mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

enforcen den clippen (#2990)

Browse source 
* enforcen den clippen
* updating outdated oauth2-related docs
* sorry clippy, we tried
This commit is contained in:
James Hodgkinson 2024-08-21 10:32:56 +10:00 committed by GitHub
parent fbfea05c6c
commit 7c3deab2c4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
50 changed files with 377 additions and 522 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.github/pull_request_template.md vendored
View file

@ -1,10 +1,11 @@
# Change summary
-
Fixes #
Checklist
- [ ] This PR contains no AI generated code
- [ ] `cargo fmt` has been run
- [ ] `cargo clippy` has been run
- [ ] `cargo test` has been run and passes
- [ ] book chapter included (if relevant)
- [ ] design document included (if relevant)

22
.github/workflows/clippy.yml vendored
View file

@ -1,11 +1,9 @@
---
name: Clippy
name: Linting checks
# Trigger the workflow on push or pull request
# Trigger the workflow on push
"on":
push:
branches-ignore:
- master
pull_request:
env:
@ -34,7 +32,15 @@ jobs:
pkg-config \
tpm-udev \
libtss2-dev
- name: "Run clippy (ignores errors, this is just a check)"
run: cargo clippy --all-features --all-targets
continue-on-error: true
- name: "Run clippy"
run: cargo clippy --lib --bins --examples --all-features
fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup sccache
uses: mozilla-actions/sccache-action@v0.0.5
with:
version: "v0.4.2"
- name: "Run cargo fmt"
run: cargo fmt --check

0
.github/workflows/wasm_test.yml → .github/workflows/wasm_test.yml.disabled vendored
View file

4
book/src/integrations/oauth2.md
View file

@ -124,12 +124,12 @@ Once created you can view the details of the client.
```bash
kanidm system oauth2 get nextcloud
---
name: nextcloud
class: oauth2_resource_server
class: oauth2_resource_server_basic
class: object
displayname: Nextcloud Production
oauth2_rs_basic_secret: hidden
oauth2_rs_name: nextcloud
oauth2_rs_origin_landing: https://nextcloud.example.com
oauth2_rs_token_key: hidden
```
@ -144,7 +144,7 @@ kanidm system oauth2 show-basic-secret nextcloud
### Configure the Client/Resource Server
On your client, you should configure the client ID as the `oauth2_rs_name` from Kanidm, and the
On your client, you should configure the client ID as the `name` from Kanidm, and the
password to be the value shown in `oauth2_rs_basic_secret`. Ensure that the code
challenge/verification method is set to S256.

6
book/src/integrations/oauth2/examples.md
View file

@ -61,7 +61,7 @@ OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET = "<oauth2_rs_basic_secret>";
OAUTH2_REDIRECT_URL = "https://feeds.example.com/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.example.com/oauth2/openid/<oauth2_rs_name>";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.example.com/oauth2/openid/<name>";
```
## Nextcloud
@ -227,14 +227,14 @@ Vouch Proxy supports multiple OAuth and OIDC login providers. To configure it yo
oauth:
auth_url: https://idm.wherekanidmruns.com/ui/oauth2
callback_url: https://login.wherevouchproxyruns.com/auth
client_id: <oauth2_rs_name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
client_id: <name> # Found in kanidm system oauth2 get XXXX (should be the same as XXXX)
client_secret: <oauth2_rs_basic_secret> # Found in kanidm system oauth2 get XXXX
code_challenge_method: S256
provider: oidc
scopes:
- email # Required due to vouch proxy reliance on mail as a primary identifier
token_url: https://idm.wherekanidmruns.com/oauth2/token
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<oauth2_rs_name>/userinfo
user_info_url: https://idm.wherekanidmruns.com/oauth2/openid/<name>/userinfo
```
The `email` scope needs to be passed and thus the mail attribute needs to exist on the account:

1
clippy.toml
View file

@ -16,4 +16,5 @@ disallowed-types = ["std::collections::HashMap", "std::collections::HashSet"]
allow-expect-in-tests = true
allow-unwrap-in-tests = true
allow-panic-in-tests = true
allow-dbg-in-tests = true

4
libs/scim_proto/src/group.rs
View file

@ -4,7 +4,7 @@ use url::Url;
use uuid::Uuid;
#[derive(Serialize, Deserialize, Debug, Clone)]
struct Member {
pub struct Member {
value: Uuid,
#[serde(rename = "$ref")]
ref_: Url,
@ -13,7 +13,7 @@ struct Member {
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(rename_all = "camelCase")]
struct Group {
pub struct Group {
#[serde(flatten)]
entry: ScimEntry,

16
libs/scim_proto/src/user.rs
View file

@ -8,7 +8,7 @@ use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(rename_all = "camelCase")]
struct Name {
pub struct Name {
// The full name including all middle names and titles
formatted: Option<String>,
family_name: Option<String>,
@ -32,7 +32,7 @@ enum Language {
// https://datatracker.ietf.org/doc/html/rfc5646
#[allow(non_camel_case_types)]
#[derive(Serialize, Deserialize, Debug, Clone)]
enum Locale {
pub enum Locale {
en,
#[serde(rename = "en-AU")]
en_AU,
@ -57,7 +57,7 @@ impl fmt::Display for Locale {
#[allow(non_camel_case_types)]
#[derive(Serialize, Deserialize, Debug, Clone)]
enum Timezone {
pub enum Timezone {
#[serde(rename = "Australia/Brisbane")]
australia_brisbane,
#[serde(rename = "America/Los_Angeles")]
@ -87,7 +87,7 @@ pub struct MultiValueAttr {
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(rename_all = "camelCase")]
struct Photo {
pub struct Photo {
#[serde(rename = "type")]
type_: Option<String>,
primary: Option<bool>,
@ -98,7 +98,7 @@ struct Photo {
}
#[derive(Serialize, Deserialize, Debug, Clone)]
struct Binary {
pub struct Binary {
#[serde(rename = "type")]
type_: Option<String>,
primary: Option<bool>,
@ -110,7 +110,7 @@ struct Binary {
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(rename_all = "camelCase")]
struct Address {
pub struct Address {
#[serde(rename = "type")]
type_: Option<String>,
primary: Option<bool>,
@ -132,7 +132,7 @@ enum Membership {
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(rename_all = "camelCase")]
struct Group {
pub struct Group {
#[serde(rename = "type")]
type_: Option<String>,
#[serde(rename = "$ref")]
@ -143,7 +143,7 @@ struct Group {
#[derive(Serialize, Deserialize, Debug, Clone)]
#[serde(rename_all = "camelCase")]
struct User {
pub struct User {
#[serde(flatten)]
entry: ScimEntry,
// required, must be unique, string.

