)));
+        assert_eq!(r3, Ok(Some(t_uuid)));
         // Name is not syntax normalised (but exists)
         let r4 = server_txn.sync_external_id_to_uuid("uId=TeStPeRsOn");
-        assert!(r4 == Ok(Some(t_uuid)));
+        assert_eq!(r4, Ok(Some(t_uuid)));
     }
 
     #[qs_test]
@@ -2328,14 +2328,20 @@ mod tests {
         // Name doesn't exist
         let r1 = server_txn.uuid_to_spn(uuid!("bae3f507-e6c3-44ba-ad01-f8ff1083534a"));
         // There is nothing.
-        assert!(r1 == Ok(None));
+        assert_eq!(r1, Ok(None));
         // Name does exist
         let r3 = server_txn.uuid_to_spn(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"));
         println!("{r3:?}");
-        assert!(r3.unwrap().unwrap() == Value::new_spn_str("testperson1", "example.com"));
+        assert_eq!(
+            r3.unwrap().unwrap(),
+            Value::new_spn_str("testperson1", "example.com")
+        );
         // Name is not syntax normalised (but exists)
         let r4 = server_txn.uuid_to_spn(uuid!("CC8E95B4-C24F-4D68-BA54-8BED76F63930"));
-        assert!(r4.unwrap().unwrap() == Value::new_spn_str("testperson1", "example.com"));
+        assert_eq!(
+            r4.unwrap().unwrap(),
+            Value::new_spn_str("testperson1", "example.com")
+        );
     }
 
     #[qs_test]
@@ -2361,14 +2367,14 @@ mod tests {
         // Name doesn't exist
         let r1 = server_txn.uuid_to_rdn(uuid!("bae3f507-e6c3-44ba-ad01-f8ff1083534a"));
         // There is nothing.
-        assert!(r1.unwrap() == "uuid=bae3f507-e6c3-44ba-ad01-f8ff1083534a");
+        assert_eq!(r1.unwrap(), "uuid=bae3f507-e6c3-44ba-ad01-f8ff1083534a");
         // Name does exist
         let r3 = server_txn.uuid_to_rdn(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"));
         println!("{r3:?}");
-        assert!(r3.unwrap() == "spn=testperson1@example.com");
+        assert_eq!(r3.unwrap(), "spn=testperson1@example.com");
         // Uuid is not syntax normalised (but exists)
         let r4 = server_txn.uuid_to_rdn(uuid!("CC8E95B4-C24F-4D68-BA54-8BED76F63930"));
-        assert!(r4.unwrap() == "spn=testperson1@example.com");
+        assert_eq!(r4.unwrap(), "spn=testperson1@example.com");
     }
 
     #[qs_test]
@@ -2404,13 +2410,19 @@ mod tests {
         // test attr reference
         let r3 = server_txn.clone_value("member", "testperson1");
 
-        assert!(r3 == Ok(Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))));
+        assert_eq!(
+            r3,
+            Ok(Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930")))
+        );
 
         // test attr reference already resolved.
         let r4 = server_txn.clone_value("member", "cc8e95b4-c24f-4d68-ba54-8bed76f63930");
 
         debug!("{:?}", r4);
-        assert!(r4 == Ok(Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))));
+        assert_eq!(
+            r4,
+            Ok(Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930")))
+        );
     }
 
     #[qs_test]

server/lib/src/server/modify.rs

@@ -610,7 +610,10 @@ mod tests {
             filter!(f_pres(Attribute::Class)),
             ModifyList::new_list(vec![]),
         );
-        assert!(server_txn.modify(&me_emp) == Err(OperationError::EmptyRequest));
+        assert_eq!(
+            server_txn.modify(&me_emp),
+            Err(OperationError::EmptyRequest)
+        );
 
         // Mod changes no objects
         let me_nochg = ModifyEvent::new_impersonate_entry_ser(
@@ -624,7 +627,10 @@ mod tests {
                 Value::from("anusaosu"),
             )]),
         );
-        assert!(server_txn.modify(&me_nochg) == Err(OperationError::NoMatchingEntries));
+        assert_eq!(
+            server_txn.modify(&me_nochg),
+            Err(OperationError::NoMatchingEntries)
+        );
 
         // TODO: can we can this, since the filter's defined as an enum now
         // Filter is invalid to schema - to check this due to changes in the way events are

server/lib/src/server/recycle.rs

@@ -339,14 +339,14 @@ mod tests {
 
         // Can in be seen by special search? (external recycle search)
         let r2 = server_txn.search(&sre_rc).expect("search failed");
-        assert!(r2.len() == 2);
+        assert_eq!(r2.len(), 2);
 
         // Can it be seen (internal search)
         // Internal search should see it.
         let r2 = server_txn
             .internal_search(filt_i_rc.clone())
             .expect("internal search failed");
-        assert!(r2.len() == 2);
+        assert_eq!(r2.len(), 2);
 
         // There are now two paths forward
         //  revival or purge!
@@ -357,7 +357,7 @@ mod tests {
         let r3 = server_txn
             .internal_search(filt_i_rc.clone())
             .expect("internal search failed");
-        assert!(r3.len() == 1);
+        assert_eq!(r3.len(), 1);
 
         // Commit
         assert!(server_txn.commit().is_ok());
@@ -378,13 +378,13 @@ mod tests {
         let r5 = server_txn
             .internal_search(filt_i_ts.clone())
             .expect("internal search failed");
-        assert!(r5.len() == 1);
+        assert_eq!(r5.len(), 1);
 
         // There should be one entry
         let r6 = server_txn
             .internal_search(filt_i_per.clone())
             .expect("internal search failed");
-        assert!(r6.len() == 1);
+        assert_eq!(r6.len(), 1);
 
         assert!(server_txn.commit().is_ok());
     }
@@ -422,7 +422,7 @@ mod tests {
         let filt_rc = filter_all!(f_eq(Attribute::Class, EntryClass::Recycled.into()));
         let sre_rc = SearchEvent::new_rec_impersonate_entry(admin, filt_rc);
         let r2 = server_txn.search(&sre_rc).expect("search failed");
-        assert!(r2.len() == 1);
+        assert_eq!(r2.len(), 1);
 
         // Create dup uuid (rej)
         // After a delete -> recycle, create duplicate name etc.
@@ -455,14 +455,17 @@ mod tests {
         let cr = server_txn.create(&ce);
         assert!(cr.is_ok());
 
-        assert!(server_txn.uuid_to_rdn(tuuid) == Ok("spn=testperson1@example.com".to_string()));
+        assert_eq!(
+            server_txn.uuid_to_rdn(tuuid),
+            Ok("spn=testperson1@example.com".to_string())
+        );
 
         assert!(
             server_txn.uuid_to_spn(tuuid)
                 == Ok(Some(Value::new_spn_str("testperson1", "example.com")))
         );
 
-        assert!(server_txn.name_to_uuid("testperson1") == Ok(tuuid));
+        assert_eq!(server_txn.name_to_uuid("testperson1"), Ok(tuuid));
 
         // delete
         let de_sin = DeleteEvent::new_internal_invalid(filter!(f_eq(
@@ -477,7 +480,7 @@ mod tests {
                 == Ok("uuid=cc8e95b4-c24f-4d68-ba54-8bed76f63930".to_string())
         );
 
-        assert!(server_txn.uuid_to_spn(tuuid) == Ok(None));
+        assert_eq!(server_txn.uuid_to_spn(tuuid), Ok(None));
 
         assert!(server_txn.name_to_uuid("testperson1").is_err());
 
@@ -494,14 +497,17 @@ mod tests {
 
         // all checks pass
 
-        assert!(server_txn.uuid_to_rdn(tuuid) == Ok("spn=testperson1@example.com".to_string()));
+        assert_eq!(
+            server_txn.uuid_to_rdn(tuuid),
+            Ok("spn=testperson1@example.com".to_string())
+        );
 
         assert!(
             server_txn.uuid_to_spn(tuuid)
                 == Ok(Some(Value::new_spn_str("testperson1", "example.com")))
         );
 
