diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 887893e60..8617207e7 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,10 +1,11 @@ +# Change summary + +- + Fixes # Checklist - [ ] This PR contains no AI generated code -- [ ] `cargo fmt` has been run -- [ ] `cargo clippy` has been run -- [ ] `cargo test` has been run and passes - [ ] book chapter included (if relevant) - [ ] design document included (if relevant) diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml index 61d0c47cc..dec054fed 100644 --- a/.github/workflows/clippy.yml +++ b/.github/workflows/clippy.yml @@ -1,11 +1,9 @@ --- -name: Clippy +name: Linting checks -# Trigger the workflow on push or pull request +# Trigger the workflow on push "on": push: - branches-ignore: - - master pull_request: env: @@ -34,7 +32,15 @@ jobs: pkg-config \ tpm-udev \ libtss2-dev - - - name: "Run clippy (ignores errors, this is just a check)" - run: cargo clippy --all-features --all-targets - continue-on-error: true + - name: "Run clippy" + run: cargo clippy --lib --bins --examples --all-features + fmt: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Setup sccache + uses: mozilla-actions/sccache-action@v0.0.5 + with: + version: "v0.4.2" + - name: "Run cargo fmt" + run: cargo fmt --check diff --git a/.github/workflows/wasm_test.yml b/.github/workflows/wasm_test.yml.disabled similarity index 100% rename from .github/workflows/wasm_test.yml rename to .github/workflows/wasm_test.yml.disabled diff --git a/book/src/integrations/oauth2.md b/book/src/integrations/oauth2.md index f81f2f590..0851bc823 100644 --- a/book/src/integrations/oauth2.md +++ b/book/src/integrations/oauth2.md @@ -124,12 +124,12 @@ Once created you can view the details of the client. ```bash kanidm system oauth2 get nextcloud --- +name: nextcloud class: oauth2_resource_server class: oauth2_resource_server_basic class: object displayname: Nextcloud Production oauth2_rs_basic_secret: hidden -oauth2_rs_name: nextcloud oauth2_rs_origin_landing: https://nextcloud.example.com oauth2_rs_token_key: hidden ``` @@ -144,7 +144,7 @@ kanidm system oauth2 show-basic-secret nextcloud ### Configure the Client/Resource Server -On your client, you should configure the client ID as the `oauth2_rs_name` from Kanidm, and the +On your client, you should configure the client ID as the `name` from Kanidm, and the password to be the value shown in `oauth2_rs_basic_secret`. Ensure that the code challenge/verification method is set to S256. diff --git a/book/src/integrations/oauth2/examples.md b/book/src/integrations/oauth2/examples.md index 87620a9d5..c5fd58144 100644 --- a/book/src/integrations/oauth2/examples.md +++ b/book/src/integrations/oauth2/examples.md @@ -61,7 +61,7 @@ OAUTH2_PROVIDER = "oidc"; OAUTH2_CLIENT_ID = "miniflux"; OAUTH2_CLIENT_SECRET = ""; OAUTH2_REDIRECT_URL = "https://feeds.example.com/oauth2/oidc/callback"; -OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.example.com/oauth2/openid/"; +OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.example.com/oauth2/openid/"; ``` ## Nextcloud @@ -227,14 +227,14 @@ Vouch Proxy supports multiple OAuth and OIDC login providers. To configure it yo oauth: auth_url: https://idm.wherekanidmruns.com/ui/oauth2 callback_url: https://login.wherevouchproxyruns.com/auth - client_id: # Found in kanidm system oauth2 get XXXX (should be the same as XXXX) + client_id: # Found in kanidm system oauth2 get XXXX (should be the same as XXXX) client_secret: # Found in kanidm system oauth2 get XXXX code_challenge_method: S256 provider: oidc scopes: - email # Required due to vouch proxy reliance on mail as a primary identifier token_url: https://idm.wherekanidmruns.com/oauth2/token - user_info_url: https://idm.wherekanidmruns.com/oauth2/openid//userinfo + user_info_url: https://idm.wherekanidmruns.com/oauth2/openid//userinfo ``` The `email` scope needs to be passed and thus the mail attribute needs to exist on the account: diff --git a/clippy.toml b/clippy.toml index dc30b1759..ce5d6a394 100644 --- a/clippy.toml +++ b/clippy.toml @@ -16,4 +16,5 @@ disallowed-types = ["std::collections::HashMap", "std::collections::HashSet"] allow-expect-in-tests = true allow-unwrap-in-tests = true +allow-panic-in-tests = true allow-dbg-in-tests = true diff --git a/libs/scim_proto/src/group.rs b/libs/scim_proto/src/group.rs index 7a1bb0e22..cbbf5d99f 100644 --- a/libs/scim_proto/src/group.rs +++ b/libs/scim_proto/src/group.rs @@ -4,7 +4,7 @@ use url::Url; use uuid::Uuid; #[derive(Serialize, Deserialize, Debug, Clone)] -struct Member { +pub struct Member { value: Uuid, #[serde(rename = "$ref")] ref_: Url, @@ -13,7 +13,7 @@ struct Member { #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] -struct Group { +pub struct Group { #[serde(flatten)] entry: ScimEntry, diff --git a/libs/scim_proto/src/user.rs b/libs/scim_proto/src/user.rs index 93b13b142..7886b8e59 100644 --- a/libs/scim_proto/src/user.rs +++ b/libs/scim_proto/src/user.rs @@ -8,7 +8,7 @@ use serde::{Deserialize, Serialize}; #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] -struct Name { +pub struct Name { // The full name including all middle names and titles formatted: Option, family_name: Option, @@ -32,7 +32,7 @@ enum Language { // https://datatracker.ietf.org/doc/html/rfc5646 #[allow(non_camel_case_types)] #[derive(Serialize, Deserialize, Debug, Clone)] -enum Locale { +pub enum Locale { en, #[serde(rename = "en-AU")] en_AU, @@ -57,7 +57,7 @@ impl fmt::Display for Locale { #[allow(non_camel_case_types)] #[derive(Serialize, Deserialize, Debug, Clone)] -enum Timezone { +pub enum Timezone { #[serde(rename = "Australia/Brisbane")] australia_brisbane, #[serde(rename = "America/Los_Angeles")] @@ -87,7 +87,7 @@ pub struct MultiValueAttr { #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] -struct Photo { +pub struct Photo { #[serde(rename = "type")] type_: Option, primary: Option, @@ -98,7 +98,7 @@ struct Photo { } #[derive(Serialize, Deserialize, Debug, Clone)] -struct Binary { +pub struct Binary { #[serde(rename = "type")] type_: Option, primary: Option, @@ -110,7 +110,7 @@ struct Binary { #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] -struct Address { +pub struct Address { #[serde(rename = "type")] type_: Option, primary: Option, @@ -132,7 +132,7 @@ enum Membership { #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] -struct Group { +pub struct Group { #[serde(rename = "type")] type_: Option, #[serde(rename = "$ref")] @@ -143,7 +143,7 @@ struct Group { #[derive(Serialize, Deserialize, Debug, Clone)] #[serde(rename_all = "camelCase")] -struct User { +pub struct User { #[serde(flatten)] entry: ScimEntry, // required, must be unique, string. diff --git a/proto/src/internal/error.rs b/proto/src/internal/error.rs index d951f9bc8..d774aae37 100644 --- a/proto/src/internal/error.rs +++ b/proto/src/internal/error.rs @@ -79,6 +79,7 @@ pub enum OperationError { SchemaViolation(SchemaError), Plugin(PluginError), FilterGeneration, + FilterParseError, FilterUuidResolution, InvalidAttributeName(String), InvalidAttribute(String), @@ -260,6 +261,7 @@ impl OperationError { Self::SchemaViolation(_) => None, Self::Plugin(_) => None, Self::FilterGeneration => None, + Self::FilterParseError => None, Self::FilterUuidResolution => None, Self::InvalidAttributeName(_) => None, Self::InvalidAttribute(_) => None, diff --git a/server/core/src/repl/codec.rs b/server/core/src/repl/codec.rs index d0df7f2ee..79bd0922b 100644 --- a/server/core/src/repl/codec.rs +++ b/server/core/src/repl/codec.rs @@ -216,7 +216,7 @@ mod tests { // Clear buffer - setup a request with a length > allowed max. buf.clear(); - let len_bytes = (34 as u64).to_be_bytes(); + let len_bytes = (34_u64).to_be_bytes(); buf.extend_from_slice(&len_bytes); // Even though the buf len is only 8, this will error as the overall @@ -226,7 +226,7 @@ mod tests { // Assert that we request more data on a validly sized req buf.clear(); - let len_bytes = (20 as u64).to_be_bytes(); + let len_bytes = (20_u64).to_be_bytes(); buf.extend_from_slice(&len_bytes); // Pad in some extra bytes. buf.extend_from_slice(&zero); diff --git a/server/lib/benches/image_benches.rs b/server/lib/benches/image_benches.rs index c2963d9aa..e90c7813c 100644 --- a/server/lib/benches/image_benches.rs +++ b/server/lib/benches/image_benches.rs @@ -13,9 +13,7 @@ pub fn bench_png_lodepng_validate(c: &mut Criterion) { env!