2
proto/src/internal/error.rs
View file

@ -79,6 +79,7 @@ pub enum OperationError {
SchemaViolation(SchemaError),
Plugin(PluginError),
FilterGeneration,
FilterParseError,
FilterUuidResolution,
InvalidAttributeName(String),
InvalidAttribute(String),
@ -260,6 +261,7 @@ impl OperationError {
Self::SchemaViolation(_) => None,
Self::Plugin(_) => None,
Self::FilterGeneration => None,
Self::FilterParseError => None,
Self::FilterUuidResolution => None,
Self::InvalidAttributeName(_) => None,
Self::InvalidAttribute(_) => None,

4
server/core/src/repl/codec.rs
View file

@ -216,7 +216,7 @@ mod tests {
// Clear buffer - setup a request with a length > allowed max.
buf.clear();
let len_bytes = (34 as u64).to_be_bytes();
let len_bytes = (34_u64).to_be_bytes();
buf.extend_from_slice(&len_bytes);
// Even though the buf len is only 8, this will error as the overall
@ -226,7 +226,7 @@ mod tests {
// Assert that we request more data on a validly sized req
buf.clear();
let len_bytes = (20 as u64).to_be_bytes();
let len_bytes = (20_u64).to_be_bytes();
buf.extend_from_slice(&len_bytes);
// Pad in some extra bytes.
buf.extend_from_slice(&zero);

8
server/lib/benches/image_benches.rs
View file

@ -13,9 +13,7 @@ pub fn bench_png_lodepng_validate(c: &mut Criterion) {
env!("CARGO_MANIFEST_DIR")
));
let contents = black_box(std::fs::read(filename).unwrap());
b.iter(|| {
png::png_lodepng_validate(&contents, black_box(&"oversize_dimensions.png".to_string()))
})
b.iter(|| png::png_lodepng_validate(&contents, black_box("oversize_dimensions.png")))
});
group.bench_function("png_lodepng_validate_ok", |b| {
let filename = black_box(format!(
@ -23,9 +21,7 @@ pub fn bench_png_lodepng_validate(c: &mut Criterion) {
env!("CARGO_MANIFEST_DIR")
));
let contents = black_box(std::fs::read(filename).unwrap());
b.iter(|| {
png::png_lodepng_validate(&contents, black_box(&"oversize_dimensions.png".to_string()))
})
b.iter(|| png::png_lodepng_validate(&contents, black_box("oversize_dimensions.png")))
});
group.finish();
}

38
server/lib/src/be/mod.rs
View file

@ -2269,7 +2269,7 @@ mod tests {
($be:expr, $ent:expr) => {{
let ei = $ent.clone().into_sealed_committed();
let filt = ei
.filter_from_attrs(&vec![Attribute::Uuid.into()])
.filter_from_attrs(&[Attribute::Uuid.into()])
.expect("failed to generate filter")
.into_valid_resolved();
let lims = Limits::unlimited();
@ -2282,7 +2282,7 @@ mod tests {
($be:expr, $ent:expr, $attr:expr) => {{
let ei = $ent.clone().into_sealed_committed();
let filt = ei
.filter_from_attrs(&vec![Attribute::UserId.into()])
.filter_from_attrs(&[Attribute::UserId.into()])
.expect("failed to generate filter")
.into_valid_resolved();
let lims = Limits::unlimited();
@ -2586,16 +2586,10 @@ mod tests {
let result = fs::remove_file(&db_backup_file_name);
match result {
Err(e) => {
// if the error is the file is not found, that's what we want so continue,
// otherwise return the error
match e.kind() {
std::io::ErrorKind::NotFound => {}
_ => (),
}
}
_ => (),
if let Err(e) = result {
// if the error is the file is not found, that's what we want so continue,
// otherwise return the error
if e.kind() == std::io::ErrorKind::NotFound {}
}
be.backup(&db_backup_file_name).expect("Backup failed!");
@ -2650,16 +2644,10 @@ mod tests {
let result = fs::remove_file(&db_backup_file_name);
match result {
Err(e) => {
// if the error is the file is not found, that's what we want so continue,
// otherwise return the error
match e.kind() {
std::io::ErrorKind::NotFound => {}
_ => (),
}
}
_ => (),
if let Err(e) = result {
// if the error is the file is not found, that's what we want so continue,
// otherwise return the error
if e.kind() == std::io::ErrorKind::NotFound {}
}
be.backup(&db_backup_file_name).expect("Backup failed!");
@ -2856,11 +2844,7 @@ mod tests {
);
let uuid_p_idl = be
.load_test_idl(
&"not_indexed".to_string(),
IndexType::Presence,
&"_".to_string(),
)
.load_test_idl("not_indexed", IndexType::Presence, "_")
.unwrap(); // unwrap the result
assert_eq!(uuid_p_idl, None);

2
server/lib/src/constants/entries.rs
View file

@ -21,7 +21,7 @@ use uuid::Uuid;
#[test]
fn test_valueattribute_as_str() {
assert!(Attribute::Class.as_ref() == "class");
assert!(Attribute::Class.to_string() == String::from("class"));
assert!(Attribute::Class.to_string() == *"class");
}
#[test]

5
server/lib/src/credential/softlock.rs
View file

@ -200,10 +200,7 @@ impl CredSoftLock {
#[cfg(test)]
pub fn is_state_init(&self) -> bool {
match self.state {
LockState::Init => true,
_ => false,
}
matches!(self.state, LockState::Init)
}
#[cfg(test)]

48
server/lib/src/credential/totp.rs
View file

@ -50,7 +50,7 @@ impl Into<u8> for TotpDigits {
}
}
#[derive(Debug, Clone, PartialEq, Eq)]
#[derive(Debug, Clone, PartialEq, Eq, Copy)]
pub enum TotpAlgo {
Sha1,
Sha256,
@ -58,7 +58,7 @@ pub enum TotpAlgo {
}
impl TotpAlgo {
pub(crate) fn digest(&self, key: &[u8], counter: u64) -> Result<Vec<u8>, TotpError> {
pub(crate) fn digest(self, key: &[u8], counter: u64) -> Result<Vec<u8>, TotpError> {
let key = PKey::hmac(key).map_err(|_e| TotpError::OpenSSLError)?;
let mut signer =
match self {
@ -297,104 +297,104 @@ mod tests {
}
fn do_test(
key: Vec<u8>,
key: &[u8],
algo: TotpAlgo,
secs: u64,
step: u64,
digits: TotpDigits,
expect: Result<u32, TotpError>,
expect: &Result<u32, TotpError>,
) {
let otp = Totp::new(key.clone(), step, algo.clone(), digits);
let otp = Totp::new(key.to_vec(), step, algo, digits);
let d = Duration::from_secs(secs);
let r = otp.do_totp_duration_from_epoch(&d);
debug!(
"key: {:?}, algo: {:?}, time: {:?}, step: {:?}, expect: {:?} == {:?}",
key, algo, secs, step, expect, r
);
assert!(r == expect);
assert_eq!(&r, expect);
}
#[test]
fn totp_sha1_vectors() {
do_test(
vec![0x00, 0x00, 0x00, 0x00],
&[0x00, 0x00, 0x00, 0x00],
TotpAlgo::Sha1,
1585368920,
TOTP_DEFAULT_STEP,
TotpDigits::Six,
Ok(728926),
&Ok(728926),
);
do_test(
vec![0x00, 0x00, 0x00, 0x00],
&[0x00, 0x00, 0x00, 0x00],
TotpAlgo::Sha1,
1585368920,
TOTP_DEFAULT_STEP,
TotpDigits::Eight,
Ok(74728926),
&Ok(74728926),
);
do_test(
vec![0x00, 0xaa, 0xbb, 0xcc],
&[0x00, 0xaa, 0xbb, 0xcc],
TotpAlgo::Sha1,
1585369498,
TOTP_DEFAULT_STEP,
TotpDigits::Six,
Ok(985074),
&Ok(985074),
);
}
#[test]
fn totp_sha256_vectors() {
do_test(
vec![0x00, 0x00, 0x00, 0x00],
&[0x00, 0x00, 0x00, 0x00],
TotpAlgo::Sha256,
1585369682,
TOTP_DEFAULT_STEP,
TotpDigits::Six,
Ok(795483),
&Ok(795483),
);
do_test(
vec![0x00, 0x00, 0x00, 0x00],
&[0x00, 0x00, 0x00, 0x00],
TotpAlgo::Sha256,
1585369682,
TOTP_DEFAULT_STEP,
TotpDigits::Eight,
Ok(11795483),
&Ok(11795483),
);
do_test(
vec![0x00, 0xaa, 0xbb, 0xcc],
&[0x00, 0xaa, 0xbb, 0xcc],
TotpAlgo::Sha256,
1585369689,
TOTP_DEFAULT_STEP,
TotpDigits::Six,
Ok(728402),
&Ok(728402),
);
}
#[test]
fn totp_sha512_vectors() {
do_test(
vec![0x00, 0x00, 0x00, 0x00],
&[0x00, 0x00, 0x00, 0x00],
TotpAlgo::Sha512,
1585369775,
TOTP_DEFAULT_STEP,
TotpDigits::Six,
Ok(587735),
&Ok(587735),
);
do_test(
vec![0x00, 0x00, 0x00, 0x00],
&[0x00, 0x00, 0x00, 0x00],
TotpAlgo::Sha512,
1585369775,
TOTP_DEFAULT_STEP,
TotpDigits::Eight,
Ok(14587735),
&Ok(14587735),
);
do_test(
vec![0x00, 0xaa, 0xbb, 0xcc],
&[0x00, 0xaa, 0xbb, 0xcc],
TotpAlgo::Sha512,
1585369780,
TOTP_DEFAULT_STEP,
TotpDigits::Six,
Ok(952181),
&Ok(952181),
);
}