-        assert!(server_txn.name_to_uuid("testperson1") == Ok(tuuid));
+        assert_eq!(server_txn.name_to_uuid("testperson1"), Ok(tuuid));
     }
 
     #[qs_test]
@@ -581,7 +587,7 @@ mod tests {
         let r2 = server_txn
             .internal_search(filt_i_ts.clone())
             .expect("internal search failed");
-        assert!(r2.len() == 1);
+        assert_eq!(r2.len(), 1);
 
         // If we purge now, nothing happens, we aren't past the time window.
         assert!(server_txn.purge_tombstones().is_ok());
@@ -589,7 +595,7 @@ mod tests {
         let r3 = server_txn
             .internal_search(filt_i_ts.clone())
             .expect("internal search failed");
-        assert!(r3.len() == 1);
+        assert_eq!(r3.len(), 1);
 
         // Commit
         assert!(server_txn.commit().is_ok());

server/lib/src/utils.rs

@@ -171,15 +171,15 @@ mod tests {
     fn test_utils_uuid_to_gid_u32() {
         let u1 = uuid!("00000000-0000-0001-0000-000000000000");
         let r1 = uuid_to_gid_u32(u1);
-        assert!(r1 == 0);
+        assert_eq!(r1, 0);
 
         let u2 = uuid!("00000000-0000-0001-0000-0000ffffffff");
         let r2 = uuid_to_gid_u32(u2);
-        assert!(r2 == 0xffffffff);
+        assert_eq!(r2, 0xffffffff);
 
         let u3 = uuid!("00000000-0000-0001-0000-ffff12345678");
         let r3 = uuid_to_gid_u32(u3);
-        assert!(r3 == 0x12345678);
+        assert_eq!(r3, 0x12345678);
     }
 
     #[test]

server/lib/src/value.rs

@@ -871,7 +871,7 @@ impl PartialValue {
             PartialValue::Spn(name, realm) => format!("{name}@{realm}"),
             PartialValue::Uint32(u) => u.to_string(),
             PartialValue::DateTime(odt) => {
-                debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                 #[allow(clippy::expect_used)]
                 odt.format(&Rfc3339)
                     .expect("Failed to format timestamp into RFC3339")
@@ -1642,7 +1642,7 @@ impl Value {
     pub fn to_datetime(&self) -> Option<OffsetDateTime> {
         match &self {
             Value::DateTime(odt) => {
-                debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                 Some(*odt)
             }
             _ => None,
@@ -2244,12 +2244,12 @@ mod tests {
         // check it's indexing output
         let vidx_key = spnv.generate_idx_eq_keys().pop().unwrap();
         let idx_key = spnp.get_idx_eq_key();
-        assert!(idx_key == vidx_key);
+        assert_eq!(idx_key,vidx_key);
         // check it can parse from name@realm
         let spn_parse = PartialValue::new_spn_s("claire@example.net.au").unwrap();
-        assert!(spn_parse == spnp);
+        assert_eq!(spn_parse,spnp);
         // check it can produce name@realm as str from the pv.
-        assert!("claire@example.net.au" == spnv.to_proto_string_clone());
+        assert_eq!("claire@example.net.au",spnv.to_proto_string_clone());
     }
     */
 
@@ -2265,7 +2265,7 @@ mod tests {
         let idx_key = u32pv.get_idx_eq_key();
         let vidx_key = u32v.generate_idx_eq_keys().pop().unwrap();
 
-        assert!(idx_key == vidx_key);
+        assert_eq!(idx_key,vidx_key);
     }
     */
 

server/lib/src/valueset/address.rs

@@ -536,8 +536,11 @@ mod tests {
         //
         let mut vs: ValueSet = ValueSetEmailAddress::new("claire@example.com".to_string());
 
-        assert!(vs.len() == 1);
-        assert!(vs.to_email_address_primary_str() == Some("claire@example.com"));
+        assert_eq!(vs.len(), 1);
+        assert_eq!(
+            vs.to_email_address_primary_str(),
+            Some("claire@example.com")
+        );
 
         // Add another, still not primary.
         assert!(
@@ -546,8 +549,11 @@ mod tests {
             ) == Ok(true)
         );
 
-        assert!(vs.len() == 2);
-        assert!(vs.to_email_address_primary_str() == Some("claire@example.com"));
+        assert_eq!(vs.len(), 2);
+        assert_eq!(
+            vs.to_email_address_primary_str(),
+            Some("claire@example.com")
+        );
 
         // Update primary
         assert!(
@@ -555,28 +561,34 @@ mod tests {
                 Value::new_email_address_primary_s("primary@example.com").expect("Invalid Email")
             ) == Ok(true)
         );
-        assert!(vs.to_email_address_primary_str() == Some("primary@example.com"));
+        assert_eq!(
+            vs.to_email_address_primary_str(),
+            Some("primary@example.com")
+        );
 
         // Restore from dbv1, ensure correct primary
         let vs2 = valueset::from_db_valueset_v2(vs.to_db_valueset_v2())
             .expect("Failed to construct vs2 from dbvalue");
 
         assert_eq!(&vs, &vs2);
-        assert!(vs.to_email_address_primary_str() == vs2.to_email_address_primary_str());
+        assert_eq!(
+            vs.to_email_address_primary_str(),
+            vs2.to_email_address_primary_str()
+        );
 
         // Remove primary, assert it's gone and that the "first" address is assigned.
         assert!(vs.remove(
             &PartialValue::new_email_address_s("primary@example.com"),
             &Cid::new_zero()
         ));
-        assert!(vs.len() == 2);
-        assert!(vs.to_email_address_primary_str() == Some("alice@example.com"));
+        assert_eq!(vs.len(), 2);
+        assert_eq!(vs.to_email_address_primary_str(), Some("alice@example.com"));
 
         // Restore from dbv1, alice persisted.
         let vs3 = valueset::from_db_valueset_v2(vs.to_db_valueset_v2())
             .expect("Failed to construct vs2 from dbvalue");
         assert_eq!(&vs, &vs3);
-        assert!(vs3.len() == 2);
+        assert_eq!(vs3.len(), 2);
         assert!(vs3
             .as_emailaddress_set()
             .map(|(_p, s)| s)
@@ -590,7 +602,7 @@ mod tests {
 
         // If we clear, no primary.
         vs.clear();
-        assert!(vs.len() == 0);
+        assert_eq!(vs.len(), 0);
         assert!(vs.to_email_address_primary_str().is_none());
     }
 }

server/lib/src/valueset/apppwd.rs

@@ -283,37 +283,37 @@ mod tests {
         };
 
         let mut vs: ValueSet = ValueSetApplicationPassword::new(ap1);
-        assert!(vs.len() == 1);
+        assert_eq!(vs.len(), 1);
 
         let res = vs
             .insert_checked(Value::ApplicationPassword(ap2))
             .expect("Failed to insert");
         assert!(res);
-        assert!(vs.len() == 2);
+        assert_eq!(vs.len(), 2);
 
         let res = vs
             .insert_checked(Value::ApplicationPassword(ap3))
             .expect("Failed to insert");
         assert!(res);
-        assert!(vs.len() == 3);
+        assert_eq!(vs.len(), 3);
 
         let res = vs.remove(&PartialValue::Uuid(Uuid::new_v4()), &Cid::new_zero());
         assert!(!res);
-        assert!(vs.len() == 3);
+        assert_eq!(vs.len(), 3);
 
         let res = vs.remove(&PartialValue::Uuid(ap1_uuid), &Cid::new_zero());
         assert!(res);
-        assert!(vs.len() == 2);
+        assert_eq!(vs.len(), 2);
 
         let res = vs.remove(&PartialValue::Uuid(ap3_uuid), &Cid::new_zero());
         assert!(res);
-        assert!(vs.len() == 1);
+        assert_eq!(vs.len(), 1);
 
         let res = vs.remove(&PartialValue::Uuid(ap2_uuid), &Cid::new_zero());
         assert!(res);
-        assert!(vs.len() == 0);
+        assert_eq!(vs.len(), 0);
 
         let res = vs.as_application_password_map().unwrap();
-        assert!(res.keys().len() == 0);
+        assert_eq!(res.keys().len(), 0);
     }
 }

server/lib/src/valueset/auditlogstring.rs

@@ -203,7 +203,7 @@ mod tests {
     #[test]
     fn test_valueset_auditlogstring_merge() {
         let mut vs: ValueSet = ValueSetAuditLogString::new((Cid::new_count(0), "A".to_string()));
-        assert!(vs.len() == 1);
+        assert_eq!(vs.len(), 1);
 
         for i in 1..AUDIT_LOG_STRING_CAPACITY {
             vs.insert_checked(Value::AuditLogString(
@@ -213,7 +213,7 @@ mod tests {
             .unwrap();
         }
 