("CARGO_MANIFEST_DIR") )); let contents = black_box(std::fs::read(filename).unwrap()); - b.iter(|| { - png::png_lodepng_validate(&contents, black_box(&"oversize_dimensions.png".to_string())) - }) + b.iter(|| png::png_lodepng_validate(&contents, black_box("oversize_dimensions.png"))) }); group.bench_function("png_lodepng_validate_ok", |b| { let filename = black_box(format!( @@ -23,9 +21,7 @@ pub fn bench_png_lodepng_validate(c: &mut Criterion) { env!("CARGO_MANIFEST_DIR") )); let contents = black_box(std::fs::read(filename).unwrap()); - b.iter(|| { - png::png_lodepng_validate(&contents, black_box(&"oversize_dimensions.png".to_string())) - }) + b.iter(|| png::png_lodepng_validate(&contents, black_box("oversize_dimensions.png"))) }); group.finish(); } diff --git a/server/lib/src/be/mod.rs b/server/lib/src/be/mod.rs index 42ce02304..4873a9ce9 100644 --- a/server/lib/src/be/mod.rs +++ b/server/lib/src/be/mod.rs @@ -2269,7 +2269,7 @@ mod tests { ($be:expr, $ent:expr) => {{ let ei = $ent.clone().into_sealed_committed(); let filt = ei - .filter_from_attrs(&vec![Attribute::Uuid.into()]) + .filter_from_attrs(&[Attribute::Uuid.into()]) .expect("failed to generate filter") .into_valid_resolved(); let lims = Limits::unlimited(); @@ -2282,7 +2282,7 @@ mod tests { ($be:expr, $ent:expr, $attr:expr) => {{ let ei = $ent.clone().into_sealed_committed(); let filt = ei - .filter_from_attrs(&vec![Attribute::UserId.into()]) + .filter_from_attrs(&[Attribute::UserId.into()]) .expect("failed to generate filter") .into_valid_resolved(); let lims = Limits::unlimited(); @@ -2586,16 +2586,10 @@ mod tests { let result = fs::remove_file(&db_backup_file_name); - match result { - Err(e) => { - // if the error is the file is not found, that's what we want so continue, - // otherwise return the error - match e.kind() { - std::io::ErrorKind::NotFound => {} - _ => (), - } - } - _ => (), + if let Err(e) = result { + // if the error is the file is not found, that's what we want so continue, + // otherwise return the error + if e.kind() == std::io::ErrorKind::NotFound {} } be.backup(&db_backup_file_name).expect("Backup failed!"); @@ -2650,16 +2644,10 @@ mod tests { let result = fs::remove_file(&db_backup_file_name); - match result { - Err(e) => { - // if the error is the file is not found, that's what we want so continue, - // otherwise return the error - match e.kind() { - std::io::ErrorKind::NotFound => {} - _ => (), - } - } - _ => (), + if let Err(e) = result { + // if the error is the file is not found, that's what we want so continue, + // otherwise return the error + if e.kind() == std::io::ErrorKind::NotFound {} } be.backup(&db_backup_file_name).expect("Backup failed!"); @@ -2856,11 +2844,7 @@ mod tests { ); let uuid_p_idl = be - .load_test_idl( - &"not_indexed".to_string(), - IndexType::Presence, - &"_".to_string(), - ) + .load_test_idl("not_indexed", IndexType::Presence, "_") .unwrap(); // unwrap the result assert_eq!(uuid_p_idl, None); diff --git a/server/lib/src/constants/entries.rs b/server/lib/src/constants/entries.rs index bfbe52359..e16cb47f4 100644 --- a/server/lib/src/constants/entries.rs +++ b/server/lib/src/constants/entries.rs @@ -21,7 +21,7 @@ use uuid::Uuid; #[test] fn test_valueattribute_as_str() { assert!(Attribute::Class.as_ref() == "class"); - assert!(Attribute::Class.to_string() == String::from("class")); + assert!(Attribute::Class.to_string() == *"class"); } #[test] diff --git a/server/lib/src/credential/softlock.rs b/server/lib/src/credential/softlock.rs index 859a170aa..02c5bf833 100644 --- a/server/lib/src/credential/softlock.rs +++ b/server/lib/src/credential/softlock.rs @@ -200,10 +200,7 @@ impl CredSoftLock { #[cfg(test)] pub fn is_state_init(&self) -> bool { - match self.state { - LockState::Init => true, - _ => false, - } + matches!(self.state, LockState::Init) } #[cfg(test)] diff --git a/server/lib/src/credential/totp.rs b/server/lib/src/credential/totp.rs index 01a3e7b12..d5b6e22bd 100644 --- a/server/lib/src/credential/totp.rs +++ b/server/lib/src/credential/totp.rs @@ -50,7 +50,7 @@ impl Into for TotpDigits { } } -#[derive(Debug, Clone, PartialEq, Eq)] +#[derive(Debug, Clone, PartialEq, Eq, Copy)] pub enum TotpAlgo { Sha1, Sha256, @@ -58,7 +58,7 @@ pub enum TotpAlgo { } impl TotpAlgo { - pub(crate) fn digest(&self, key: &[u8], counter: u64) -> Result, TotpError> { + pub(crate) fn digest(self, key: &[u8], counter: u64) -> Result, TotpError> { let key = PKey::hmac(key).map_err(|_e| TotpError::OpenSSLError)?; let mut signer = match self { @@ -297,104 +297,104 @@ mod tests { } fn do_test( - key: Vec, + key: &[u8], algo: TotpAlgo, secs: u64, step: u64, digits: TotpDigits, - expect: Result, + expect: &Result, ) { - let otp = Totp::new(key.clone(), step, algo.clone(), digits); + let otp = Totp::new(key.to_vec(), step, algo, digits); let d = Duration::from_secs(secs); let r = otp.do_totp_duration_from_epoch(&d); debug!( "key: {:?}, algo: {:?}, time: {:?}, step: {:?}, expect: {:?} == {:?}", key, algo, secs, step, expect, r ); - assert!(r == expect); + assert_eq!(&r, expect); } #[test] fn totp_sha1_vectors() { do_test( - vec![0x00, 0x00, 0x00, 0x00], + &[0x00, 0x00, 0x00, 0x00], TotpAlgo::Sha1, 1585368920, TOTP_DEFAULT_STEP, TotpDigits::Six, - Ok(728926), + &Ok(728926), ); do_test( - vec![0x00, 0x00, 0x00, 0x00], + &[0x00, 0x00, 0x00, 0x00], TotpAlgo::Sha1, 1585368920, TOTP_DEFAULT_STEP, TotpDigits::Eight, - Ok(74728926), + &Ok(74728926), ); do_test( - vec![0x00, 0xaa, 0xbb, 0xcc], + &[0x00, 0xaa, 0xbb, 0xcc], TotpAlgo::Sha1, 1585369498, TOTP_DEFAULT_STEP, TotpDigits::Six, - Ok(985074), + &Ok(985074), ); } #[test] fn totp_sha256_vectors() { do_test( - vec![0x00, 0x00, 0x00, 0x00], + &[0x00, 0x00, 0x00, 0x00], TotpAlgo::Sha256, 1585369682, TOTP_DEFAULT_STEP, TotpDigits::Six, - Ok(795483), + &Ok(795483), ); do_test( - vec![0x00, 0x00, 0x00, 0x00], + &[0x00, 0x00, 0x00, 0x00], TotpAlgo::Sha256, 1585369682, TOTP_DEFAULT_STEP, TotpDigits::Eight, - Ok(11795483), + &Ok(11795483), ); do_test( - vec![0x00, 0xaa, 0xbb, 0xcc], + &[0x00, 0xaa, 0xbb, 0xcc], TotpAlgo::Sha256, 1585369689, TOTP_DEFAULT_STEP, TotpDigits::Six, - Ok(728402), + &Ok(728402), ); } #[test] fn totp_sha512_vectors() { do_test( - vec![0x00, 0x00, 0x00, 0x00], + &[0x00, 0x00, 0x00, 0x00], TotpAlgo::Sha512, 1585369775, TOTP_DEFAULT_STEP, TotpDigits::Six, - Ok(587735), + &Ok(587735), ); do_test( - vec![0x00, 0x00, 0x00, 0x00], + &[0x00, 0x00, 0x00, 0x00], TotpAlgo::Sha512, 1585369775, TOTP_DEFAULT_STEP, TotpDigits::Eight, - Ok(14587735), + &Ok(14587735), ); do_test( - vec![0x00, 0xaa, 0xbb, 0xcc], + &[0x00, 0xaa, 0xbb, 0xcc], TotpAlgo::Sha512, 1585369780, TOTP_DEFAULT_STEP, TotpDigits::Six, - Ok(952181), + &Ok(952181), ); } diff --git a/server/lib/src/entry.rs b/server/lib/src/entry.rs index fa22a71e2..3afbf7a83 100644 --- a/server/lib/src/entry.rs +++ b/server/lib/src/entry.rs @@ -3383,9 +3383,8 @@ where self.purge_ava(Attribute::try_from(attr)?); } Modify::Assert(attr, value) => { - self.assert_ava(attr.to_owned(), value).map_err(|e| { + self.assert_ava(attr.to_owned(), value).inspect_err(|_e| { error!("Modification assertion was not met. {} {:?}", attr, value); - e })?; } } @@ -3530,8 +3529,8 @@ mod tests { // are adding ... Or do we validate after the changes are made in // total? let mut e: Entry = Entry::new(); - e.add_ava(Attribute::UserId.into(), Value::from("william")); - e.add_ava(Attribute::UserId.into(), Value::from("william")); + e.add_ava(Attribute::UserId, Value::from("william")); + e.add_ava(Attribute::UserId, Value::from("william")); let values = e.get_ava_set(Attribute::UserId).expect("Failed to get ava"); // Should only be one value! @@ -3541,7 +3540,7 @@ mod tests { #[test] fn test_entry_pres() { let mut e: Entry = Entry::new(); - e.add_ava(Attribute::UserId.into(), Value::from("william")); + e.add_ava(Attribute::UserId, Value::from("william")); assert!(e.attribute_pres(Attribute::UserId)); assert!(!e.attribute_pres(Attribute::Name)); @@ -3551,34 +3550,22 @@ mod tests { fn test_entry_equality() { let mut e: Entry = Entry::new(); - e.add_ava(Attribute::UserId.into(), Value::from("william")); + e.add_ava(Attribute::UserId, Value::from("william")); - assert!(e.attribute_equality( - Attribute::UserId.into(), - &PartialValue::new_utf8s("william") - )); + assert!(e.attribute_equality(Attribute::UserId, &PartialValue::new_utf8s("william"))); assert!