51
server/lib/src/entry.rs
View file

@ -3383,9 +3383,8 @@ where
self.purge_ava(Attribute::try_from(attr)?);
}
Modify::Assert(attr, value) => {
self.assert_ava(attr.to_owned(), value).map_err(|e| {
self.assert_ava(attr.to_owned(), value).inspect_err(|_e| {
error!("Modification assertion was not met. {} {:?}", attr, value);
e
})?;
}
}
@ -3530,8 +3529,8 @@ mod tests {
// are adding ... Or do we validate after the changes are made in
// total?
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.into(), Value::from("william"));
e.add_ava(Attribute::UserId.into(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
let values = e.get_ava_set(Attribute::UserId).expect("Failed to get ava");
// Should only be one value!
@ -3541,7 +3540,7 @@ mod tests {
#[test]
fn test_entry_pres() {
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.into(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
assert!(e.attribute_pres(Attribute::UserId));
assert!(!e.attribute_pres(Attribute::Name));
@ -3551,34 +3550,22 @@ mod tests {
fn test_entry_equality() {
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.into(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
assert!(e.attribute_equality(
Attribute::UserId.into(),
&PartialValue::new_utf8s("william")
));
assert!(e.attribute_equality(Attribute::UserId, &PartialValue::new_utf8s("william")));
assert!(!e.attribute_equality(Attribute::UserId, &PartialValue::new_utf8s("test")));
assert!(!e.attribute_equality(
Attribute::NonExist.into(),
&PartialValue::new_utf8s("william")
));
assert!(!e.attribute_equality(Attribute::NonExist, &PartialValue::new_utf8s("william")));
// Also test non-matching attr syntax
assert!(!e.attribute_equality(
Attribute::UserId.into(),
&PartialValue::new_iutf8("william")
));
assert!(!e.attribute_equality(Attribute::UserId, &PartialValue::new_iutf8("william")));
}
#[test]
fn test_entry_substring() {
let mut e: Entry<EntryInit, EntryNew> = Entry::new();
e.add_ava(Attribute::UserId.into(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
assert!(e.attribute_substring(
Attribute::UserId.into(),
&PartialValue::new_utf8s("william")
));
assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("william")));
assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("will")));
assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("liam")));
assert!(e.attribute_substring(Attribute::UserId, &PartialValue::new_utf8s("lli")));
@ -3630,7 +3617,7 @@ mod tests {
// Test application of changes to an entry.
let mut e: Entry<EntryInvalid, EntryNew> = Entry::new().into_invalid_new();
e.add_ava(Attribute::UserId.into(), Value::from("william"));
e.add_ava(Attribute::UserId, Value::from("william"));
let present_single_mods = ModifyList::new_valid_list(vec![Modify::Present(
Attribute::Attr.into(),
@ -3640,10 +3627,7 @@ mod tests {
assert!(e.apply_modlist(&present_single_mods).is_ok());
// Assert the changes are there
assert!(e.attribute_equality(
Attribute::UserId.into(),
&PartialValue::new_utf8s("william")
));
assert!(e.attribute_equality(Attribute::UserId, &PartialValue::new_utf8s("william")));
assert!(e.attribute_equality(Attribute::Attr, &PartialValue::new_iutf8("value")));
// Assert present for multivalue
@ -3655,10 +3639,7 @@ mod tests {
assert!(e.apply_modlist(&present_multivalue_mods).is_ok());
assert!(e.attribute_equality(Attribute::Class, &PartialValue::new_iutf8("test")));
assert!(e.attribute_equality(
Attribute::Class.into(),
&PartialValue::new_iutf8("multi_test")
));
assert!(e.attribute_equality(Attribute::Class, &PartialValue::new_iutf8("multi_test")));
// Assert purge on single/multi/empty value
let purge_single_mods =
@ -3688,13 +3669,13 @@ mod tests {
assert!(e.apply_modlist(&present_single_mods).is_ok());
assert!(e.attribute_equality(Attribute::Attr, &PartialValue::new_iutf8("value")));
assert!(e.apply_modlist(&remove_mods).is_ok());
assert!(e.attrs.get(Attribute::Attr.as_ref()).is_none());
assert!(!e.attrs.contains_key(Attribute::Attr.as_ref()));
let remove_empty_mods = remove_mods;
assert!(e.apply_modlist(&remove_empty_mods).is_ok());
assert!(e.attrs.get(Attribute::Attr.as_ref()).is_none());
assert!(!e.attrs.contains_key(Attribute::Attr.as_ref()));
}
#[test]
@ -3702,7 +3683,7 @@ mod tests {
let mut e1: Entry<EntryInit, EntryNew> = Entry::new();
e1.add_ava(Attribute::UserId, Value::from("william"));
let mut e1_mod = e1.clone();
e1_mod.add_ava(Attribute::Extra.into(), Value::from("test"));
e1_mod.add_ava(Attribute::Extra, Value::from("test"));
let e1 = e1.into_sealed_committed();
let e1_mod = e1_mod.into_sealed_committed();

25
server/lib/src/filter.rs
View file

@ -14,6 +14,7 @@ use std::fmt;
use std::hash::Hash;
use std::iter;
use std::num::NonZeroU8;
use std::str::FromStr;
use std::sync::Arc;
use concread::arcache::{ARCache, ARCacheReadTxn};
@ -643,18 +644,6 @@ impl Filter<FilterInvalid> {
}
}
/// ⚠️ - Blindly accept a filter from a string, panicking if it fails to parse.
/// This is a TEST ONLY method and will never be exposed in production.
#[cfg(test)]
pub fn from_str(fc: &str) -> Self {
let f: FC = serde_json::from_str(fc).expect("Failure parsing filter!");
Filter {
state: FilterInvalid {
inner: FilterComp::new(f),
},
}
}
pub fn validate(
&self,
schema: &dyn SchemaTransaction,
@ -717,6 +706,18 @@ impl Filter<FilterInvalid> {
}
}
impl FromStr for Filter<FilterInvalid> {
type Err = OperationError;
fn from_str(s: &str) -> Result<Self, Self::Err> {
let f: FC = serde_json::from_str(s).map_err(|_| OperationError::FilterParseError)?;
Ok(Filter {
state: FilterInvalid {
inner: FilterComp::new(f),
},
})
}
}
impl FilterComp {
fn new(fc: FC) -> Self {
match fc {