-        assert!(vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(vs.len(), AUDIT_LOG_STRING_CAPACITY);
 
         // Add one extra
         vs.insert_checked(Value::AuditLogString(
@@ -222,14 +222,14 @@ mod tests {
         ))
         .unwrap();
 
-        assert!(vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(vs.len(), AUDIT_LOG_STRING_CAPACITY);
 
         let mut v_iter = vs.to_value_iter();
         let Some(Value::AuditLogString(c, _s)) = v_iter.next() else {
             unreachable!();
         };
         // Should always be '1' since the set merge would have pushed '0' (ring-buffer);
-        assert!(c.ts == Duration::from_secs(1));
+        assert_eq!(c.ts, Duration::from_secs(1));
         println!("{:?}", c);
         drop(v_iter);
 
@@ -238,20 +238,20 @@ mod tests {
             // Notice that 0 here is older than our other set items.
             (Cid::new_count(0), "A".to_string()),
         );
-        assert!(other_vs.len() == 1);
+        assert_eq!(other_vs.len(), 1);
 
         // Merge. The content of other_vs should be dropped.
         vs.merge(&other_vs)
             .expect("Failed to merge, incorrect types");
 
         // No change in the state of the set.
-        assert!(vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(vs.len(), AUDIT_LOG_STRING_CAPACITY);
         let mut v_iter = vs.to_value_iter();
         let Some(Value::AuditLogString(c, _s)) = v_iter.next() else {
             unreachable!();
         };
         // Should always be '1' since the set merge would have pushed '0' (ring-buffer);
-        assert!(c.ts == Duration::from_secs(1));
+        assert_eq!(c.ts, Duration::from_secs(1));
         println!("{:?}", c);
         drop(v_iter);
 
@@ -266,20 +266,20 @@ mod tests {
             // Notice that 0 here is older than our other set items.
             (Cid::new_count(100), "A".to_string()),
         );
-        assert!(other_vs.len() == 1);
+        assert_eq!(other_vs.len(), 1);
 
         vs.merge(&other_vs)
             .expect("Failed to merge, incorrect types");
 
         // New value has pushed out the next oldest.
-        assert!(vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(vs.len(), AUDIT_LOG_STRING_CAPACITY);
         let mut v_iter = vs.to_value_iter();
         let Some(Value::AuditLogString(c, _s)) = v_iter.next() else {
             unreachable!();
         };
         // Should always be '1' since the set merge would have pushed '0' (ring-buffer);
         println!("{:?}", c);
-        assert!(c.ts == Duration::from_secs(2));
+        assert_eq!(c.ts, Duration::from_secs(2));
         drop(v_iter);
     }
 
@@ -287,7 +287,7 @@ mod tests {
     fn test_valueset_auditlogstring_repl_merge() {
         let zero_cid = Cid::new_zero();
         let mut vs: ValueSet = ValueSetAuditLogString::new((Cid::new_count(1), "A".to_string()));
-        assert!(vs.len() == 1);
+        assert_eq!(vs.len(), 1);
 
         for i in 2..(AUDIT_LOG_STRING_CAPACITY + 1) {
             vs.insert_checked(Value::AuditLogString(
@@ -297,14 +297,14 @@ mod tests {
             .unwrap();
         }
 
-        assert!(vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(vs.len(), AUDIT_LOG_STRING_CAPACITY);
 
         // Make a second set.
         let other_vs: ValueSet = ValueSetAuditLogString::new(
             // Notice that 0 here is older than our other set items.
             (Cid::new_count(0), "A".to_string()),
         );
-        assert!(other_vs.len() == 1);
+        assert_eq!(other_vs.len(), 1);
 
         // Merge. The content of other_vs should be dropped.
         let r_vs = vs
@@ -312,13 +312,13 @@ mod tests {
             .expect("merge did not occur");
 
         // No change in the state of the set.
-        assert!(r_vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(r_vs.len(), AUDIT_LOG_STRING_CAPACITY);
         let mut v_iter = r_vs.to_value_iter();
         let Some(Value::AuditLogString(c, _s)) = v_iter.next() else {
             unreachable!();
         };
         // Should always be '1' since the set merge would have pushed '0' (ring-buffer);
-        assert!(c.ts == Duration::from_secs(1));
+        assert_eq!(c.ts, Duration::from_secs(1));
         println!("{:?}", c);
         drop(v_iter);
 
@@ -333,21 +333,21 @@ mod tests {
             // Notice that 0 here is older than our other set items.
             (Cid::new_count(100), "A".to_string()),
         );
-        assert!(other_vs.len() == 1);
+        assert_eq!(other_vs.len(), 1);
 
         let r_vs = vs
             .repl_merge_valueset(&other_vs, &zero_cid)
             .expect("merge did not occur");
 
         // New value has pushed out the next oldest.
-        assert!(r_vs.len() == AUDIT_LOG_STRING_CAPACITY);
+        assert_eq!(r_vs.len(), AUDIT_LOG_STRING_CAPACITY);
         let mut v_iter = r_vs.to_value_iter();
         let Some(Value::AuditLogString(c, _s)) = v_iter.next() else {
             unreachable!();
         };
         // Should always be '1' since the set merge would have pushed '0' (ring-buffer);
         println!("{:?}", c);
-        assert!(c.ts == Duration::from_secs(2));
+        assert_eq!(c.ts, Duration::from_secs(2));
         drop(v_iter);
     }
 }

server/lib/src/valueset/datetime.rs

@@ -111,7 +111,7 @@ impl ValueSetT for ValueSetDateTime {
         self.set
             .iter()
             .map(|odt| {
-                debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                 #[allow(clippy::expect_used)]
                 odt.format(&Rfc3339)
                     .expect("Failed to format timestamp into RFC3339")
@@ -129,7 +129,7 @@ impl ValueSetT for ValueSetDateTime {
 
     fn to_proto_string_clone_iter(&self) -> Box<dyn Iterator<Item = String> + '_> {
         Box::new(self.set.iter().map(|odt| {
-            debug_assert!(odt.offset() == time::UtcOffset::UTC);
+            debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
             #[allow(clippy::expect_used)]
             odt.format(&Rfc3339)
                 .expect("Failed to format timestamp into RFC3339")
@@ -141,7 +141,7 @@ impl ValueSetT for ValueSetDateTime {
             self.set
                 .iter()
                 .map(|odt| {
-                    debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                    debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                     #[allow(clippy::expect_used)]
                     odt.format(&Rfc3339)
                         .expect("Failed to format timestamp into RFC3339")
@@ -156,7 +156,7 @@ impl ValueSetT for ValueSetDateTime {
                 .set
                 .iter()
                 .map(|odt| {
-                    debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                    debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                     #[allow(clippy::expect_used)]
                     odt.format(&Rfc3339)
                         .expect("Failed to format timestamp into RFC3339")

server/lib/src/valueset/key_internal.rs

@@ -405,7 +405,7 @@ mod tests {
         // Simulate session revocation.
         vs_a.purge(&one_cid);
 
-        assert!(vs_a.len() == 1);
+        assert_eq!(vs_a.len(), 1);
 
         let key_internal = vs_a
             .as_key_internal_map()
@@ -448,7 +448,7 @@ mod tests {
 
         vs_a.merge(&vs_b).expect("Failed to merge");
 
-        assert!(vs_a.len() == 1);
+        assert_eq!(vs_a.len(), 1);
         let key_internal = vs_a
             .as_key_internal_map()
             .and_then(|map| map.get(&kid))
@@ -482,7 +482,7 @@ mod tests {
 
         vs_b.merge(&vs_a).expect("Failed to merge");
 