(!e.attribute_equality(Attribute::UserId, &PartialValue::new_utf8s("test"))); - assert!(!e.attribute_equality( - Attribute::NonExist.into(), - &PartialValue::new_utf8s("william") - )); + assert!(!e.attribute_equality(Attribute::NonExist, &PartialValue::new_utf8s("william"))); // Also test non-matching attr syntax - assert!(!e.attribute_equality( - Attribute::UserId.into(), - &PartialValue::new_iutf8("william") - )); + assert!(!e.attribute_equality(Attribute::UserId, &PartialValue::new_iutf8("william"))); } #[test] fn test_entry_substring() { let mut e: Entry = Entry::new(); - e.add_ava(Attribute::UserId.into(), Value::from("william")); + e.add_ava(Attribute::UserId, Value::from("william")); - assert!(e.attribute_substring( - Attribute::UserId.into(), - &PartialValue::new_utf8s("william") - )); + assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("william"))); assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("will"))); assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("liam"))); assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("lli"))); @@ -3630,7 +3617,7 @@ mod tests { // Test application of changes to an entry. let mut e: Entry = Entry::new().into_invalid_new(); - e.add_ava(Attribute::UserId.into(), Value::from("william")); + e.add_ava(Attribute::UserId, Value::from("william")); let present_single_mods = ModifyList::new_valid_list(vec![Modify::Present( Attribute::Attr.into(), @@ -3640,10 +3627,7 @@ mod tests { assert!(e.apply_modlist(&present_single_mods).is_ok()); // Assert the changes are there - assert!(e.attribute_equality( - Attribute::UserId.into(), - &PartialValue::new_utf8s("william") - )); + assert!(e.attribute_equality(Attribute::UserId, &PartialValue::new_utf8s("william"))); assert!(e.attribute_equality(Attribute::Attr, &PartialValue::new_iutf8("value"))); // Assert present for multivalue @@ -3655,10 +3639,7 @@ mod tests { assert!(e.apply_modlist(&present_multivalue_mods).is_ok()); assert!(e.attribute_equality(Attribute::Class, &PartialValue::new_iutf8("test"))); - assert!(e.attribute_equality( - Attribute::Class.into(), - &PartialValue::new_iutf8("multi_test") - )); + assert!(e.attribute_equality(Attribute::Class, &PartialValue::new_iutf8("multi_test"))); // Assert purge on single/multi/empty value let purge_single_mods = @@ -3688,13 +3669,13 @@ mod tests { assert!(e.apply_modlist(&present_single_mods).is_ok()); assert!(e.attribute_equality(Attribute::Attr, &PartialValue::new_iutf8("value"))); assert!(e.apply_modlist(&remove_mods).is_ok()); - assert!(e.attrs.get(Attribute::Attr.as_ref()).is_none()); + assert!(!e.attrs.contains_key(Attribute::Attr.as_ref())); let remove_empty_mods = remove_mods; assert!(e.apply_modlist(&remove_empty_mods).is_ok()); - assert!(e.attrs.get(Attribute::Attr.as_ref()).is_none()); + assert!(!e.attrs.contains_key(Attribute::Attr.as_ref())); } #[test] @@ -3702,7 +3683,7 @@ mod tests { let mut e1: Entry = Entry::new(); e1.add_ava(Attribute::UserId, Value::from("william")); let mut e1_mod = e1.clone(); - e1_mod.add_ava(Attribute::Extra.into(), Value::from("test")); + e1_mod.add_ava(Attribute::Extra, Value::from("test")); let e1 = e1.into_sealed_committed(); let e1_mod = e1_mod.into_sealed_committed(); diff --git a/server/lib/src/filter.rs b/server/lib/src/filter.rs index 163679f8c..a23af26dc 100644 --- a/server/lib/src/filter.rs +++ b/server/lib/src/filter.rs @@ -14,6 +14,7 @@ use std::fmt; use std::hash::Hash; use std::iter; use std::num::NonZeroU8; +use std::str::FromStr; use std::sync::Arc; use concread::arcache::{ARCache, ARCacheReadTxn}; @@ -643,18 +644,6 @@ impl Filter { } } - /// ⚠️ - Blindly accept a filter from a string, panicking if it fails to parse. - /// This is a TEST ONLY method and will never be exposed in production. - #[cfg(test)] - pub fn from_str(fc: &str) -> Self { - let f: FC = serde_json::from_str(fc).expect("Failure parsing filter!"); - Filter { - state: FilterInvalid { - inner: FilterComp::new(f), - }, - } - } - pub fn validate( &self, schema: &dyn SchemaTransaction, @@ -717,6 +706,18 @@ impl Filter { } } +impl FromStr for Filter { + type Err = OperationError; + fn from_str(s: &str) -> Result { + let f: FC = serde_json::from_str(s).map_err(|_| OperationError::FilterParseError)?; + Ok(Filter { + state: FilterInvalid { + inner: FilterComp::new(f), + }, + }) + } +} + impl FilterComp { fn new(fc: FC) -> Self { match fc { diff --git a/server/lib/src/idm/account.rs b/server/lib/src/idm/account.rs index f38266235..6ad49954e 100644 --- a/server/lib/src/idm/account.rs +++ b/server/lib/src/idm/account.rs @@ -999,9 +999,8 @@ impl<'a> IdmServerProxyReadTransaction<'a> { issued_at: s.issued_at, purpose, }) - .map_err(|e| { + .inspect_err(|_e| { admin_error!("Invalid user auth token {}", u); - e }) }) .collect::, _>>() diff --git a/server/lib/src/idm/application.rs b/server/lib/src/idm/application.rs index 313118009..167078bc1 100644 --- a/server/lib/src/idm/application.rs +++ b/server/lib/src/idm/application.rs @@ -301,7 +301,7 @@ mod tests { ); let ce = CreateEvent::new_internal(vec![e1, e2]); let cr = idms_prox_write.qs_write.create(&ce); - assert!(!cr.is_ok()); + assert!(cr.is_err()); // Application and Person not allowed together let test_grp_name = "testgroup1"; @@ -329,7 +329,7 @@ mod tests { ); let ce = CreateEvent::new_internal(vec![e1, e2]); let cr = idms_prox_write.qs_write.create(&ce); - assert!(!cr.is_ok()); + assert!(cr.is_err()); // Supplements not satisfied, Application supplements ServiceAccount let test_grp_name = "testgroup1"; @@ -352,7 +352,7 @@ mod tests { ); let ce = CreateEvent::new_internal(vec![e1, e2]); let cr = idms_prox_write.qs_write.create(&ce); - assert!(!cr.is_ok()); + assert!(cr.is_err()); // Supplements not satisfied, Application supplements ServiceAccount let test_grp_name = "testgroup1"; @@ -374,7 +374,7 @@ mod tests { ); let ce = CreateEvent::new_internal(vec![e1, e2]); let cr = idms_prox_write.qs_write.create(&ce); - assert!(!cr.is_ok()); + assert!(cr.is_err()); // Supplements satisfied, Application supplements ServiceAccount let test_grp_name = "testgroup1"; @@ -427,7 +427,7 @@ mod tests { let ce = CreateEvent::new_internal(vec![e1]); let cr = idms_prox_write.qs_write.create(&ce); - assert!(!cr.is_ok()); + assert!(cr.is_err()); } // Tests creating an applicatin with a real linked group attribute diff --git a/server/lib/src/idm/applinks.rs b/server/lib/src/idm/applinks.rs index 58f5950c5..9a9ce1900 100644 --- a/server/lib/src/idm/applinks.rs +++ b/server/lib/src/idm/applinks.rs @@ -176,7 +176,7 @@ mod tests { .list_applinks(&ident) .expect("Failed to access related apps"); - let app = apps.get(0).expect("No apps return!"); + let app = apps.first().expect("No apps return!"); assert!(match app { AppLink::Oauth2 { diff --git a/server/lib/src/idm/authsession.rs b/server/lib/src/idm/authsession.rs index 6651dfe71..e683b5532 100644 --- a/server/lib/src/idm/authsession.rs +++ b/server/lib/src/idm/authsession.rs @@ -1837,7 +1837,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // === Now begin a new session, and use a good pw. @@ -1868,7 +1868,7 @@ mod tests { match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } drop(async_tx); @@ -1938,7 +1938,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } drop(async_tx); @@ -1955,7 +1955,7 @@ mod tests { account: account.clone(), account_policy: ResolvedAccountPolicy::default(), issue: AuthIssueSession::Token, - webauthn: webauthn, + webauthn, ct: duration_from_epoch_now(), client_auth_info: Source::Internal.into(), }; @@ -1995,7 +1995,7 @@ mod tests { account: account.clone(), account_policy: ResolvedAccountPolicy::default(), issue: AuthIssueSession::Token, - webauthn: webauthn, + webauthn, ct: duration_from_epoch_now(), client_auth_info: Source::Internal.into(), }; @@ -2040,7 +2040,7 @@ mod tests { account: account.clone(), account_policy: ResolvedAccountPolicy::default(), issue: AuthIssueSession::Token, - webauthn: webauthn, + webauthn, ct: duration_from_epoch_now(), client_auth_info: Source::Internal.into(), }; @@ -2126,7 +2126,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2150,7 +2150,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } // check send bad totp, should fail immediate @@ -2171,7 +2171,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2205,7 +2205,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2239,7 +2239,7 @@ mod tests { match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2312,7 +2312,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2458,7 +2458,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2486,11 +2486,11 @@ mod tests { // Check the async counter update was sent. match async_rx.blocking_recv() { Some(DelayedAction::WebauthnCounterIncrement(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2519,7 +2519,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2567,7 +2567,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2617,7 +2617,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2639,7 +2639,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2671,7 +2671,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2710,13 +2710,13 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // Check the async counter update was sent. match async_rx.blocking_recv() { Some(DelayedAction::WebauthnCounterIncrement(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2756,11 +2756,11 @@ mod tests { // Check the async counter update was sent. match async_rx.blocking_recv() { Some(DelayedAction::WebauthnCounterIncrement(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2821,7 +2821,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2843,7 +2843,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2873,7 +2873,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2912,13 +2912,13 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // Check the async counter update was sent. match async_rx.blocking_recv() { Some(DelayedAction::WebauthnCounterIncrement(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2951,7 +2951,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -2984,7 +2984,7 @@ mod tests { match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -3024,11 +3024,11 @@ mod tests { // Check the async counter update was sent. match async_rx.blocking_recv() { Some(DelayedAction::WebauthnCounterIncrement(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -3100,7 +3100,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } // check send wrong backup code, should fail immediate @@ -3121,7 +3121,7 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } // check send good backup code, should continue @@ -3154,13 +3154,13 @@ mod tests { match audit_rx.try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } // Can't process BackupCodeRemoval without the server instance match async_rx.blocking_recv() { Some(DelayedAction::BackupCodeRemoval(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // check send good backup code, should continue @@ -3194,13 +3194,13 @@ mod tests { // Can't process BackupCodeRemoval without the server instance match async_rx.blocking_recv() { Some(DelayedAction::BackupCodeRemoval(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // There will be a auth session record too match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // TOTP should also work: @@ -3236,7 +3236,7 @@ mod tests { // There will be a auth session record too match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } drop(async_tx); @@ -3313,7 +3313,7 @@ mod tests { match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -3346,7 +3346,7 @@ mod tests { match async_rx.blocking_recv() { Some(DelayedAction::AuthSessionRecord(_)) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } diff --git a/server/lib/src/idm/credupdatesession.rs b/server/lib/src/idm/credupdatesession.rs index 2fc6a1c35..f4e272c57 100644 --- a/server/lib/src/idm/credupdatesession.rs +++ b/server/lib/src/idm/credupdatesession.rs @@ -2952,53 +2952,40 @@ mod tests { .credential_primary_set_password(&cust, ct, "password") .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details == vec!(PasswordFeedback::TooShort(PW_MIN_LENGTH),) => - true, - _ => false, - }); + assert!( + matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::TooShort(PW_MIN_LENGTH),)) + ); let err = cutxn .credential_primary_set_password(&cust, ct, "password1234") .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details - == vec!( - PasswordFeedback::AddAnotherWordOrTwo, - PasswordFeedback::ThisIsACommonPassword, - ) => - true, - _ => false, - }); + assert!( + matches!(err, OperationError::PasswordQuality(details) if details + == vec!( + PasswordFeedback::AddAnotherWordOrTwo, + PasswordFeedback::ThisIsACommonPassword, + )) + ); let err = cutxn .credential_primary_set_password(&cust, ct, &radius_secret) .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details == vec!(PasswordFeedback::DontReusePasswords,) => - true, - _ => false, - }); + assert!( + matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::DontReusePasswords,)) + ); let err = cutxn .credential_primary_set_password(&cust, ct, "testperson2023") .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details - == vec!( - PasswordFeedback::NamesAndSurnamesByThemselvesAreEasyToGuess, - PasswordFeedback::AvoidDatesAndYearsThatAreAssociatedWithYou, - ) => - true, - _ => false, - }); + assert!( + matches!(err, OperationError::PasswordQuality(details) if details == vec!( + PasswordFeedback::NamesAndSurnamesByThemselvesAreEasyToGuess, + PasswordFeedback::AvoidDatesAndYearsThatAreAssociatedWithYou, + )) + ); let err = cutxn .credential_primary_set_password( @@ -3008,12 +2995,9 @@ mod tests { ) .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details == vec!(PasswordFeedback::BadListed) => - true, - _ => false, - }); + assert!( + matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::BadListed)) + ); assert!(c_status.can_commit); @@ -3066,12 +3050,9 @@ mod tests { .credential_primary_set_password(&cust, ct, &pw) .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),) => - true, - _ => false, - }); + assert!( + matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),)) + ); // Test pw len of len minus 1 let pw = password_from_random_len(test_pw_min_length - 1); @@ -3079,12 +3060,8 @@ mod tests { .credential_primary_set_password(&cust, ct, &pw) .unwrap_err(); trace!(?err); - assert!(match err { - OperationError::PasswordQuality(details) - if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),) => - true, - _ => false, - }); + assert!(matches!(err,OperationError::PasswordQuality(details) + if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),))); // Test pw len of exact len let pw = password_from_random_len(test_pw_min_length); @@ -3492,11 +3469,7 @@ mod tests { .expect("Failed to initiate passkey registration"); assert!(matches!(c_status.mfaregstate, MfaRegStateStatus::None)); - assert!(matches!( - // Should be none. - c_status.primary.as_ref(), - None - )); + assert!(c_status.primary.as_ref().is_none()); // Check we have the passkey trace!(?c_status); @@ -4215,7 +4188,7 @@ mod tests { // meets criteria. match idms_audit.audit_rx().try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // Update creds diff --git a/server/lib/src/idm/identityverification.rs b/server/lib/src/idm/identityverification.rs index 0eef37982..147b2b7df 100644 --- a/server/lib/src/idm/identityverification.rs +++ b/server/lib/src/idm/identityverification.rs @@ -508,7 +508,7 @@ mod test { ); let Ok(IdentifyUserResponse::ProvideCode { totp, .. }) = res_higher_user else { - return assert!(false); + panic!(); }; let res_lower_user_wrong = idms_prox_read.handle_identify_user_submit_code( @@ -532,7 +532,7 @@ mod test { // now we need to get the code from the lower_user and submit it to the higher_user let Ok(IdentifyUserResponse::ProvideCode { totp, .. }) = res_lower_user_correct else { - return assert!(false); + panic!("Invalid"); }; let res_higher_user_2_wrong = idms_prox_read.handle_identify_user_submit_code( @@ -600,7 +600,7 @@ mod test { .. }) = res_higher_user else { - return assert!(false); + panic!(); }; // then we get the lower user code @@ -619,7 +619,7 @@ mod test { { assert_ne!(higher_user_totp, lower_user_totp); } else { - assert!(false); + debug_assert!(false); } } diff --git a/server/lib/src/idm/ldap.rs b/server/lib/src/idm/ldap.rs index e9e373cbf..4649a3a5b 100644 --- a/server/lib/src/idm/ldap.rs +++ b/server/lib/src/idm/ldap.rs @@ -910,7 +910,7 @@ mod tests { ldaps.do_bind(idms, "", "test").await.unwrap_err() == OperationError::NotAuthenticated ); let admin_t = ldaps.do_bind(idms, "admin", TEST_PASSWORD).await.unwrap(); - assert!(admin_t.is_none() == true); + assert!