3
server/lib/src/idm/account.rs
View file

@ -999,9 +999,8 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
issued_at: s.issued_at,
purpose,
})
.map_err(|e| {
.inspect_err(|_e| {
admin_error!("Invalid user auth token {}", u);
e
})
})
.collect::<Result<Vec<_>, _>>()

10
server/lib/src/idm/application.rs
View file

@ -301,7 +301,7 @@ mod tests {
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
let cr = idms_prox_write.qs_write.create(&ce);
assert!(!cr.is_ok());
assert!(cr.is_err());
// Application and Person not allowed together
let test_grp_name = "testgroup1";
@ -329,7 +329,7 @@ mod tests {
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
let cr = idms_prox_write.qs_write.create(&ce);
assert!(!cr.is_ok());
assert!(cr.is_err());
// Supplements not satisfied, Application supplements ServiceAccount
let test_grp_name = "testgroup1";
@ -352,7 +352,7 @@ mod tests {
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
let cr = idms_prox_write.qs_write.create(&ce);
assert!(!cr.is_ok());
assert!(cr.is_err());
// Supplements not satisfied, Application supplements ServiceAccount
let test_grp_name = "testgroup1";
@ -374,7 +374,7 @@ mod tests {
);
let ce = CreateEvent::new_internal(vec![e1, e2]);
let cr = idms_prox_write.qs_write.create(&ce);
assert!(!cr.is_ok());
assert!(cr.is_err());
// Supplements satisfied, Application supplements ServiceAccount
let test_grp_name = "testgroup1";
@ -427,7 +427,7 @@ mod tests {
let ce = CreateEvent::new_internal(vec![e1]);
let cr = idms_prox_write.qs_write.create(&ce);
assert!(!cr.is_ok());
assert!(cr.is_err());
}
// Tests creating an applicatin with a real linked group attribute

2
server/lib/src/idm/applinks.rs
View file

@ -176,7 +176,7 @@ mod tests {
.list_applinks(&ident)
.expect("Failed to access related apps");
let app = apps.get(0).expect("No apps return!");
let app = apps.first().expect("No apps return!");
assert!(match app {
AppLink::Oauth2 {

84
server/lib/src/idm/authsession.rs
View file

@ -1837,7 +1837,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// === Now begin a new session, and use a good pw.
@ -1868,7 +1868,7 @@ mod tests {
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
drop(async_tx);
@ -1938,7 +1938,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
drop(async_tx);
@ -1955,7 +1955,7 @@ mod tests {
account: account.clone(),
account_policy: ResolvedAccountPolicy::default(),
issue: AuthIssueSession::Token,
webauthn: webauthn,
webauthn,
ct: duration_from_epoch_now(),
client_auth_info: Source::Internal.into(),
};
@ -1995,7 +1995,7 @@ mod tests {
account: account.clone(),
account_policy: ResolvedAccountPolicy::default(),
issue: AuthIssueSession::Token,
webauthn: webauthn,
webauthn,
ct: duration_from_epoch_now(),
client_auth_info: Source::Internal.into(),
};
@ -2040,7 +2040,7 @@ mod tests {
account: account.clone(),
account_policy: ResolvedAccountPolicy::default(),
issue: AuthIssueSession::Token,
webauthn: webauthn,
webauthn,
ct: duration_from_epoch_now(),
client_auth_info: Source::Internal.into(),
};
@ -2126,7 +2126,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2150,7 +2150,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
// check send bad totp, should fail immediate
@ -2171,7 +2171,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2205,7 +2205,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2239,7 +2239,7 @@ mod tests {
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2312,7 +2312,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2458,7 +2458,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2486,11 +2486,11 @@ mod tests {
// Check the async counter update was sent.
match async_rx.blocking_recv() {
Some(DelayedAction::WebauthnCounterIncrement(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2519,7 +2519,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2567,7 +2567,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2617,7 +2617,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2639,7 +2639,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2671,7 +2671,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2710,13 +2710,13 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// Check the async counter update was sent.
match async_rx.blocking_recv() {
Some(DelayedAction::WebauthnCounterIncrement(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2756,11 +2756,11 @@ mod tests {
// Check the async counter update was sent.
match async_rx.blocking_recv() {
Some(DelayedAction::WebauthnCounterIncrement(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2821,7 +2821,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2843,7 +2843,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2873,7 +2873,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2912,13 +2912,13 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// Check the async counter update was sent.
match async_rx.blocking_recv() {
Some(DelayedAction::WebauthnCounterIncrement(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2951,7 +2951,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -2984,7 +2984,7 @@ mod tests {
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -3024,11 +3024,11 @@ mod tests {
// Check the async counter update was sent.
match async_rx.blocking_recv() {
Some(DelayedAction::WebauthnCounterIncrement(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -3100,7 +3100,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
// check send wrong backup code, should fail immediate
@ -3121,7 +3121,7 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
// check send good backup code, should continue
@ -3154,13 +3154,13 @@ mod tests {
match audit_rx.try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
// Can't process BackupCodeRemoval without the server instance
match async_rx.blocking_recv() {
Some(DelayedAction::BackupCodeRemoval(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// check send good backup code, should continue
@ -3194,13 +3194,13 @@ mod tests {
// Can't process BackupCodeRemoval without the server instance
match async_rx.blocking_recv() {
Some(DelayedAction::BackupCodeRemoval(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// There will be a auth session record too
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// TOTP should also work:
@ -3236,7 +3236,7 @@ mod tests {
// There will be a auth session record too
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
drop(async_tx);
@ -3313,7 +3313,7 @@ mod tests {
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -3346,7 +3346,7 @@ mod tests {
match async_rx.blocking_recv() {
Some(DelayedAction::AuthSessionRecord(_)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}

85
server/lib/src/idm/credupdatesession.rs
View file

@ -2952,53 +2952,40 @@ mod tests {
.credential_primary_set_password(&cust, ct, "password")
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details == vec!(PasswordFeedback::TooShort(PW_MIN_LENGTH),) =>
true,
_ => false,
});
assert!(
matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::TooShort(PW_MIN_LENGTH),))
);
let err = cutxn
.credential_primary_set_password(&cust, ct, "password1234")
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details
== vec!(
PasswordFeedback::AddAnotherWordOrTwo,
PasswordFeedback::ThisIsACommonPassword,
) =>
true,
_ => false,
});
assert!(
matches!(err, OperationError::PasswordQuality(details) if details
== vec!(
PasswordFeedback::AddAnotherWordOrTwo,
PasswordFeedback::ThisIsACommonPassword,
))
);
let err = cutxn
.credential_primary_set_password(&cust, ct, &radius_secret)
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details == vec!(PasswordFeedback::DontReusePasswords,) =>
true,
_ => false,
});
assert!(
matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::DontReusePasswords,))
);
let err = cutxn
.credential_primary_set_password(&cust, ct, "testperson2023")
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details
== vec!(
PasswordFeedback::NamesAndSurnamesByThemselvesAreEasyToGuess,
PasswordFeedback::AvoidDatesAndYearsThatAreAssociatedWithYou,
) =>
true,
_ => false,
});
assert!(
matches!(err, OperationError::PasswordQuality(details) if details == vec!(
PasswordFeedback::NamesAndSurnamesByThemselvesAreEasyToGuess,
PasswordFeedback::AvoidDatesAndYearsThatAreAssociatedWithYou,
))
);
let err = cutxn
.credential_primary_set_password(
@ -3008,12 +2995,9 @@ mod tests {
)
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details == vec!(PasswordFeedback::BadListed) =>
true,
_ => false,
});
assert!(
matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::BadListed))
);
assert!(c_status.can_commit);
@ -3066,12 +3050,9 @@ mod tests {
.credential_primary_set_password(&cust, ct, &pw)
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),) =>
true,
_ => false,
});
assert!(
matches!(err, OperationError::PasswordQuality(details) if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),))
);
// Test pw len of len minus 1
let pw = password_from_random_len(test_pw_min_length - 1);
@ -3079,12 +3060,8 @@ mod tests {
.credential_primary_set_password(&cust, ct, &pw)
.unwrap_err();
trace!(?err);
assert!(match err {
OperationError::PasswordQuality(details)
if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),) =>
true,
_ => false,
});
assert!(matches!(err,OperationError::PasswordQuality(details)
if details == vec!(PasswordFeedback::TooShort(test_pw_min_length),)));
// Test pw len of exact len
let pw = password_from_random_len(test_pw_min_length);
@ -3492,11 +3469,7 @@ mod tests {
.expect("Failed to initiate passkey registration");
assert!(matches!(c_status.mfaregstate, MfaRegStateStatus::None));
assert!(matches!(
// Should be none.
c_status.primary.as_ref(),
None
));
assert!(c_status.primary.as_ref().is_none());
// Check we have the passkey
trace!(?c_status);
@ -4215,7 +4188,7 @@ mod tests {
// meets criteria.
match idms_audit.audit_rx().try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// Update creds