-        assert!(vs_b.len() == 1);
+        assert_eq!(vs_b.len(), 1);
 
         let key_internal = vs_b
             .as_key_internal_map()
@@ -545,7 +545,7 @@ mod tests {
 
         eprintln!("{:?}", key_internal_map);
 
-        assert!(vs_r.len() == 1);
+        assert_eq!(vs_r.len(), 1);
 
         let key_internal = key_internal_map.get(&kid).expect("Unable to access key");
 
@@ -608,7 +608,7 @@ mod tests {
 
         eprintln!("{:?}", key_internal_map);
 
-        assert!(vs_r.len() == 1);
+        assert_eq!(vs_r.len(), 1);
 
         let key_internal = key_internal_map.get(&kid).expect("Unable to access key");
 

server/lib/src/valueset/session.rs

@@ -44,7 +44,7 @@ impl ValueSetSession {
 
                 state: match &m.state {
                     SessionState::ExpiresAt(odt) => {
-                        debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                         #[allow(clippy::expect_used)]
                         odt.format(&Rfc3339)
                             .map(DbValueSessionStateV1::ExpiresAt)
@@ -58,7 +58,7 @@ impl ValueSetSession {
                 },
 
                 issued_at: {
-                    debug_assert!(m.issued_at.offset() == time::UtcOffset::UTC);
+                    debug_assert_eq!(m.issued_at.offset(), time::UtcOffset::UTC);
                     #[allow(clippy::expect_used)]
                     m.issued_at
                         .format(&Rfc3339)
@@ -907,7 +907,7 @@ impl ValueSetT for ValueSetOauth2Session {
                     parent: m.parent,
                     state: match &m.state {
                         SessionState::ExpiresAt(odt) => {
-                            debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                            debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                             #[allow(clippy::expect_used)]
                             odt.format(&Rfc3339)
                                 .map(DbValueSessionStateV1::ExpiresAt)
@@ -920,7 +920,7 @@ impl ValueSetT for ValueSetOauth2Session {
                         }),
                     },
                     issued_at: {
-                        debug_assert!(m.issued_at.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(m.issued_at.offset(), time::UtcOffset::UTC);
                         #[allow(clippy::expect_used)]
                         m.issued_at
                             .format(&Rfc3339)
@@ -942,7 +942,7 @@ impl ValueSetT for ValueSetOauth2Session {
                     parent: m.parent,
                     state: match &m.state {
                         SessionState::ExpiresAt(odt) => {
-                            debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                            debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                             #[allow(clippy::expect_used)]
                             odt.format(&Rfc3339)
                                 .map(ReplSessionStateV1::ExpiresAt)
@@ -952,7 +952,7 @@ impl ValueSetT for ValueSetOauth2Session {
                         SessionState::RevokedAt(c) => ReplSessionStateV1::RevokedAt(c.into()),
                     },
                     issued_at: {
-                        debug_assert!(m.issued_at.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(m.issued_at.offset(), time::UtcOffset::UTC);
                         #[allow(clippy::expect_used)]
                         m.issued_at
                             .format(&Rfc3339)
@@ -1328,13 +1328,13 @@ impl ValueSetT for ValueSetApiToken {
                     refer: *u,
                     label: m.label.clone(),
                     expiry: m.expiry.map(|odt| {
-                        debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                         #[allow(clippy::expect_used)]
                         odt.format(&Rfc3339)
                             .expect("Failed to format timestamp into RFC3339")
                     }),
                     issued_at: {
-                        debug_assert!(m.issued_at.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(m.issued_at.offset(), time::UtcOffset::UTC);
                         #[allow(clippy::expect_used)]
                         m.issued_at
                             .format(&Rfc3339)
@@ -1364,13 +1364,13 @@ impl ValueSetT for ValueSetApiToken {
                     refer: *u,
                     label: m.label.clone(),
                     expiry: m.expiry.map(|odt| {
-                        debug_assert!(odt.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(odt.offset(), time::UtcOffset::UTC);
                         #[allow(clippy::expect_used)]
                         odt.format(&Rfc3339)
                             .expect("Failed to format timestamp into RFC3339")
                     }),
                     issued_at: {
-                        debug_assert!(m.issued_at.offset() == time::UtcOffset::UTC);
+                        debug_assert_eq!(m.issued_at.offset(), time::UtcOffset::UTC);
 
                         #[allow(clippy::expect_used)]
                         m.issued_at
@@ -1459,7 +1459,7 @@ mod tests {
         // Simulate session revocation.
         vs.purge(&zero_cid);
 
-        assert!(vs.len() == 1);
+        assert_eq!(vs.len(), 1);
 
         let session = vs
             .as_session_map()
@@ -1773,7 +1773,7 @@ mod tests {
 
         vs_a.trim(&zero_cid);
 
-        assert!(vs_a.len() == SESSION_MAXIMUM);
+        assert_eq!(vs_a.len(), SESSION_MAXIMUM);
 
         let sessions = vs_a.as_session_map().expect("Unable to access sessions");
 
@@ -1798,7 +1798,7 @@ mod tests {
         // Simulate session revocation.
         vs.purge(&zero_cid);
 
-        assert!(vs.len() == 1);
+        assert_eq!(vs.len(), 1);
 
         let session = vs
             .as_oauth2session_map()

server/lib/src/valueset/uint32.rs

@@ -171,8 +171,8 @@ mod tests {
     #[test]
     fn test_valueset_basic() {
         let mut vs = ValueSetUint32::new(0);
-        assert!(vs.insert_checked(Value::new_uint32(0)) == Ok(false));
-        assert!(vs.insert_checked(Value::new_uint32(1)) == Ok(true));
-        assert!(vs.insert_checked(Value::new_uint32(1)) == Ok(false));
+        assert_eq!(vs.insert_checked(Value::new_uint32(0)), Ok(false));
+        assert_eq!(vs.insert_checked(Value::new_uint32(1)), Ok(true));
+        assert_eq!(vs.insert_checked(Value::new_uint32(1)), Ok(false));
     }
 }

server/testkit/src/lib.rs

@@ -323,7 +323,7 @@ pub async fn test_read_attrs(
             _ => e.attrs.contains_key(attr.as_ref()),
         };
         trace!("is_ok: {}, is_readable: {}", is_ok, is_readable);
-        assert!(is_ok == is_readable)
+        assert_eq!(is_ok, is_readable)
     }
 }
 
@@ -338,7 +338,7 @@ pub async fn test_write_attrs(
         println!("Writing to {} - ex {}", attr, is_writeable);
         #[allow(clippy::unwrap_used)]
         let is_ok = is_attr_writable(rsclient, id, *attr).await.unwrap();
-        assert!(is_ok == is_writeable)
+        assert_eq!(is_ok, is_writeable)
     }
 }
 
@@ -354,7 +354,7 @@ pub async fn test_modify_group(
             #[allow(clippy::unwrap_used)]
             let is_writable = is_attr_writable(rsclient, group, attr).await.unwrap();
             dbg!(group, attr, is_writable, can_be_modified);
-            assert!(is_writable == can_be_modified)
+            assert_eq!(is_writable, can_be_modified)
         }
         assert!(
             rsclient

server/testkit/tests/oauth2_test.rs

@@ -9,7 +9,8 @@ use kanidm_proto::constants::*;
 use kanidm_proto::internal::Oauth2ClaimMapJoin;
 use kanidm_proto::oauth2::{
     AccessTokenIntrospectRequest, AccessTokenIntrospectResponse, AccessTokenRequest,
-    AccessTokenResponse, AuthorisationResponse, GrantTypeReq, OidcDiscoveryResponse,
+    AccessTokenResponse, AccessTokenType, AuthorisationResponse, GrantTypeReq,
+    OidcDiscoveryResponse,
 };
 use kanidmd_lib::prelude::{Attribute, IDM_ALL_ACCOUNTS};
 use oauth2_ext::PkceCodeChallenge;
@@ -156,7 +157,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send discovery preflight request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
 
     let cors_header: &str = response
         .headers()
@@ -172,7 +173,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
 