(admin_t.is_none()); // Setting UNIX_PW_BIND flag to true : let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap(); @@ -1138,7 +1138,7 @@ mod tests { let sr = SearchRequest { msgid: 1, - base: format!("dc=example,dc=com"), + base: "dc=example,dc=com".to_string(), scope: LdapSearchScope::Subtree, filter: LdapFilter::Present(Attribute::ObjectClass.to_string()), attrs: vec!["*".to_string()], @@ -1148,7 +1148,7 @@ mod tests { .do_search(idms, &sr, &anon_t, Source::Internal) .await .unwrap(); - assert!(r1.len() > 0); + assert!(!r1.is_empty()); assert!(r1.len() == r2.len()); } @@ -1722,7 +1722,7 @@ mod tests { (Attribute::Uuid, "cc8e95b4-c24f-4d68-ba54-8bed76f63930") ); } - _ => assert!(false), + _ => panic!("Oh no"), }; // Check that when we request +, we get all attrs and the vattrs @@ -1764,7 +1764,7 @@ mod tests { (Attribute::LdapKeys, ssh_ed25519) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; // Check that when we request an attr by name, we get all of them correctly. @@ -1801,7 +1801,7 @@ mod tests { (Attribute::LdapKeys, ssh_ed25519) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -1927,7 +1927,7 @@ mod tests { (Attribute::Name, "testperson1") ); } - _ => assert!(false), + _ => panic!("Oh no"), }; // Inspect the token to get its uuid out. @@ -1984,7 +1984,7 @@ mod tests { ) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; // ======= test with a substring search @@ -2039,7 +2039,7 @@ mod tests { ) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -2110,7 +2110,7 @@ mod tests { ) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -2167,7 +2167,7 @@ mod tests { ); assert!(lsre.attributes.is_empty()); } - _ => assert!(false), + _ => panic!("Oh no"), }; // If we request 1.1 and another attr, 1.1 is IGNORED. @@ -2200,7 +2200,7 @@ mod tests { ) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -2238,7 +2238,7 @@ mod tests { ("defaultnamingcontext", "dc=example,dc=com") ); } - _ => assert!(false), + _ => panic!("Oh no"), }; drop(ldaps); @@ -2291,7 +2291,7 @@ mod tests { ("defaultnamingcontext", "o=kanidmproject") ); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -2399,7 +2399,7 @@ mod tests { ) ); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -2435,13 +2435,13 @@ mod tests { assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS)); #[track_caller] - fn assert_compare_result(r: &Vec, code: LdapResultCode) { + fn assert_compare_result(r: &[LdapMsg], code: &LdapResultCode) { assert!(r.len() == 1); match &r[0].op { LdapOp::CompareResult(lcr) => { - assert_eq!(lcr.code, code); + assert_eq!(&lcr.code, code); } - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -2457,7 +2457,7 @@ mod tests { .do_compare(idms, &cr, &anon_t, Source::Internal) .await .unwrap(), - LdapResultCode::CompareTrue, + &LdapResultCode::CompareTrue, ); let cr = CompareRequest { @@ -2472,7 +2472,7 @@ mod tests { .do_compare(idms, &cr, &anon_t, Source::Internal) .await .unwrap(), - LdapResultCode::CompareTrue, + &LdapResultCode::CompareTrue, ); let cr = CompareRequest { @@ -2486,7 +2486,7 @@ mod tests { .do_compare(idms, &cr, &anon_t, Source::Internal) .await .unwrap(), - LdapResultCode::CompareFalse, + &LdapResultCode::CompareFalse, ); let cr = CompareRequest { @@ -2500,7 +2500,7 @@ mod tests { .do_compare(idms, &cr, &anon_t, Source::Internal) .await .unwrap(), - LdapResultCode::NoSuchObject, + &LdapResultCode::NoSuchObject, ); let cr = CompareRequest { diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs index 15d731200..8468e49fd 100644 --- a/server/lib/src/idm/oauth2.rs +++ b/server/lib/src/idm/oauth2.rs @@ -2629,7 +2629,7 @@ fn extra_claims_for_account( extra_claims.insert(claim_name.to_string(), claim_value.to_json_value()); } - if scopes.contains(&"groups".to_string()) { + if scopes.contains("groups") { extra_claims.insert( "groups".to_string(), account @@ -3107,12 +3107,9 @@ mod tests { ); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -3172,12 +3169,9 @@ mod tests { ); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -3447,12 +3441,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; drop(idms_prox_read); let mut idms_prox_write = idms.proxy_write(ct).await.unwrap(); @@ -3527,12 +3518,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; drop(idms_prox_read); let mut idms_prox_write = idms.proxy_write(ct).await.unwrap(); @@ -3695,12 +3683,9 @@ mod tests { trace!(?consent_request); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -3820,12 +3805,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -3914,12 +3896,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -4083,12 +4062,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -4187,10 +4163,10 @@ mod tests { &ResolvedAccountPolicy::test_policy(), ) .expect("Unable to create uat"); - let ident2 = idms_prox_write + + idms_prox_write .process_uat_to_identity(&uat2, ct, Source::Internal) - .expect("Unable to process uat"); - ident2 + .expect("Unable to process uat") }; let idms_prox_read = idms.proxy_read().await.unwrap(); @@ -4206,12 +4182,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; let reject_success = idms_prox_read .check_oauth2_authorise_reject(&ident, &consent_token, ct) @@ -4518,12 +4491,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -4703,12 +4673,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -4791,12 +4758,9 @@ mod tests { "openid groups".to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -4846,11 +4810,11 @@ mod tests { .expect("Failed to verify oidc"); // does our id_token contain the expected groups? - assert!(oidc.claims.contains_key(&"groups".to_string())); + assert!(oidc.claims.contains_key("groups")); assert!(oidc .claims - .get(&"groups".to_string()) + .get("groups") .expect("unable to find key") .as_array() .unwrap() @@ -4862,9 +4826,7 @@ mod tests { .expect("failed to get userinfo"); // does the userinfo endpoint provide the same groups? - assert!( - oidc.claims.get(&"groups".to_string()) == userinfo.claims.get(&"groups".to_string()) - ); + assert!(oidc.claims.get("groups") == userinfo.claims.get("groups")); } // Check insecure pkce behaviour. @@ -4954,12 +4916,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -5029,12 +4988,9 @@ mod tests { ); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -5064,10 +5020,7 @@ mod tests { ); // Should be in the consent phase; - let _permit_success = if let AuthoriseResponse::Permitted(permit_success) = consent_request - { - permit_success - } else { + let AuthoriseResponse::Permitted(_permit_success) = consent_request else { unreachable!(); }; @@ -5128,12 +5081,9 @@ mod tests { .expect("Oauth2 authorisation failed"); // Should be in the consent phase; - let _consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { .. } = consent_request else { + unreachable!(); + }; drop(idms_prox_read); @@ -5195,7 +5145,7 @@ mod tests { .. } = consent_request { - assert!(scopes.contains(&"newscope".to_string())); + assert!(scopes.contains("newscope")); consent_token } else { unreachable!(); @@ -5226,12 +5176,9 @@ mod tests { ); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -5329,12 +5276,9 @@ mod tests { .expect("Failed to perform OAuth2 authorisation request."); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -5421,12 +5365,9 @@ mod tests { ); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -6002,12 +5943,9 @@ mod tests { OAUTH2_SCOPE_OPENID.to_string() ); - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); @@ -6191,12 +6129,9 @@ mod tests { .expect("OAuth2 authorisation failed"); // Should be in the consent phase; - let consent_token = - if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request { - consent_token - } else { - unreachable!(); - }; + let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else { + unreachable!(); + }; // == Manually submit the consent token to the permit for the permit_success drop(idms_prox_read); diff --git a/server/lib/src/idm/reauth.rs b/server/lib/src/idm/reauth.rs index 2ff1c746a..1895fc6a8 100644 --- a/server/lib/src/idm/reauth.rs +++ b/server/lib/src/idm/reauth.rs @@ -708,7 +708,7 @@ mod tests { // There should be a queued audit event match idms_audit.audit_rx().try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } // Start the re-auth - MUST FAIL! diff --git a/server/lib/src/idm/scim.rs b/server/lib/src/idm/scim.rs index af4150a7a..1d22be5a8 100644 --- a/server/lib/src/idm/scim.rs +++ b/server/lib/src/idm/scim.rs @@ -310,9 +310,8 @@ impl<'a> IdmServerProxyWriteTransaction<'a> { .qs_write // .internal_search(f_all_sync.clone()) .internal_exists(f_all_sync.clone()) - .map_err(|e| { + .inspect_err(|_e| { error!