8
server/lib/src/idm/identityverification.rs
View file

@ -508,7 +508,7 @@ mod test {
);
let Ok(IdentifyUserResponse::ProvideCode { totp, .. }) = res_higher_user else {
return assert!(false);
panic!();
};
let res_lower_user_wrong = idms_prox_read.handle_identify_user_submit_code(
@ -532,7 +532,7 @@ mod test {
// now we need to get the code from the lower_user and submit it to the higher_user
let Ok(IdentifyUserResponse::ProvideCode { totp, .. }) = res_lower_user_correct else {
return assert!(false);
panic!("Invalid");
};
let res_higher_user_2_wrong = idms_prox_read.handle_identify_user_submit_code(
@ -600,7 +600,7 @@ mod test {
..
}) = res_higher_user
else {
return assert!(false);
panic!();
};
// then we get the lower user code
@ -619,7 +619,7 @@ mod test {
{
assert_ne!(higher_user_totp, lower_user_totp);
} else {
assert!(false);
debug_assert!(false);
}
}

44
server/lib/src/idm/ldap.rs
View file

@ -910,7 +910,7 @@ mod tests {
ldaps.do_bind(idms, "", "test").await.unwrap_err() == OperationError::NotAuthenticated
);
let admin_t = ldaps.do_bind(idms, "admin", TEST_PASSWORD).await.unwrap();
assert!(admin_t.is_none() == true);
assert!(admin_t.is_none());
// Setting UNIX_PW_BIND flag to true :
let mut idms_prox_write = idms.proxy_write(duration_from_epoch_now()).await.unwrap();
@ -1138,7 +1138,7 @@ mod tests {
let sr = SearchRequest {
msgid: 1,
base: format!("dc=example,dc=com"),
base: "dc=example,dc=com".to_string(),
scope: LdapSearchScope::Subtree,
filter: LdapFilter::Present(Attribute::ObjectClass.to_string()),
attrs: vec!["*".to_string()],
@ -1148,7 +1148,7 @@ mod tests {
.do_search(idms, &sr, &anon_t, Source::Internal)
.await
.unwrap();
assert!(r1.len() > 0);
assert!(!r1.is_empty());
assert!(r1.len() == r2.len());
}
@ -1722,7 +1722,7 @@ mod tests {
(Attribute::Uuid, "cc8e95b4-c24f-4d68-ba54-8bed76f63930")
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
// Check that when we request +, we get all attrs and the vattrs
@ -1764,7 +1764,7 @@ mod tests {
(Attribute::LdapKeys, ssh_ed25519)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
// Check that when we request an attr by name, we get all of them correctly.
@ -1801,7 +1801,7 @@ mod tests {
(Attribute::LdapKeys, ssh_ed25519)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -1927,7 +1927,7 @@ mod tests {
(Attribute::Name, "testperson1")
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
// Inspect the token to get its uuid out.
@ -1984,7 +1984,7 @@ mod tests {
)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
// ======= test with a substring search
@ -2039,7 +2039,7 @@ mod tests {
)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -2110,7 +2110,7 @@ mod tests {
)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -2167,7 +2167,7 @@ mod tests {
);
assert!(lsre.attributes.is_empty());
}
_ => assert!(false),
_ => panic!("Oh no"),
};
// If we request 1.1 and another attr, 1.1 is IGNORED.
@ -2200,7 +2200,7 @@ mod tests {
)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -2238,7 +2238,7 @@ mod tests {
("defaultnamingcontext", "dc=example,dc=com")
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
drop(ldaps);
@ -2291,7 +2291,7 @@ mod tests {
("defaultnamingcontext", "o=kanidmproject")
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -2399,7 +2399,7 @@ mod tests {
)
);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -2435,13 +2435,13 @@ mod tests {
assert!(anon_t.effective_session == LdapSession::UnixBind(UUID_ANONYMOUS));
#[track_caller]
fn assert_compare_result(r: &Vec<LdapMsg>, code: LdapResultCode) {
fn assert_compare_result(r: &[LdapMsg], code: &LdapResultCode) {
assert!(r.len() == 1);
match &r[0].op {
LdapOp::CompareResult(lcr) => {
assert_eq!(lcr.code, code);
assert_eq!(&lcr.code, code);
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -2457,7 +2457,7 @@ mod tests {
.do_compare(idms, &cr, &anon_t, Source::Internal)
.await
.unwrap(),
LdapResultCode::CompareTrue,
&LdapResultCode::CompareTrue,
);
let cr = CompareRequest {
@ -2472,7 +2472,7 @@ mod tests {
.do_compare(idms, &cr, &anon_t, Source::Internal)
.await
.unwrap(),
LdapResultCode::CompareTrue,
&LdapResultCode::CompareTrue,
);
let cr = CompareRequest {
@ -2486,7 +2486,7 @@ mod tests {
.do_compare(idms, &cr, &anon_t, Source::Internal)
.await
.unwrap(),
LdapResultCode::CompareFalse,
&LdapResultCode::CompareFalse,
);
let cr = CompareRequest {
@ -2500,7 +2500,7 @@ mod tests {
.do_compare(idms, &cr, &anon_t, Source::Internal)
.await
.unwrap(),
LdapResultCode::NoSuchObject,
&LdapResultCode::NoSuchObject,
);
let cr = CompareRequest {