     // Assert CORS on the GET too.
     let cors_header: &str = response
@@ -194,11 +195,17 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     // Most values are checked in idm/oauth2.rs, but we want to sanity check
     // the urls here as an extended function smoke test.
-    assert!(discovery.issuer == rsclient.make_url("/oauth2/openid/test_integration"));
+    assert_eq!(
+        discovery.issuer,
+        rsclient.make_url("/oauth2/openid/test_integration")
+    );
 
-    assert!(discovery.authorization_endpoint == rsclient.make_url("/ui/oauth2"));
+    assert_eq!(
+        discovery.authorization_endpoint,
+        rsclient.make_url("/ui/oauth2")
+    );
 
-    assert!(discovery.token_endpoint == rsclient.make_url("/oauth2/token"));
+    assert_eq!(discovery.token_endpoint, rsclient.make_url("/oauth2/token"));
 
     assert!(
         discovery.userinfo_endpoint
@@ -216,7 +223,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     assert_no_cache!(response);
 
     let mut jwk_set: JwkKeySet = response
@@ -252,7 +259,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     assert_no_cache!(response);
 
     let consent_req: AuthorisationResponse = response
@@ -285,7 +292,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .expect("Failed to send request.");
 
     // This should yield a 302 redirect with some query params.
-    assert!(response.status() == reqwest::StatusCode::FOUND);
+    assert_eq!(response.status(), reqwest::StatusCode::FOUND);
     assert_no_cache!(response);
 
     // And we should have a URL in the location header.
@@ -305,7 +312,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     let state = pairs.get("state").expect("state not found!");
 
-    assert!(state == "YWJjZGVm");
+    assert_eq!(state, "YWJjZGVm");
 
     // Step 3 - the "resource server" then uses this state and code to directly contact
     // the authorisation server to request a token.
@@ -325,7 +332,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send code exchange request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
 
     let cors_header: &str = response
         .headers()
@@ -361,7 +368,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token introspect request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     tracing::trace!("{:?}", response.headers());
     assert!(
         response.headers().get(CONTENT_TYPE) == Some(&HeaderValue::from_static(APPLICATION_JSON))
@@ -375,14 +382,14 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     assert!(tir.active);
     assert!(tir.scope.is_some());
-    assert!(tir.client_id.as_deref() == Some("test_integration"));
-    assert!(tir.username.as_deref() == Some("oauth_test@localhost"));
-    assert!(tir.token_type.as_deref() == Some("access_token"));
+    assert_eq!(tir.client_id.as_deref(), Some("test_integration"));
+    assert_eq!(tir.username.as_deref(), Some("oauth_test@localhost"));
+    assert_eq!(tir.token_type, Some(AccessTokenType::Bearer));
     assert!(tir.exp.is_some());
     assert!(tir.iat.is_some());
     assert!(tir.nbf.is_some());
     assert!(tir.sub.is_some());
-    assert!(tir.aud.as_deref() == Some("test_integration"));
+    assert_eq!(tir.aud.as_deref(), Some("test_integration"));
     assert!(tir.iss.is_none());
     assert!(tir.jti.is_none());
 
@@ -398,10 +405,13 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     // This is mostly checked inside of idm/oauth2.rs. This is more to check the oidc
     // token and the userinfo endpoints.
-    assert!(oidc.iss == rsclient.make_url("/oauth2/openid/test_integration"));
+    assert_eq!(
+        oidc.iss,
+        rsclient.make_url("/oauth2/openid/test_integration")
+    );
     eprintln!("{:?}", oidc.s_claims.email);
-    assert!(oidc.s_claims.email.as_deref() == Some("oauth_test@localhost"));
-    assert!(oidc.s_claims.email_verified == Some(true));
+    assert_eq!(oidc.s_claims.email.as_deref(), Some("oauth_test@localhost"));
+    assert_eq!(oidc.s_claims.email_verified, Some(true));
 
     let response = client
         .get(rsclient.make_url("/oauth2/openid/test_integration/userinfo"))
@@ -422,7 +432,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
     eprintln!("userinfo {userinfo:?}");
     eprintln!("oidc {oidc:?}");
 
-    assert!(userinfo == oidc);
+    assert_eq!(userinfo, oidc);
 
     // Step 6 - Show that our client can perform a client credentials grant
 
@@ -443,7 +453,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send client credentials request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
 
     let atr = response
         .json::<AccessTokenResponse>()
@@ -464,7 +474,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token introspect request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
 
     let tir = response
         .json::<AccessTokenIntrospectResponse>()
@@ -473,9 +483,9 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
 
     assert!(tir.active);
     assert!(tir.scope.is_some());
-    assert!(tir.client_id.as_deref() == Some("test_integration"));
-    assert!(tir.username.as_deref() == Some("test_integration@localhost"));
-    assert!(tir.token_type.as_deref() == Some("access_token"));
+    assert_eq!(tir.client_id.as_deref(), Some("test_integration"));
+    assert_eq!(tir.username.as_deref(), Some("test_integration@localhost"));
+    assert_eq!(tir.token_type, Some(AccessTokenType::Bearer));
 
     // auth back with admin so we can test deleting things
     let res = rsclient
@@ -605,7 +615,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     assert_no_cache!(response);
 
     let mut jwk_set: JwkKeySet = response
@@ -640,7 +650,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     assert_no_cache!(response);
 
     let consent_req: AuthorisationResponse = response
@@ -672,7 +682,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
         .expect("Failed to send request.");
 
     // This should yield a 302 redirect with some query params.
-    assert!(response.status() == reqwest::StatusCode::FOUND);
+    assert_eq!(response.status(), reqwest::StatusCode::FOUND);
     assert_no_cache!(response);
 
     // And we should have a URL in the location header.
@@ -692,7 +702,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
 
     let state = pairs.get("state").expect("state not found!");
 
-    assert!(state == "YWJjZGVm");
+    assert_eq!(state, "YWJjZGVm");
 
     // Step 3 - the "resource server" then uses this state and code to directly contact
     // the authorisation server to request a token.
@@ -714,7 +724,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send code exchange request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     assert_no_cache!(response);
 
     // The body is a json AccessTokenResponse
@@ -735,10 +745,13 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
 
     // This is mostly checked inside of idm/oauth2.rs. This is more to check the oidc
     // token and the userinfo endpoints.
-    assert!(oidc.iss == rsclient.make_url("/oauth2/openid/test_integration"));
+    assert_eq!(
+        oidc.iss,
+        rsclient.make_url("/oauth2/openid/test_integration")
+    );
     eprintln!("{:?}", oidc.s_claims.email);
-    assert!(oidc.s_claims.email.as_deref() == Some("oauth_test@localhost"));
-    assert!(oidc.s_claims.email_verified == Some(true));
+    assert_eq!(oidc.s_claims.email.as_deref(), Some("oauth_test@localhost"));
+    assert_eq!(oidc.s_claims.email_verified, Some(true));
 
     eprintln!("{:?}", oidc.claims);
     assert_eq!(
@@ -756,7 +769,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
         .await
         .expect("Failed to send userinfo preflight request.");
 
-    assert!(response.status() == reqwest::StatusCode::OK);
+    assert_eq!(response.status(), reqwest::StatusCode::OK);
     let cors_header: &str = response
         .headers()
         .get(http::header::ACCESS_CONTROL_ALLOW_ORIGIN)
@@ -780,7 +793,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
     eprintln!("userinfo {userinfo:?}");
     eprintln!("oidc {oidc:?}");
 
-    assert!(userinfo == oidc);
+    assert_eq!(userinfo, oidc);
 
     // auth back with admin so we can test deleting things
     let res = rsclient
@@ -815,7 +828,7 @@ async fn test_oauth2_token_post_bad_bodies(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token request.");
     println!("{:?}", response);
-    assert!(response.status() == StatusCode::UNPROCESSABLE_ENTITY);
+    assert_eq!(response.status(), StatusCode::UNPROCESSABLE_ENTITY);
 