("Failed to determine existing entries set"); - e })?; /* @@ -354,16 +353,16 @@ impl<'a> IdmServerProxyWriteTransaction<'a> { self.qs_write .internal_modify(&f_all_sync, &mods) - .map_err(|e| { + .inspect_err(|_e| { error!("Failed to modify sync objects to grant authority to kanidm"); - e })?; }; - self.qs_write.internal_delete(&delete_filter).map_err(|e| { - error!(?e, "Failed to terminate sync account"); - e - }) + self.qs_write + .internal_delete(&delete_filter) + .inspect_err(|e| { + error!(?e, "Failed to terminate sync account"); + }) } } @@ -381,9 +380,8 @@ impl<'a> IdmServerProxyWriteTransaction<'a> { let entry = self .qs_write .internal_search_uuid(ste.target) - .map_err(|e| { + .inspect_err(|e| { admin_error!(?e, "Failed to search sync account"); - e })?; let sync_account = SyncAccount::try_from_entry_rw(&entry).map_err(|e| { @@ -1678,7 +1676,7 @@ mod tests { .internal_modify_uuid( UUID_DOMAIN_INFO, &ModifyList::new_append( - Attribute::KeyActionRevoke.into(), + Attribute::KeyActionRevoke, Value::HexString(revoke_kid.to_string()), ), ) diff --git a/server/lib/src/idm/server.rs b/server/lib/src/idm/server.rs index f9c685523..42b2f4adc 100644 --- a/server/lib/src/idm/server.rs +++ b/server/lib/src/idm/server.rs @@ -2585,7 +2585,7 @@ mod tests { // There should be a queued audit event match idms_audit.audit_rx().try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } idms_auth.commit().expect("Must not fail"); @@ -2774,7 +2774,7 @@ mod tests { .await; match a1 { Ok(Some(_tok)) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; // Check bad password let uuae_bad = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD_INC); @@ -2783,7 +2783,7 @@ mod tests { .await; match a2 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; assert!(idms_auth.commit().is_ok()); @@ -2804,7 +2804,7 @@ mod tests { .await; match a3 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; assert!(idms_auth.commit().is_ok()); } @@ -2927,7 +2927,7 @@ mod tests { .await; match a1 { Ok(Some(_tok)) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; idms_auth.commit().expect("Must not fail"); // The upgrade was queued @@ -2941,7 +2941,7 @@ mod tests { .await; match a2 { Ok(Some(_tok)) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; idms_auth.commit().expect("Must not fail"); // No delayed action was queued. @@ -3076,13 +3076,13 @@ mod tests { // badpw? match a1 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; let a2 = idms_auth.auth_unix(&uuae_good, time_high).await; match a2 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; idms_auth.commit().expect("Must not fail"); @@ -3139,7 +3139,7 @@ mod tests { if tok_r.is_err() { // Ok? } else { - assert!(false); + debug_assert!(false); } let tok_r = idms_prox_read.get_radiusauthtoken(&rate, time_high); @@ -3147,7 +3147,7 @@ mod tests { if tok_r.is_err() { // Ok? } else { - assert!(false); + debug_assert!(false); } } @@ -3201,7 +3201,7 @@ mod tests { // There should be a queued audit event match idms_audit.audit_rx().try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } idms_auth.commit().expect("Must not fail"); @@ -3367,7 +3367,7 @@ mod tests { match idms_audit.audit_rx().try_recv() { Ok(AuditEvent::AuthenticationDenied { .. }) => {} - _ => assert!(false), + _ => panic!("Oh no"), } idms_auth.commit().expect("Must not fail"); @@ -3441,7 +3441,7 @@ mod tests { .await; match a2 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; // Now if we immediately auth again, should fail at same time due to SL @@ -3450,7 +3450,7 @@ mod tests { .await; match a1 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; // And then later, works because of SL lifting. @@ -3459,7 +3459,7 @@ mod tests { .await; match a1 { Ok(Some(_tok)) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; assert!(idms_auth.commit().is_ok()); @@ -3493,7 +3493,7 @@ mod tests { // In X time it should be INVALID match idms_prox_read.validate_client_auth_info_to_ident(token.into(), expiry) { Err(OperationError::SessionExpired) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -3628,7 +3628,7 @@ mod tests { .get_key_object(UUID_DOMAIN_INFO) .and_then(|object| { object - .jws_public_jwk(&token_kid) + .jws_public_jwk(token_kid) .expect("Unable to access uat jwk") }) .expect("No jwk by this kid"); @@ -3668,7 +3668,7 @@ mod tests { .validate_client_auth_info_to_ident(uat_unverified.clone().into(), post_grace) { Err(OperationError::SessionExpired) => {} - _ => assert!(false), + _ => panic!("Oh no"), } drop(idms_prox_read); @@ -3699,7 +3699,7 @@ mod tests { .validate_client_auth_info_to_ident(uat_unverified.clone().into(), post_grace) { Err(OperationError::SessionExpired) => {} - _ => assert!(false), + _ => panic!("Oh no"), } } @@ -4059,7 +4059,7 @@ mod tests { let me_reset_tokens = ModifyEvent::new_internal_invalid( filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_DOMAIN_INFO))), ModifyList::new_append( - Attribute::KeyActionRevoke.into(), + Attribute::KeyActionRevoke, Value::HexString(revoke_kid.to_string()), ), ); diff --git a/server/lib/src/plugins/base.rs b/server/lib/src/plugins/base.rs index 080b70c35..b7b87d198 100644 --- a/server/lib/src/plugins/base.rs +++ b/server/lib/src/plugins/base.rs @@ -459,7 +459,7 @@ mod tests { .expect("Internal search failure"); let ue = cands.first().expect("No cand"); assert!(ue.attribute_equality( - Attribute::Uuid.into(), + Attribute::Uuid, &PartialValue::Uuid(uuid!("79724141-3603-4060-b6bb-35c72772611d")) )); } diff --git a/server/lib/src/plugins/cred_import.rs b/server/lib/src/plugins/cred_import.rs index 354891602..f70d07b22 100644 --- a/server/lib/src/plugins/cred_import.rs +++ b/server/lib/src/plugins/cred_import.rs @@ -342,7 +342,7 @@ mod tests { assert!(webauthn.is_empty()); assert!(backup_code.is_none()); } - _ => assert!(false), + _ => panic!("Oh no"), }; } ); @@ -406,7 +406,7 @@ mod tests { assert!(totp.get("a") == Some(&totp_a)); assert!(totp.get("b") == Some(&totp_b)); } - _ => assert!(false), + _ => panic!("Oh no"), }; } ); diff --git a/server/lib/src/plugins/dyngroup.rs b/server/lib/src/plugins/dyngroup.rs index b70ef95b8..d0cd9b7a7 100644 --- a/server/lib/src/plugins/dyngroup.rs +++ b/server/lib/src/plugins/dyngroup.rs @@ -471,7 +471,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -520,7 +520,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -569,7 +569,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); assert!(d_group.get_ava_set(Attribute::DynMember).is_none()); } ); @@ -614,7 +614,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -676,7 +676,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -737,7 +737,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); assert!(d_group.get_ava_set(Attribute::DynMember).is_none()); } ); @@ -788,7 +788,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -841,7 +841,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -896,7 +896,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); let members = d_group .get_ava_set(Attribute::DynMember) .expect("No members on dyn group"); @@ -948,7 +948,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); assert!(d_group.get_ava_set(Attribute::DynMember).is_none()); } ); @@ -991,7 +991,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); assert!(d_group.get_ava_set(Attribute::DynMember).is_none()); } ); @@ -1038,7 +1038,7 @@ mod tests { ))) .expect("Internal search failure"); - let d_group = cands.get(0).expect("Unable to access group."); + let d_group = cands.first().expect("Unable to access group."); assert!(d_group.get_ava_set(Attribute::MemberOf).is_none()); } ); diff --git a/server/lib/src/plugins/gidnumber.rs b/server/lib/src/plugins/gidnumber.rs index d275bcdfe..7115ce5da 100644 --- a/server/lib/src/plugins/gidnumber.rs +++ b/server/lib/src/plugins/gidnumber.rs @@ -73,9 +73,8 @@ fn apply_gidnumber( let u_ref = e .get_uuid() .ok_or(OperationError::InvalidEntryState) - .map_err(|e| { + .inspect_err(|_e| { admin_error!