203
server/lib/src/idm/oauth2.rs
View file

@ -2629,7 +2629,7 @@ fn extra_claims_for_account(
extra_claims.insert(claim_name.to_string(), claim_value.to_json_value());
}
if scopes.contains(&"groups".to_string()) {
if scopes.contains("groups") {
extra_claims.insert(
"groups".to_string(),
account
@ -3107,12 +3107,9 @@ mod tests {
);
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -3172,12 +3169,9 @@ mod tests {
);
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -3447,12 +3441,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
drop(idms_prox_read);
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
@ -3527,12 +3518,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
drop(idms_prox_read);
let mut idms_prox_write = idms.proxy_write(ct).await.unwrap();
@ -3695,12 +3683,9 @@ mod tests {
trace!(?consent_request);
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -3820,12 +3805,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -3914,12 +3896,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -4083,12 +4062,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -4187,10 +4163,10 @@ mod tests {
&ResolvedAccountPolicy::test_policy(),
)
.expect("Unable to create uat");
let ident2 = idms_prox_write
idms_prox_write
.process_uat_to_identity(&uat2, ct, Source::Internal)
.expect("Unable to process uat");
ident2
.expect("Unable to process uat")
};
let idms_prox_read = idms.proxy_read().await.unwrap();
@ -4206,12 +4182,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
let reject_success = idms_prox_read
.check_oauth2_authorise_reject(&ident, &consent_token, ct)
@ -4518,12 +4491,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -4703,12 +4673,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -4791,12 +4758,9 @@ mod tests {
"openid groups".to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -4846,11 +4810,11 @@ mod tests {
.expect("Failed to verify oidc");
// does our id_token contain the expected groups?
assert!(oidc.claims.contains_key(&"groups".to_string()));
assert!(oidc.claims.contains_key("groups"));
assert!(oidc
.claims
.get(&"groups".to_string())
.get("groups")
.expect("unable to find key")
.as_array()
.unwrap()
@ -4862,9 +4826,7 @@ mod tests {
.expect("failed to get userinfo");
// does the userinfo endpoint provide the same groups?
assert!(
oidc.claims.get(&"groups".to_string()) == userinfo.claims.get(&"groups".to_string())
);
assert!(oidc.claims.get("groups") == userinfo.claims.get("groups"));
}
// Check insecure pkce behaviour.
@ -4954,12 +4916,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -5029,12 +4988,9 @@ mod tests {
);
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -5064,10 +5020,7 @@ mod tests {
);
// Should be in the consent phase;
let _permit_success = if let AuthoriseResponse::Permitted(permit_success) = consent_request
{
permit_success
} else {
let AuthoriseResponse::Permitted(_permit_success) = consent_request else {
unreachable!();
};
@ -5128,12 +5081,9 @@ mod tests {
.expect("Oauth2 authorisation failed");
// Should be in the consent phase;
let _consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { .. } = consent_request else {
unreachable!();
};
drop(idms_prox_read);
@ -5195,7 +5145,7 @@ mod tests {
..
} = consent_request
{
assert!(scopes.contains(&"newscope".to_string()));
assert!(scopes.contains("newscope"));
consent_token
} else {
unreachable!();
@ -5226,12 +5176,9 @@ mod tests {
);
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -5329,12 +5276,9 @@ mod tests {
.expect("Failed to perform OAuth2 authorisation request.");
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -5421,12 +5365,9 @@ mod tests {
);
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -6002,12 +5943,9 @@ mod tests {
OAUTH2_SCOPE_OPENID.to_string()
);
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);
@ -6191,12 +6129,9 @@ mod tests {
.expect("OAuth2 authorisation failed");
// Should be in the consent phase;
let consent_token =
if let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request {
consent_token
} else {
unreachable!();
};
let AuthoriseResponse::ConsentRequested { consent_token, .. } = consent_request else {
unreachable!();
};
// == Manually submit the consent token to the permit for the permit_success
drop(idms_prox_read);

2
server/lib/src/idm/reauth.rs
View file

@ -708,7 +708,7 @@ mod tests {
// There should be a queued audit event
match idms_audit.audit_rx().try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
// Start the re-auth - MUST FAIL!

20
server/lib/src/idm/scim.rs
View file

@ -310,9 +310,8 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
.qs_write
// .internal_search(f_all_sync.clone())
.internal_exists(f_all_sync.clone())
.map_err(|e| {
.inspect_err(|_e| {
error!("Failed to determine existing entries set");
e
})?;
/*
@ -354,16 +353,16 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(&f_all_sync, &mods)
.map_err(|e| {
.inspect_err(|_e| {
error!("Failed to modify sync objects to grant authority to kanidm");
e
})?;
};
self.qs_write.internal_delete(&delete_filter).map_err(|e| {
error!(?e, "Failed to terminate sync account");
e
})
self.qs_write
.internal_delete(&delete_filter)
.inspect_err(|e| {
error!(?e, "Failed to terminate sync account");
})
}
}
@ -381,9 +380,8 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
let entry = self
.qs_write
.internal_search_uuid(ste.target)
.map_err(|e| {
.inspect_err(|e| {
admin_error!(?e, "Failed to search sync account");
e
})?;
let sync_account = SyncAccount::try_from_entry_rw(&entry).map_err(|e| {
@ -1678,7 +1676,7 @@ mod tests {
.internal_modify_uuid(
UUID_DOMAIN_INFO,
&ModifyList::new_append(
Attribute::KeyActionRevoke.into(),
Attribute::KeyActionRevoke,
Value::HexString(revoke_kid.to_string()),
),
)

40
server/lib/src/idm/server.rs
View file

@ -2585,7 +2585,7 @@ mod tests {
// There should be a queued audit event
match idms_audit.audit_rx().try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
idms_auth.commit().expect("Must not fail");
@ -2774,7 +2774,7 @@ mod tests {
.await;
match a1 {
Ok(Some(_tok)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
// Check bad password
let uuae_bad = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD_INC);
@ -2783,7 +2783,7 @@ mod tests {
.await;
match a2 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
assert!(idms_auth.commit().is_ok());
@ -2804,7 +2804,7 @@ mod tests {
.await;
match a3 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
assert!(idms_auth.commit().is_ok());
}
@ -2927,7 +2927,7 @@ mod tests {
.await;
match a1 {
Ok(Some(_tok)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
idms_auth.commit().expect("Must not fail");
// The upgrade was queued
@ -2941,7 +2941,7 @@ mod tests {
.await;
match a2 {
Ok(Some(_tok)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
idms_auth.commit().expect("Must not fail");
// No delayed action was queued.
@ -3076,13 +3076,13 @@ mod tests {
// badpw?
match a1 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
let a2 = idms_auth.auth_unix(&uuae_good, time_high).await;
match a2 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
idms_auth.commit().expect("Must not fail");
@ -3139,7 +3139,7 @@ mod tests {
if tok_r.is_err() {
// Ok?
} else {
assert!(false);
debug_assert!(false);
}
let tok_r = idms_prox_read.get_radiusauthtoken(&rate, time_high);
@ -3147,7 +3147,7 @@ mod tests {
if tok_r.is_err() {
// Ok?
} else {
assert!(false);
debug_assert!(false);
}
}
@ -3201,7 +3201,7 @@ mod tests {
// There should be a queued audit event
match idms_audit.audit_rx().try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
idms_auth.commit().expect("Must not fail");
@ -3367,7 +3367,7 @@ mod tests {
match idms_audit.audit_rx().try_recv() {
Ok(AuditEvent::AuthenticationDenied { .. }) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
idms_auth.commit().expect("Must not fail");
@ -3441,7 +3441,7 @@ mod tests {
.await;
match a2 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
// Now if we immediately auth again, should fail at same time due to SL
@ -3450,7 +3450,7 @@ mod tests {
.await;
match a1 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
// And then later, works because of SL lifting.
@ -3459,7 +3459,7 @@ mod tests {
.await;
match a1 {
Ok(Some(_tok)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
assert!(idms_auth.commit().is_ok());
@ -3493,7 +3493,7 @@ mod tests {
// In X time it should be INVALID
match idms_prox_read.validate_client_auth_info_to_ident(token.into(), expiry) {
Err(OperationError::SessionExpired) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -3628,7 +3628,7 @@ mod tests {
.get_key_object(UUID_DOMAIN_INFO)
.and_then(|object| {
object
.jws_public_jwk(&token_kid)
.jws_public_jwk(token_kid)
.expect("Unable to access uat jwk")
})
.expect("No jwk by this kid");
@ -3668,7 +3668,7 @@ mod tests {
.validate_client_auth_info_to_ident(uat_unverified.clone().into(), post_grace)
{
Err(OperationError::SessionExpired) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
drop(idms_prox_read);
@ -3699,7 +3699,7 @@ mod tests {
.validate_client_auth_info_to_ident(uat_unverified.clone().into(), post_grace)
{
Err(OperationError::SessionExpired) => {}
_ => assert!(false),
_ => panic!("Oh no"),
}
}
@ -4059,7 +4059,7 @@ mod tests {
let me_reset_tokens = ModifyEvent::new_internal_invalid(
filter!(f_eq(Attribute::Uuid, PartialValue::Uuid(UUID_DOMAIN_INFO))),
ModifyList::new_append(
Attribute::KeyActionRevoke.into(),
Attribute::KeyActionRevoke,
Value::HexString(revoke_kid.to_string()),
),
);