     // test for a bad-auth request
     let response = client
@@ -825,7 +838,7 @@ async fn test_oauth2_token_post_bad_bodies(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token introspection request.");
     println!("{:?}", response);
-    assert!(response.status() == StatusCode::UNAUTHORIZED);
+    assert_eq!(response.status(), StatusCode::UNAUTHORIZED);
 }
 
 #[kanidmd_testkit::test]
@@ -850,7 +863,7 @@ async fn test_oauth2_token_revoke_post(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token request.");
     println!("{:?}", response);
-    assert!(response.status() == StatusCode::UNPROCESSABLE_ENTITY);
+    assert_eq!(response.status(), StatusCode::UNPROCESSABLE_ENTITY);
 
     // test for a invalid format request on token
     let response = client
@@ -862,7 +875,7 @@ async fn test_oauth2_token_revoke_post(rsclient: KanidmClient) {
         .expect("Failed to send token request.");
     println!("{:?}", response);
 
-    assert!(response.status() == StatusCode::UNSUPPORTED_MEDIA_TYPE);
+    assert_eq!(response.status(), StatusCode::UNSUPPORTED_MEDIA_TYPE);
 
     // test for a bad-body request on token
     let response = client
@@ -873,7 +886,7 @@ async fn test_oauth2_token_revoke_post(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token request.");
     println!("{:?}", response);
-    assert!(response.status() == StatusCode::UNPROCESSABLE_ENTITY);
+    assert_eq!(response.status(), StatusCode::UNPROCESSABLE_ENTITY);
 
     // test for a bad-body request on token
     let response = client
@@ -884,5 +897,5 @@ async fn test_oauth2_token_revoke_post(rsclient: KanidmClient) {
         .await
         .expect("Failed to send token request.");
     println!("{:?}", response);
-    assert!(response.status() == StatusCode::UNSUPPORTED_MEDIA_TYPE);
+    assert_eq!(response.status(), StatusCode::UNSUPPORTED_MEDIA_TYPE);
 }

server/testkit/tests/proto_v1_test.rs

@@ -71,7 +71,10 @@ async fn test_server_whoami_anonymous(rsclient: KanidmClient) {
         .expect("Unable to call whoami")
         .expect("No entry matching self returned");
     debug!(?e);
-    assert!(e.attrs.get("spn") == Some(&vec!["anonymous@localhost".to_string()]));
+    assert_eq!(
+        e.attrs.get("spn"),
+        Some(&vec!["anonymous@localhost".to_string()])
+    );
 
     // Do a check of the auth/valid endpoint, tells us if our token
     // is okay.
@@ -98,7 +101,10 @@ async fn test_server_whoami_admin_simple_password(rsclient: KanidmClient) {
         .expect("Unable to call whoami")
         .expect("No entry matching self returned");
     debug!(?e);
-    assert!(e.attrs.get("spn") == Some(&vec!["admin@localhost".to_string()]));
+    assert_eq!(
+        e.attrs.get("spn"),
+        Some(&vec!["admin@localhost".to_string()])
+    );
 }
 
 #[kanidmd_testkit::test]
@@ -123,7 +129,7 @@ async fn test_server_search(rsclient: KanidmClient) {
     // Check it's admin.
     println!("{:?}", e);
     let name = e.attrs.get(Attribute::Name.as_ref()).unwrap();
-    assert!(name == &vec!["admin".to_string()]);
+    assert_eq!(name, &vec!["admin".to_string()]);
 }
 
 // test the rest group endpoint.
@@ -175,7 +181,7 @@ async fn test_server_rest_group_lifecycle(rsclient: KanidmClient) {
         .await
         .unwrap();
     let members = rsclient.idm_group_get_members("demo_group").await.unwrap();
-    assert!(members == Some(vec!["admin@localhost".to_string()]));
+    assert_eq!(members, Some(vec!["admin@localhost".to_string()]));
 
     // Set the list of members
     rsclient
@@ -197,7 +203,7 @@ async fn test_server_rest_group_lifecycle(rsclient: KanidmClient) {
         .await
         .unwrap();
     let members = rsclient.idm_group_get_members("demo_group").await.unwrap();
-    assert!(members == Some(vec!["admin@localhost".to_string()]));
+    assert_eq!(members, Some(vec!["admin@localhost".to_string()]));
 
     // purge members
     rsclient
@@ -236,7 +242,7 @@ async fn test_server_rest_group_lifecycle(rsclient: KanidmClient) {
     // Delete the group
     rsclient.idm_group_delete("demo_group").await.unwrap();
     let g_list_3 = rsclient.idm_group_list().await.unwrap();
-    assert!(g_list_3.len() == g_list.len());
+    assert_eq!(g_list_3.len(), g_list.len());
 
     // Check we can get an exact group
     let g = rsclient
@@ -348,15 +354,15 @@ async fn test_server_radius_credential_lifecycle(rsclient: KanidmClient) {
         .idm_account_radius_credential_get("demo_account")
         .await
         .unwrap();
-    assert!(sec1 == r_sec.unwrap());
+    assert_eq!(sec1, r_sec.unwrap());
 
     // test getting the token - we can do this as self or the radius server
     let r_tok = rsclient
         .idm_account_radius_token_get("demo_account")
         .await
         .unwrap();
-    assert!(sec1 == r_tok.secret);
-    assert!(r_tok.name == "demo_account");
+    assert_eq!(sec1, r_tok.secret);
+    assert_eq!(r_tok.name, "demo_account");
 
     // Reset it
     let sec2 = rsclient
@@ -428,7 +434,7 @@ async fn test_server_rest_person_account_lifecycle(rsclient: KanidmClient) {
         .await
         .unwrap();
 
-    assert!(r == Some(vec!["demo@idm.example.com".to_string()]));
+    assert_eq!(r, Some(vec!["demo@idm.example.com".to_string()]));
 
     // Delete the account
     rsclient
@@ -467,7 +473,7 @@ async fn test_server_rest_sshkey_lifecycle(rsclient: KanidmClient) {
 
     // Get, should have the key
     let sk2 = rsclient.idm_account_get_ssh_pubkeys("admin").await.unwrap();
-    assert!(sk2.len() == 1);
+    assert_eq!(sk2.len(), 1);
 
     // Post a valid key
     let r3 = rsclient
@@ -476,7 +482,7 @@ async fn test_server_rest_sshkey_lifecycle(rsclient: KanidmClient) {
 
     // Get, should have both keys.
     let sk3 = rsclient.idm_account_get_ssh_pubkeys("admin").await.unwrap();
-    assert!(sk3.len() == 2);
+    assert_eq!(sk3.len(), 2);
 
     // Delete a key (by tag)
     let r4 = rsclient
@@ -486,12 +492,12 @@ async fn test_server_rest_sshkey_lifecycle(rsclient: KanidmClient) {
 
     // Get, should have remaining key.
     let sk4 = rsclient.idm_account_get_ssh_pubkeys("admin").await.unwrap();
-    assert!(sk4.len() == 1);
+    assert_eq!(sk4.len(), 1);
 
     // get by tag
     let skn = rsclient.idm_account_get_ssh_pubkey("admin", "k2").await;
     assert!(skn.is_ok());
-    assert!(skn.unwrap() == Some("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBx4TpJYQjd0YI5lQIHqblIsCIK5NKVFURYS/eM3o6/Z william@amethyst".to_string()));
+    assert_eq!(skn.unwrap(),Some("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBx4TpJYQjd0YI5lQIHqblIsCIK5NKVFURYS/eM3o6/Z william@amethyst".to_string()));
 
     // Add a key and delete with a space in the name.
     let r5 = rsclient
@@ -504,7 +510,7 @@ async fn test_server_rest_sshkey_lifecycle(rsclient: KanidmClient) {
     assert!(r6.is_ok());
 
     let sk5 = rsclient.idm_account_get_ssh_pubkeys("admin").await.unwrap();
-    assert!(sk5.len() == 1);
+    assert_eq!(sk5.len(), 1);
 }
 