("Invalid Entry State - Missing UUID"); - e })?; let gid = uuid_to_gid_u32(u_ref); diff --git a/server/lib/src/plugins/session.rs b/server/lib/src/plugins/session.rs index 15b590414..10a53da45 100644 --- a/server/lib/src/plugins/session.rs +++ b/server/lib/src/plugins/session.rs @@ -627,7 +627,7 @@ mod tests { // Mod again - remove the parent session. let modlist = ModifyList::new_remove( - Attribute::UserAuthTokenSession.into(), + Attribute::UserAuthTokenSession, PartialValue::Refer(parent_id), ); @@ -650,7 +650,7 @@ mod tests { // The oauth2 session is also removed. let session = entry - .get_ava_as_oauth2session_map(Attribute::OAuth2Session.into()) + .get_ava_as_oauth2session_map(Attribute::OAuth2Session) .and_then(|sessions| sessions.get(&session_id)) .expect("No session map found"); assert!(matches!(session.state, SessionState::RevokedAt(_))); @@ -751,7 +751,7 @@ mod tests { let entry = server_txn.internal_search_uuid(tuuid).expect("failed"); let session = entry - .get_ava_as_oauth2session_map(Attribute::OAuth2Session.into()) + .get_ava_as_oauth2session_map(Attribute::OAuth2Session) .and_then(|sessions| sessions.get(&session_id)) .expect("No session map found"); assert!(matches!(session.state, SessionState::NeverExpires)); @@ -780,7 +780,7 @@ mod tests { // Note it's a not condition now. let session = entry - .get_ava_as_oauth2session_map(Attribute::OAuth2Session.into()) + .get_ava_as_oauth2session_map(Attribute::OAuth2Session) .and_then(|sessions| sessions.get(&session_id)) .expect("No session map found"); assert!(matches!(session.state, SessionState::RevokedAt(_))); diff --git a/server/lib/src/server/batch_modify.rs b/server/lib/src/server/batch_modify.rs index e6c04cdbf..a870570c6 100644 --- a/server/lib/src/server/batch_modify.rs +++ b/server/lib/src/server/batch_modify.rs @@ -123,9 +123,8 @@ impl<'a> QueryServerWriteTransaction<'a> { // Return if success .map(|()| ent_mut) // Error log otherwise. - .map_err(|e| { + .inspect_err(|_e| { error!("Modification failed for {}", u); - e }) }) }) diff --git a/server/lib/src/server/modify.rs b/server/lib/src/server/modify.rs index 9f370f44b..e03a171cb 100644 --- a/server/lib/src/server/modify.rs +++ b/server/lib/src/server/modify.rs @@ -106,9 +106,8 @@ impl<'a> QueryServerWriteTransaction<'a> { .collect(); candidates.iter_mut().try_for_each(|er| { - er.apply_modlist(&me.modlist).map_err(|e| { + er.apply_modlist(&me.modlist).inspect_err(|_e| { error!("Modification failed for {:?}", er.get_uuid()); - e }) })?; diff --git a/server/lib/src/server/recycle.rs b/server/lib/src/server/recycle.rs index c0716f79c..9d861c39d 100644 --- a/server/lib/src/server/recycle.rs +++ b/server/lib/src/server/recycle.rs @@ -18,9 +18,8 @@ impl<'a> QueryServerWriteTransaction<'a> { error!(err = ?e, "Tombstone purge operation failed (backend)"); e }) - .map(|res| { + .inspect(|_res| { admin_info!("Tombstone purge operation success"); - res }) } diff --git a/server/lib/src/valueset/address.rs b/server/lib/src/valueset/address.rs index b9743e7d8..e68cc9ec5 100644 --- a/server/lib/src/valueset/address.rs +++ b/server/lib/src/valueset/address.rs @@ -561,7 +561,7 @@ mod tests { let vs2 = valueset::from_db_valueset_v2(vs.to_db_valueset_v2()) .expect("Failed to construct vs2 from dbvalue"); - assert!(&vs == &vs2); + assert_eq!(&vs, &vs2); assert!(vs.to_email_address_primary_str() == vs2.to_email_address_primary_str()); // Remove primary, assert it's gone and that the "first" address is assigned. @@ -575,7 +575,7 @@ mod tests { // Restore from dbv1, alice persisted. let vs3 = valueset::from_db_valueset_v2(vs.to_db_valueset_v2()) .expect("Failed to construct vs2 from dbvalue"); - assert!(&vs == &vs3); + assert_eq!(&vs, &vs3); assert!(vs3.len() == 2); assert!(vs3 .as_emailaddress_set() diff --git a/server/lib/src/valueset/auditlogstring.rs b/server/lib/src/valueset/auditlogstring.rs index 9f9aadc13..1a7bd63a5 100644 --- a/server/lib/src/valueset/auditlogstring.rs +++ b/server/lib/src/valueset/auditlogstring.rs @@ -257,7 +257,10 @@ mod tests { // Now merge in with a set that has a value that is newer. - assert!(100 > AUDIT_LOG_STRING_CAPACITY); + #[allow(clippy::bool_assert_comparison, clippy::assertions_on_constants)] + { + assert!(100 > AUDIT_LOG_STRING_CAPACITY); + } let other_vs: ValueSet = ValueSetAuditLogString::new( // Notice that 0 here is older than our other set items. @@ -321,7 +324,10 @@ mod tests { // Now merge in with a set that has a value that is newer. - assert!(100 > AUDIT_LOG_STRING_CAPACITY); + #[allow(clippy::bool_assert_comparison, clippy::assertions_on_constants)] + { + assert!(100 > AUDIT_LOG_STRING_CAPACITY); + } let other_vs: ValueSet = ValueSetAuditLogString::new( // Notice that 0 here is older than our other set items. diff --git a/server/lib/src/valueset/image/mod.rs b/server/lib/src/valueset/image/mod.rs index 7a0818352..31fa5dcc9 100644 --- a/server/lib/src/valueset/image/mod.rs +++ b/server/lib/src/valueset/image/mod.rs @@ -531,6 +531,6 @@ fn test_imagevalue_things() { let res = image.validate_image(); trace!("SVG Validation result of {}: {:?}", filename, &res); assert!(res.is_ok()); - assert_eq!(image.hash_imagevalue().is_empty(), false); + assert!(!image.hash_imagevalue().is_empty()); }) } diff --git a/server/lib/src/valueset/image/png.rs b/server/lib/src/valueset/image/png.rs index 685399d53..9f006c8fe 100644 --- a/server/lib/src/valueset/image/png.rs +++ b/server/lib/src/valueset/image/png.rs @@ -133,7 +133,7 @@ fn test_png_consume_chunks_until_iend() { testchunks.extend([0, 0, 0, 1]); // the 4-byte checksum which we ignore let expected: [u8; 0] = []; let testchunks_slice = testchunks.as_slice(); - let res = png_consume_chunks_until_iend(&testchunks_slice); + let res = png_consume_chunks_until_iend(testchunks_slice); // simple, valid image works match res { @@ -150,7 +150,7 @@ fn test_png_consume_chunks_until_iend() { let mut x = 11; while x > 0 { let newslice = &testchunks_slice[0..=x]; - let res = png_consume_chunks_until_iend(&newslice); + let res = png_consume_chunks_until_iend(newslice); trace!("chunkstatus at size {} {:?}", x, &res); assert!(res.is_err()); x -= 1; diff --git a/server/lib/src/valueset/session.rs b/server/lib/src/valueset/session.rs index 6acc581d9..efa90e846 100644 --- a/server/lib/src/valueset/session.rs +++ b/server/lib/src/valueset/session.rs @@ -1752,7 +1752,7 @@ mod tests { type_: AuthType::Passkey, }, )) - .chain((0..SESSION_MAXIMUM).into_iter().map(|_| { + .chain((0..SESSION_MAXIMUM).map(|_| { ( Uuid::new_v4(), Session { diff --git a/server/testkit/examples/enumerating_access.rs b/server/testkit/examples/enumerating_access.rs index cde79dab4..c6290059b 100644 --- a/server/testkit/examples/enumerating_access.rs +++ b/server/testkit/examples/enumerating_access.rs @@ -80,7 +80,7 @@ where /// The uuidmap is a map of uuids to EntryInitNew objects, which we use to get the name of the objects fn as_mermaid(&mut self, uuidmap: &BTreeMap) -> String { - let mut res = format!("graph RL;\n"); + let mut res = "graph RL;\n".to_string(); for (left, right, _weight) in self.all_edges() { let left = uuidmap.get(&left).unwrap(); let right = uuidmap.get(&right).unwrap(); @@ -103,7 +103,7 @@ async fn enumerate_default_groups(/*_client: KanidmClient*/) { builtin_accounts().into_iter().for_each(|account| { // println!("adding builtin {}", account.uuid); - uuidmap.insert(account.uuid, account.clone().try_into().unwrap()); + uuidmap.insert(account.uuid, account.clone().into()); graph.add_node(account.uuid); }); diff --git a/server/testkit/tests/identity_verification_tests.rs b/server/testkit/tests/identity_verification_tests.rs index bc60a8a2f..a4a05f35f 100644 --- a/server/testkit/tests/identity_verification_tests.rs +++ b/server/testkit/tests/identity_verification_tests.rs @@ -7,11 +7,11 @@ use kanidmd_lib::prelude::Attribute; use kanidmd_testkit::ADMIN_TEST_PASSWORD; use reqwest::StatusCode; -static UNIVERSAL_PW: &'static str = "eicieY7ahchaoCh0eeTa"; +static UNIVERSAL_PW: &str = "eicieY7ahchaoCh0eeTa"; -static USER_A_NAME: &'static str = "valid_user_a"; +static USER_A_NAME: &str = "valid_user_a"; -static USER_B_NAME: &'static str = "valid_user_b"; +static USER_B_NAME: &str = "valid_user_b"; // TEST ON ERROR OUTCOMES // These tests check that invalid requests return the expected error @@ -203,7 +203,7 @@ async fn test_full_identification_flow(rsclient: KanidmClient) { // we check that the user A got a WaitForCode let IdentifyUserResponse::ProvideCode { step: _, totp } = higher_user_req_1 else { - return assert!