2
server/lib/src/plugins/base.rs
View file

@ -459,7 +459,7 @@ mod tests {
.expect("Internal search failure");
let ue = cands.first().expect("No cand");
assert!(ue.attribute_equality(
Attribute::Uuid.into(),
Attribute::Uuid,
&PartialValue::Uuid(uuid!("79724141-3603-4060-b6bb-35c72772611d"))
));
}

4
server/lib/src/plugins/cred_import.rs
View file

@ -342,7 +342,7 @@ mod tests {
assert!(webauthn.is_empty());
assert!(backup_code.is_none());
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
);
@ -406,7 +406,7 @@ mod tests {
assert!(totp.get("a") == Some(&totp_a));
assert!(totp.get("b") == Some(&totp_b));
}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
);

24
server/lib/src/plugins/dyngroup.rs
View file

@ -471,7 +471,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -520,7 +520,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -569,7 +569,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
assert!(d_group.get_ava_set(Attribute::DynMember).is_none());
}
);
@ -614,7 +614,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -676,7 +676,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -737,7 +737,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
assert!(d_group.get_ava_set(Attribute::DynMember).is_none());
}
);
@ -788,7 +788,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -841,7 +841,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -896,7 +896,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
let members = d_group
.get_ava_set(Attribute::DynMember)
.expect("No members on dyn group");
@ -948,7 +948,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
assert!(d_group.get_ava_set(Attribute::DynMember).is_none());
}
);
@ -991,7 +991,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
assert!(d_group.get_ava_set(Attribute::DynMember).is_none());
}
);
@ -1038,7 +1038,7 @@ mod tests {
)))
.expect("Internal search failure");
let d_group = cands.get(0).expect("Unable to access group.");
let d_group = cands.first().expect("Unable to access group.");
assert!(d_group.get_ava_set(Attribute::MemberOf).is_none());
}
);

3
server/lib/src/plugins/gidnumber.rs
View file

@ -73,9 +73,8 @@ fn apply_gidnumber<T: Clone>(
let u_ref = e
.get_uuid()
.ok_or(OperationError::InvalidEntryState)
.map_err(|e| {
.inspect_err(|_e| {
admin_error!("Invalid Entry State - Missing UUID");
e
})?;
let gid = uuid_to_gid_u32(u_ref);

8
server/lib/src/plugins/session.rs
View file

@ -627,7 +627,7 @@ mod tests {
// Mod again - remove the parent session.
let modlist = ModifyList::new_remove(
Attribute::UserAuthTokenSession.into(),
Attribute::UserAuthTokenSession,
PartialValue::Refer(parent_id),
);
@ -650,7 +650,7 @@ mod tests {
// The oauth2 session is also removed.
let session = entry
.get_ava_as_oauth2session_map(Attribute::OAuth2Session.into())
.get_ava_as_oauth2session_map(Attribute::OAuth2Session)
.and_then(|sessions| sessions.get(&session_id))
.expect("No session map found");
assert!(matches!(session.state, SessionState::RevokedAt(_)));
@ -751,7 +751,7 @@ mod tests {
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
let session = entry
.get_ava_as_oauth2session_map(Attribute::OAuth2Session.into())
.get_ava_as_oauth2session_map(Attribute::OAuth2Session)
.and_then(|sessions| sessions.get(&session_id))
.expect("No session map found");
assert!(matches!(session.state, SessionState::NeverExpires));
@ -780,7 +780,7 @@ mod tests {
// Note it's a not condition now.
let session = entry
.get_ava_as_oauth2session_map(Attribute::OAuth2Session.into())
.get_ava_as_oauth2session_map(Attribute::OAuth2Session)
.and_then(|sessions| sessions.get(&session_id))
.expect("No session map found");
assert!(matches!(session.state, SessionState::RevokedAt(_)));

3
server/lib/src/server/batch_modify.rs
View file

@ -123,9 +123,8 @@ impl<'a> QueryServerWriteTransaction<'a> {
// Return if success
.map(|()| ent_mut)
// Error log otherwise.
.map_err(|e| {
.inspect_err(|_e| {
error!("Modification failed for {}", u);
e
})
})
})

3
server/lib/src/server/modify.rs
View file

@ -106,9 +106,8 @@ impl<'a> QueryServerWriteTransaction<'a> {
.collect();
candidates.iter_mut().try_for_each(|er| {
er.apply_modlist(&me.modlist).map_err(|e| {
er.apply_modlist(&me.modlist).inspect_err(|_e| {
error!("Modification failed for {:?}", er.get_uuid());
e
})
})?;

3
server/lib/src/server/recycle.rs
View file

@ -18,9 +18,8 @@ impl<'a> QueryServerWriteTransaction<'a> {
error!(err = ?e, "Tombstone purge operation failed (backend)");
e
})
.map(|res| {
.inspect(|_res| {
admin_info!("Tombstone purge operation success");
res
})
}

4
server/lib/src/valueset/address.rs
View file

@ -561,7 +561,7 @@ mod tests {
let vs2 = valueset::from_db_valueset_v2(vs.to_db_valueset_v2())
.expect("Failed to construct vs2 from dbvalue");
assert!(&vs == &vs2);
assert_eq!(&vs, &vs2);
assert!(vs.to_email_address_primary_str() == vs2.to_email_address_primary_str());
// Remove primary, assert it's gone and that the "first" address is assigned.
@ -575,7 +575,7 @@ mod tests {
// Restore from dbv1, alice persisted.
let vs3 = valueset::from_db_valueset_v2(vs.to_db_valueset_v2())
.expect("Failed to construct vs2 from dbvalue");
assert!(&vs == &vs3);
assert_eq!(&vs, &vs3);
assert!(vs3.len() == 2);
assert!(vs3
.as_emailaddress_set()

10
server/lib/src/valueset/auditlogstring.rs
View file

@ -257,7 +257,10 @@ mod tests {
// Now merge in with a set that has a value that is newer.
assert!(100 > AUDIT_LOG_STRING_CAPACITY);
#[allow(clippy::bool_assert_comparison, clippy::assertions_on_constants)]
{
assert!(100 > AUDIT_LOG_STRING_CAPACITY);
}
let other_vs: ValueSet = ValueSetAuditLogString::new(
// Notice that 0 here is older than our other set items.
@ -321,7 +324,10 @@ mod tests {
// Now merge in with a set that has a value that is newer.
assert!(100 > AUDIT_LOG_STRING_CAPACITY);
#[allow(clippy::bool_assert_comparison, clippy::assertions_on_constants)]
{
assert!(100 > AUDIT_LOG_STRING_CAPACITY);
}
let other_vs: ValueSet = ValueSetAuditLogString::new(
// Notice that 0 here is older than our other set items.