 #[kanidmd_testkit::test]
@@ -520,7 +526,7 @@ async fn test_server_rest_domain_lifecycle(rsclient: KanidmClient) {
     rsclient.idm_domain_set_ssid("new_ssid").await.unwrap();
     // check get and get the ssid and domain info
     let nssid = rsclient.idm_domain_get_ssid().await.unwrap();
-    assert!(nssid == "new_ssid");
+    assert_eq!(nssid, "new_ssid");
 
     // Change the domain display name
     rsclient
@@ -625,10 +631,10 @@ async fn test_server_rest_posix_lifecycle(rsclient: KanidmClient) {
         .unwrap();
 
     println!("{:?}", r);
-    assert!(r.name == "posix_account");
-    assert!(r1.name == "posix_account");
-    assert!(r2.name == "posix_account");
-    assert!(r3.name == "posix_account");
+    assert_eq!(r.name, "posix_account");
+    assert_eq!(r1.name, "posix_account");
+    assert_eq!(r2.name, "posix_account");
+    assert_eq!(r3.name, "posix_account");
 
     // get the group by name
     let r = rsclient
@@ -652,10 +658,10 @@ async fn test_server_rest_posix_lifecycle(rsclient: KanidmClient) {
         .unwrap();
 
     println!("{:?}", r);
-    assert!(r.name == "posix_group");
-    assert!(r1.name == "posix_group");
-    assert!(r2.name == "posix_group");
-    assert!(r3.name == "posix_group");
+    assert_eq!(r.name, "posix_group");
+    assert_eq!(r1.name, "posix_group");
+    assert_eq!(r2.name, "posix_group");
+    assert_eq!(r3.name, "posix_group");
 }
 
 #[kanidmd_testkit::test]
@@ -793,7 +799,7 @@ async fn test_server_rest_recycle_lifecycle(rsclient: KanidmClient) {
     // list the recycle bin
     let r_list = rsclient.recycle_bin_list().await.unwrap();
 
-    assert!(r_list.len() == 1);
+    assert_eq!(r_list.len(), 1);
     // get the user in recycle bin
     let r_user = rsclient.recycle_bin_get("recycle_account").await.unwrap();
     assert!(r_user.is_some());
@@ -848,7 +854,7 @@ async fn test_server_rest_oauth2_basic_lifecycle(rsclient: KanidmClient) {
         .await
         .expect("Failed to retrieve oauth2 configs");
 
-    assert!(initial_configs.len() == 1);
+    assert_eq!(initial_configs.len(), 1);
 
     // Get the value. Assert we have oauth2_rs_basic_secret,
     // but can NOT see the token_secret.
@@ -1017,7 +1023,7 @@ async fn test_server_rest_oauth2_basic_lifecycle(rsclient: KanidmClient) {
     eprintln!("{:?}", oauth2_config_updated);
     eprintln!("{:?}", oauth2_config_updated4);
 
-    assert!(oauth2_config_updated == oauth2_config_updated4);
+    assert_eq!(oauth2_config_updated, oauth2_config_updated4);
 
     // Delete the config
     rsclient
@@ -1303,7 +1309,7 @@ async fn setup_demo_account_passkey(rsclient: &KanidmClient) -> WebauthnAuthenti
         .unwrap();
 
     assert!(status.can_commit);
-    assert!(status.passkeys.len() == 1);
+    assert_eq!(status.passkeys.len(), 1);
 
     // Commit it
     rsclient
@@ -1449,7 +1455,7 @@ async fn test_server_api_token_lifecycle(rsclient: KanidmClient) {
         .await
         .expect("Failed to list service account api tokens");
 
-    assert!(tokens == vec![token.clone()]);
+    assert_eq!(tokens, vec![token.clone()]);
 
     rsclient
         .idm_service_account_destroy_api_token(&token.account_id.to_string(), token.token_id)
@@ -1491,7 +1497,7 @@ async fn test_server_api_token_lifecycle(rsclient: KanidmClient) {
         .await
         .expect("Failed to get displayname")
         .expect("Failed to unwrap displayname");
-    assert!(new_displayname == displayname);
+    assert_eq!(new_displayname, displayname);
 
     rsclient
         .idm_service_account_purge_attr(test_service_account_username, Attribute::Mail.as_ref())
@@ -1654,7 +1660,7 @@ async fn test_server_user_auth_token_lifecycle(rsclient: KanidmClient) {
         .await
         .expect("Failed to list user auth tokens");
 
-    assert!(sessions[0].session_id == token.session_id);
+    assert_eq!(sessions[0].session_id, token.session_id);
 
     // idm_account_destroy_user_auth_token
     rsclient

tools/iam_migrations/freeipa/src/tests.rs

@@ -26,13 +26,13 @@ async fn test_ldap_to_scim() {
         serde_json::to_string_pretty(&scim_sync_request).unwrap()
     );
 
-    assert!(scim_sync_request.from_state == expect_scim_request.from_state);
+    assert_eq!(scim_sync_request.from_state,expect_scim_request.from_state);
 
-    assert!(scim_sync_request.to_state == expect_scim_request.to_state);
+    assert_eq!(scim_sync_request.to_state,expect_scim_request.to_state);
 
-    assert!(scim_sync_request.entries == expect_scim_request.entries);
+    assert_eq!(scim_sync_request.entries,expect_scim_request.entries);
 
-    assert!(scim_sync_request.delete_uuids == expect_scim_request.delete_uuids);
+    assert_eq!(scim_sync_request.delete_uuids,expect_scim_request.delete_uuids);
 }
 
 const TEST_LDAP_SYNC_REPL_1: &str = r#"

unix_integration/resolver/src/db.rs

@@ -1138,8 +1138,8 @@ mod tests {
         let m2 = dbtxn
             .get_group_members(uuid::uuid!("b500be97-8552-42a5-aca0-668bc5625705"))
             .unwrap();
-        assert!(m1[0].name == "testuser");
-        assert!(m2[0].name == "testuser");
+        assert_eq!(m1[0].name, "testuser");
+        assert_eq!(m2[0].name, "testuser");
 
         // Now alter testuser, remove gt2, update.
         ut1.groups = vec![gt1];
@@ -1152,7 +1152,7 @@ mod tests {
         let m2 = dbtxn
             .get_group_members(uuid::uuid!("b500be97-8552-42a5-aca0-668bc5625705"))
             .unwrap();
-        assert!(m1[0].name == "testuser");
+        assert_eq!(m1[0].name, "testuser");
         assert!(m2.is_empty());
 
         assert!(dbtxn.commit().is_ok());
@@ -1193,7 +1193,10 @@ mod tests {
         // test adding a group
         dbtxn.update_group(&gt1, 0).unwrap();
         let r0 = dbtxn.get_group(&id_name).unwrap();
-        assert!(r0.unwrap().0.uuid == uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16"));
+        assert_eq!(
+            r0.unwrap().0.uuid,
+            uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16")
+        );
 
         // Do the "rename" of gt1 which is what would allow gt2 to be valid.
         gt1.name = "testgroup2".to_string();
@@ -1201,7 +1204,10 @@ mod tests {
         // Now, add gt2 which dups on gt1 name/spn.
         dbtxn.update_group(&gt2, 0).unwrap();
         let r2 = dbtxn.get_group(&id_name).unwrap();
-        assert!(r2.unwrap().0.uuid == uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b"));
+        assert_eq!(
+            r2.unwrap().0.uuid,
+            uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b")
+        );
         let r3 = dbtxn.get_group(&id_name2).unwrap();
         assert!(r3.is_none());
 
@@ -1210,9 +1216,15 @@ mod tests {
 
         // Both now coexist
         let r4 = dbtxn.get_group(&id_name).unwrap();
-        assert!(r4.unwrap().0.uuid == uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b"));
+        assert_eq!(
+            r4.unwrap().0.uuid,
+            uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b")
+        );
         let r5 = dbtxn.get_group(&id_name2).unwrap();
-        assert!(r5.unwrap().0.uuid == uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16"));
+        assert_eq!(
+            r5.unwrap().0.uuid,
+            uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16")
+        );
 
         assert!(dbtxn.commit().is_ok());
     }
@@ -1262,7 +1274,10 @@ mod tests {
         // test adding an account
         dbtxn.update_account(&ut1, 0).unwrap();
         let r0 = dbtxn.get_account(&id_name).unwrap();
-        assert!(r0.unwrap().0.uuid == uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16"));
+        assert_eq!(
+            r0.unwrap().0.uuid,
+            uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16")
+        );
 