(false); + panic!(); // we check that the user B got the code }; // we now try to submit the wrong code and we check that we get CodeFailure @@ -230,7 +230,7 @@ async fn test_full_identification_flow(rsclient: KanidmClient) { .unwrap(); // if the totp was correct we must get a ProvideCode let IdentifyUserResponse::ProvideCode { step: _, totp } = lower_user_req_2_right else { - return assert!(false); + panic!(); }; // we now try to do the same thing with user B: we first submit the wrong code expecting CodeFailure, // and then we submit the right one expecting Success diff --git a/server/testkit/tests/integration.rs b/server/testkit/tests/integration.rs index 29711927b..707ef35a5 100644 --- a/server/testkit/tests/integration.rs +++ b/server/testkit/tests/integration.rs @@ -215,7 +215,7 @@ async fn test_domain_reset_token_key(rsclient: KanidmClient) { let key_id = jwt.kid().expect("token does not have a key id"); - assert!(rsclient.idm_domain_revoke_key(&key_id).await.is_ok()); + assert!(rsclient.idm_domain_revoke_key(key_id).await.is_ok()); } #[kanidmd_testkit::test] diff --git a/server/testkit/tests/oauth2_test.rs b/server/testkit/tests/oauth2_test.rs index 48c86af64..c9d28f5e4 100644 --- a/server/testkit/tests/oauth2_test.rs +++ b/server/testkit/tests/oauth2_test.rs @@ -267,7 +267,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) { } = consent_req { // Note the supplemental scope here (admin) - assert!(scopes.contains(&"admin".to_string())); + assert!(scopes.contains("admin")); consent_token } else { unreachable!(); @@ -655,7 +655,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) { } = consent_req { // Note the supplemental scope here (admin) - assert!(scopes.contains(&"admin".to_string())); + assert!(scopes.contains("admin")); consent_token } else { unreachable!(); diff --git a/server/testkit/tests/proto_v1_test.rs b/server/testkit/tests/proto_v1_test.rs index 7cbfd5069..35a82d1c6 100644 --- a/server/testkit/tests/proto_v1_test.rs +++ b/server/testkit/tests/proto_v1_test.rs @@ -726,7 +726,7 @@ async fn test_server_rest_posix_auth_lifecycle(rsclient: KanidmClient) { .await; match r1 { Ok(Some(_tok)) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; // attempt to verify (bad, anon-conn) @@ -735,7 +735,7 @@ async fn test_server_rest_posix_auth_lifecycle(rsclient: KanidmClient) { .await; match r2 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; // lock? (admin-conn) @@ -754,7 +754,7 @@ async fn test_server_rest_posix_auth_lifecycle(rsclient: KanidmClient) { .await; match r3 { Ok(None) => {} - _ => assert!(false), + _ => panic!("Oh no"), }; } @@ -1060,7 +1060,7 @@ async fn test_server_credential_update_session_pw(rsclient: KanidmClient) { .unwrap(); // Logout, we don't need any auth now. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; // Exchange the intent token let (session_token, _status) = rsclient .idm_account_credential_update_exchange(intent_token) @@ -1085,7 +1085,7 @@ async fn test_server_credential_update_session_pw(rsclient: KanidmClient) { .unwrap(); // Assert it now works. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; let res = rsclient .auth_simple_password("demo_account", "eicieY7ahchaoCh0eeTa") .await; @@ -1135,7 +1135,7 @@ async fn test_server_credential_update_session_totp_pw(rsclient: KanidmClient) { .unwrap(); // Logout, we don't need any auth now, the intent tokens care for it. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; // Exchange the intent token let (session_token, _statu) = rsclient .idm_account_credential_update_exchange(intent_token) @@ -1193,7 +1193,7 @@ async fn test_server_credential_update_session_totp_pw(rsclient: KanidmClient) { .expect("Failed to do totp?"); // Assert it now works. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; let res = rsclient .auth_password_totp("demo_account", "sohdi3iuHo6mai7noh0a", totp_chal) .await; @@ -1232,7 +1232,7 @@ async fn test_server_credential_update_session_totp_pw(rsclient: KanidmClient) { .unwrap(); // Assert it now works. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; let res = rsclient .auth_simple_password("demo_account", "sohdi3iuHo6mai7noh0a") .await; @@ -1264,7 +1264,7 @@ async fn setup_demo_account_passkey(rsclient: &KanidmClient) -> WebauthnAuthenti .unwrap(); // Logout, we don't need any auth now. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; // Exchange the intent token let (session_token, _status) = rsclient .idm_account_credential_update_exchange(intent_token) @@ -1312,7 +1312,7 @@ async fn setup_demo_account_passkey(rsclient: &KanidmClient) -> WebauthnAuthenti .unwrap(); // Assert it now works. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; wa } @@ -1467,7 +1467,7 @@ async fn test_server_api_token_lifecycle(rsclient: KanidmClient) { .idm_service_account_add_attr( test_service_account_username, Attribute::Mail.as_ref(), - &vec!["test@example.com"] + &["test@example.com"] ) .await .is_ok()); @@ -1602,7 +1602,7 @@ async fn test_server_user_auth_token_lifecycle(rsclient: KanidmClient) { .unwrap(); // Logout, we don't need any auth now. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; // Exchange the intent token let (session_token, _status) = rsclient .idm_account_credential_update_exchange(intent_token) @@ -1624,7 +1624,7 @@ async fn test_server_user_auth_token_lifecycle(rsclient: KanidmClient) { // Auth as the user. - let _ = rsclient.logout(); + let _ = rsclient.logout().await; let res = rsclient .auth_simple_password("demo_account", "eicieY7ahchaoCh0eeTa") .await; diff --git a/server/testkit/tests/scim_test.rs b/server/testkit/tests/scim_test.rs index 8f6c0eb45..34e71227b 100644 --- a/server/testkit/tests/scim_test.rs +++ b/server/testkit/tests/scim_test.rs @@ -53,7 +53,7 @@ async fn test_sync_account_lifecycle(rsclient: KanidmClient) { let url_a = sync_entry .attrs .get("sync_credential_portal") - .and_then(|x| x.get(0)); + .and_then(|x| x.first()); assert_eq!( url_a.map(|s| s.as_str()), diff --git a/server/web_ui/shared/tests/test.rs b/server/web_ui/shared/tests/test.rs deleted file mode 100644 index ee35605f8..000000000 --- a/server/web_ui/shared/tests/test.rs +++ /dev/null @@ -1,19 +0,0 @@ -//! Test harnesses for WASM things. -//! -//! Here be crabs with troubling pasts. -//! -//! Run this on a mac with Safari using the following command: -//! -//! ```shell -//! wasm-pack test --chrome --headless -//!``` -//! - -use wasm_bindgen_test::*; - -wasm_bindgen_test_configure!(run_in_browser); - -#[wasm_bindgen_test] -fn if_this_fails_then_oh_no() { - assert_eq!(1, 1); -} diff --git a/unix_integration/resolver/src/selinux_util.rs b/unix_integration/resolver/src/selinux_util.rs index 23aa69a00..18b669f2a 100644 --- a/unix_integration/resolver/src/selinux_util.rs +++ b/unix_integration/resolver/src/selinux_util.rs @@ -14,10 +14,10 @@ pub fn supported() -> bool { return false; } // check if SELinux is actually running - match current_mode() { - SELinuxMode::Permissive | SELinuxMode::Enforcing => true, - _ => false, - } + matches!( + current_mode(), + SELinuxMode::Permissive | SELinuxMode::Enforcing + ) } fn do_setfscreatecon_for_path(path_raw: &Path, labeler: &Labeler) -> Result<(), String> { @@ -27,9 +27,7 @@ fn do_setfscreatecon_for_path(path_raw: &Path, labeler: &Labeler) -> Resul Ok(context) => context .set_for_new_file_system_objects(true) .map_err(|_| "Failed setting creation context home directory path".to_string()), - Err(_) => { - return Err("Failed looking up default context for home directory path".to_string()); - } + Err(_) => Err("Failed looking up default context for home directory path".to_string()), } } @@ -97,7 +95,7 @@ impl SelinuxLabeler { sel_lookup_path_raw, } => { let sel_lookup_path = sel_lookup_path_raw.join(path.as_ref()); - do_setfscreatecon_for_path(&sel_lookup_path, &labeler) + do_setfscreatecon_for_path(&sel_lookup_path, labeler) } } } diff --git a/unix_integration/resolver/tests/cache_layer_test.rs b/unix_integration/resolver/tests/cache_layer_test.rs index 68595fec2..d356d3612 100644 --- a/unix_integration/resolver/tests/cache_layer_test.rs +++ b/unix_integration/resolver/tests/cache_layer_test.rs @@ -56,7 +56,7 @@ async fn setup_test(fix_fn: Fixture) -> (Resolver, KanidmClient) { #[allow(clippy::assertions_on_constants)] if counter >= 5 { eprintln!("Unable to allocate port!"); - assert!(false); + debug_assert!(false); } };