         // Do the "rename" of gt1 which is what would allow gt2 to be valid.
         ut1.name = "testuser2".to_string();
@@ -1270,7 +1285,10 @@ mod tests {
         // Now, add gt2 which dups on gt1 name/spn.
         dbtxn.update_account(&ut2, 0).unwrap();
         let r2 = dbtxn.get_account(&id_name).unwrap();
-        assert!(r2.unwrap().0.uuid == uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b"));
+        assert_eq!(
+            r2.unwrap().0.uuid,
+            uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b")
+        );
         let r3 = dbtxn.get_account(&id_name2).unwrap();
         assert!(r3.is_none());
 
@@ -1279,9 +1297,15 @@ mod tests {
 
         // Both now coexist
         let r4 = dbtxn.get_account(&id_name).unwrap();
-        assert!(r4.unwrap().0.uuid == uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b"));
+        assert_eq!(
+            r4.unwrap().0.uuid,
+            uuid::uuid!("799123b2-3802-4b19-b0b8-1ffae2aa9a4b")
+        );
         let r5 = dbtxn.get_account(&id_name2).unwrap();
-        assert!(r5.unwrap().0.uuid == uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16"));
+        assert_eq!(
+            r5.unwrap().0.uuid,
+            uuid::uuid!("0302b99c-f0f6-41ab-9492-852692b0fd16")
+        );
 
         assert!(dbtxn.commit().is_ok());
     }

unix_integration/resolver/tests/cache_layer_test.rs

@@ -250,7 +250,7 @@ async fn test_cache_sshkey() {
         .get_sshkeys("testaccount1")
         .await
         .expect("Failed to get from cache.");
-    assert!(sk.len() == 1);
+    assert_eq!(sk.len(), 1);
 
     // Go offline, and get from cache.
     cachelayer.mark_offline().await;
@@ -258,7 +258,7 @@ async fn test_cache_sshkey() {
         .get_sshkeys("testaccount1")
         .await
         .expect("Failed to get from cache.");
-    assert!(sk.len() == 1);
+    assert_eq!(sk.len(), 1);
 }
 
 #[tokio::test]
@@ -285,7 +285,7 @@ async fn test_cache_account() {
     assert!(ut.is_some());
 
     // #392: Check that a `shell=None` is set to `default_shell`.
-    assert!(ut.unwrap().shell == *DEFAULT_SHELL);
+    assert_eq!(ut.unwrap().shell, *DEFAULT_SHELL);
 
     // go offline
     cachelayer.mark_offline().await;
@@ -302,7 +302,7 @@ async fn test_cache_account() {
         .get_nssaccounts()
         .await
         .expect("failed to list all accounts");
-    assert!(us.len() == 1);
+    assert_eq!(us.len(), 1);
 }
 
 #[tokio::test]
@@ -359,14 +359,14 @@ async fn test_cache_group() {
         .expect("Failed to get from cache");
     assert!(gt.is_some());
     // And check we have members in the group, since we came from a userlook up
-    assert!(gt.unwrap().members.len() == 1);
+    assert_eq!(gt.unwrap().members.len(), 1);
 
     // Finally, check we have "all groups" in the list.
     let gs = cachelayer
         .get_nssgroups()
         .await
         .expect("failed to list all groups");
-    assert!(gs.len() == 2);
+    assert_eq!(gs.len(), 2);
 }
 
 #[tokio::test]
@@ -453,7 +453,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_INC)
         .await
         .expect("failed to authenticate");
-    assert!(a1 == Some(false));
+    assert_eq!(a1, Some(false));
 
     // We have to wait due to softlocking.
     tokio::time::sleep(Duration::from_secs(1)).await;
@@ -463,7 +463,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_A)
         .await
         .expect("failed to authenticate");
-    assert!(a2 == Some(true));
+    assert_eq!(a2, Some(true));
 
     // change pw
     adminclient
@@ -480,7 +480,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_A)
         .await
         .expect("failed to authenticate");
-    assert!(a3 == Some(false));
+    assert_eq!(a3, Some(false));
 
     // We have to wait due to softlocking.
     tokio::time::sleep(Duration::from_secs(1)).await;
@@ -490,7 +490,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_B)
         .await
         .expect("failed to authenticate");
-    assert!(a4 == Some(true));
+    assert_eq!(a4, Some(true));
 
     // Go offline.
     cachelayer.mark_offline().await;
@@ -500,7 +500,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_B)
         .await
         .expect("failed to authenticate");
-    assert!(a5 == Some(true));
+    assert_eq!(a5, Some(true));
 
     // No softlock during offline.
 
@@ -509,7 +509,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_INC)
         .await
         .expect("failed to authenticate");
-    assert!(a6 == Some(false));
+    assert_eq!(a6, Some(false));
 
     // clear cache
     cachelayer
@@ -533,7 +533,7 @@ async fn test_cache_account_password() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_B)
         .await
         .expect("failed to authenticate");
-    assert!(a8 == Some(true));
+    assert_eq!(a8, Some(true));
 }
 
 #[tokio::test]
@@ -546,7 +546,7 @@ async fn test_cache_account_pam_allowed() {
         .pam_account_allowed("testaccount1")
         .await
         .expect("failed to authenticate");
-    assert!(a1 == Some(false));
+    assert_eq!(a1, Some(false));
 
     adminclient
         .auth_simple_password("admin", ADMIN_TEST_PASSWORD)
@@ -565,7 +565,7 @@ async fn test_cache_account_pam_allowed() {
         .pam_account_allowed("testaccount1")
         .await
         .expect("failed to authenticate");
-    assert!(a2 == Some(true));
+    assert_eq!(a2, Some(true));
 }
 
 #[tokio::test]
@@ -611,7 +611,7 @@ async fn test_cache_account_expiry() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_A)
         .await
         .expect("failed to authenticate");
-    assert!(a1 == Some(true));
+    assert_eq!(a1, Some(true));
     // Invalidate to make sure we go online next checks.
     assert!(cachelayer.invalidate().await.is_ok());
 
@@ -629,7 +629,7 @@ async fn test_cache_account_expiry() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_A)
         .await
         .expect("failed to authenticate");
-    assert!(a2 == Some(false));
+    assert_eq!(a2, Some(false));
 
     // ssh keys should be empty
     let sk = cachelayer
@@ -643,7 +643,7 @@ async fn test_cache_account_expiry() {
         .pam_account_allowed("testaccount1")
         .await
         .expect("failed to authenticate");
-    assert!(a3 == Some(false));
+    assert_eq!(a3, Some(false));
 
     // go offline
     cachelayer.mark_offline().await;
@@ -654,7 +654,7 @@ async fn test_cache_account_expiry() {
         .pam_account_authenticate("testaccount1", TESTACCOUNT1_PASSWORD_A)
         .await
         .expect("failed to authenticate");
-    assert!(a4 == Some(true));
+    assert_eq!(a4, Some(true));
 
     // ssh keys should be empty
     let sk = cachelayer
@@ -668,7 +668,7 @@ async fn test_cache_account_expiry() {
         .pam_account_allowed("testaccount1")
         .await
         .expect("failed to authenticate");
-    assert!(a5 == Some(false));
+    assert_eq!(a5, Some(false));
 }
 
 #[tokio::test]
@@ -916,7 +916,7 @@ async fn test_cache_group_fk_deferred() {
         .await
         .expect("Failed to get from cache");
     assert!(gt.is_some());
-    assert!(gt.unwrap().members.len() == 1);
+    assert_eq!(gt.unwrap().members.len(), 1);
 
     // Invalidate all items.
     cachelayer.mark_offline().await;
@@ -931,5 +931,5 @@ async fn test_cache_group_fk_deferred() {
         .expect("Failed to get from cache");
     assert!(gt.is_some());
     // And check we have members in the group, since we came from a userlook up
-    assert!(gt.unwrap().members.len() == 1);
+    assert_eq!(gt.unwrap().members.len(), 1);
 }