2
server/lib/src/valueset/image/mod.rs
View file

@ -531,6 +531,6 @@ fn test_imagevalue_things() {
let res = image.validate_image();
trace!("SVG Validation result of {}: {:?}", filename, &res);
assert!(res.is_ok());
assert_eq!(image.hash_imagevalue().is_empty(), false);
assert!(!image.hash_imagevalue().is_empty());
})
}

4
server/lib/src/valueset/image/png.rs
View file

@ -133,7 +133,7 @@ fn test_png_consume_chunks_until_iend() {
testchunks.extend([0, 0, 0, 1]); // the 4-byte checksum which we ignore
let expected: [u8; 0] = [];
let testchunks_slice = testchunks.as_slice();
let res = png_consume_chunks_until_iend(&testchunks_slice);
let res = png_consume_chunks_until_iend(testchunks_slice);
// simple, valid image works
match res {
@ -150,7 +150,7 @@ fn test_png_consume_chunks_until_iend() {
let mut x = 11;
while x > 0 {
let newslice = &testchunks_slice[0..=x];
let res = png_consume_chunks_until_iend(&newslice);
let res = png_consume_chunks_until_iend(newslice);
trace!("chunkstatus at size {} {:?}", x, &res);
assert!(res.is_err());
x -= 1;

2
server/lib/src/valueset/session.rs
View file

@ -1752,7 +1752,7 @@ mod tests {
type_: AuthType::Passkey,
},
))
.chain((0..SESSION_MAXIMUM).into_iter().map(|_| {
.chain((0..SESSION_MAXIMUM).map(|_| {
(
Uuid::new_v4(),
Session {

4
server/testkit/examples/enumerating_access.rs
View file

@ -80,7 +80,7 @@ where
/// The uuidmap is a map of uuids to EntryInitNew objects, which we use to get the name of the objects
fn as_mermaid(&mut self, uuidmap: &BTreeMap<T, EntryInitNew>) -> String {
let mut res = format!("graph RL;\n");
let mut res = "graph RL;\n".to_string();
for (left, right, _weight) in self.all_edges() {
let left = uuidmap.get(&left).unwrap();
let right = uuidmap.get(&right).unwrap();
@ -103,7 +103,7 @@ async fn enumerate_default_groups(/*_client: KanidmClient*/) {
builtin_accounts().into_iter().for_each(|account| {
// println!("adding builtin {}", account.uuid);
uuidmap.insert(account.uuid, account.clone().try_into().unwrap());
uuidmap.insert(account.uuid, account.clone().into());
graph.add_node(account.uuid);
});

10
server/testkit/tests/identity_verification_tests.rs
View file

@ -7,11 +7,11 @@ use kanidmd_lib::prelude::Attribute;
use kanidmd_testkit::ADMIN_TEST_PASSWORD;
use reqwest::StatusCode;
static UNIVERSAL_PW: &'static str = "eicieY7ahchaoCh0eeTa";
static UNIVERSAL_PW: &str = "eicieY7ahchaoCh0eeTa";
static USER_A_NAME: &'static str = "valid_user_a";
static USER_A_NAME: &str = "valid_user_a";
static USER_B_NAME: &'static str = "valid_user_b";
static USER_B_NAME: &str = "valid_user_b";
// TEST ON ERROR OUTCOMES
// These tests check that invalid requests return the expected error
@ -203,7 +203,7 @@ async fn test_full_identification_flow(rsclient: KanidmClient) {
// we check that the user A got a WaitForCode
let IdentifyUserResponse::ProvideCode { step: _, totp } = higher_user_req_1 else {
return assert!(false);
panic!();
// we check that the user B got the code
};
// we now try to submit the wrong code and we check that we get CodeFailure
@ -230,7 +230,7 @@ async fn test_full_identification_flow(rsclient: KanidmClient) {
.unwrap();
// if the totp was correct we must get a ProvideCode
let IdentifyUserResponse::ProvideCode { step: _, totp } = lower_user_req_2_right else {
return assert!(false);
panic!();
};
// we now try to do the same thing with user B: we first submit the wrong code expecting CodeFailure,
// and then we submit the right one expecting Success

2
server/testkit/tests/integration.rs
View file

@ -215,7 +215,7 @@ async fn test_domain_reset_token_key(rsclient: KanidmClient) {
let key_id = jwt.kid().expect("token does not have a key id");
assert!(rsclient.idm_domain_revoke_key(&key_id).await.is_ok());
assert!(rsclient.idm_domain_revoke_key(key_id).await.is_ok());
}
#[kanidmd_testkit::test]

4
server/testkit/tests/oauth2_test.rs
View file

@ -267,7 +267,7 @@ async fn test_oauth2_openid_basic_flow(rsclient: KanidmClient) {
} = consent_req
{
// Note the supplemental scope here (admin)
assert!(scopes.contains(&"admin".to_string()));
assert!(scopes.contains("admin"));
consent_token
} else {
unreachable!();
@ -655,7 +655,7 @@ async fn test_oauth2_openid_public_flow(rsclient: KanidmClient) {
} = consent_req
{
// Note the supplemental scope here (admin)
assert!(scopes.contains(&"admin".to_string()));
assert!(scopes.contains("admin"));
consent_token
} else {
unreachable!();

26
server/testkit/tests/proto_v1_test.rs
View file

@ -726,7 +726,7 @@ async fn test_server_rest_posix_auth_lifecycle(rsclient: KanidmClient) {
.await;
match r1 {
Ok(Some(_tok)) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
// attempt to verify (bad, anon-conn)
@ -735,7 +735,7 @@ async fn test_server_rest_posix_auth_lifecycle(rsclient: KanidmClient) {
.await;
match r2 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
// lock? (admin-conn)
@ -754,7 +754,7 @@ async fn test_server_rest_posix_auth_lifecycle(rsclient: KanidmClient) {
.await;
match r3 {
Ok(None) => {}
_ => assert!(false),
_ => panic!("Oh no"),
};
}
@ -1060,7 +1060,7 @@ async fn test_server_credential_update_session_pw(rsclient: KanidmClient) {
.unwrap();
// Logout, we don't need any auth now.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
// Exchange the intent token
let (session_token, _status) = rsclient
.idm_account_credential_update_exchange(intent_token)
@ -1085,7 +1085,7 @@ async fn test_server_credential_update_session_pw(rsclient: KanidmClient) {
.unwrap();
// Assert it now works.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
let res = rsclient
.auth_simple_password("demo_account", "eicieY7ahchaoCh0eeTa")
.await;
@ -1135,7 +1135,7 @@ async fn test_server_credential_update_session_totp_pw(rsclient: KanidmClient) {
.unwrap();
// Logout, we don't need any auth now, the intent tokens care for it.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
// Exchange the intent token
let (session_token, _statu) = rsclient
.idm_account_credential_update_exchange(intent_token)
@ -1193,7 +1193,7 @@ async fn test_server_credential_update_session_totp_pw(rsclient: KanidmClient) {
.expect("Failed to do totp?");
// Assert it now works.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
let res = rsclient
.auth_password_totp("demo_account", "sohdi3iuHo6mai7noh0a", totp_chal)
.await;
@ -1232,7 +1232,7 @@ async fn test_server_credential_update_session_totp_pw(rsclient: KanidmClient) {
.unwrap();
// Assert it now works.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
let res = rsclient
.auth_simple_password("demo_account", "sohdi3iuHo6mai7noh0a")
.await;
@ -1264,7 +1264,7 @@ async fn setup_demo_account_passkey(rsclient: &KanidmClient) -> WebauthnAuthenti
.unwrap();
// Logout, we don't need any auth now.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
// Exchange the intent token
let (session_token, _status) = rsclient
.idm_account_credential_update_exchange(intent_token)
@ -1312,7 +1312,7 @@ async fn setup_demo_account_passkey(rsclient: &KanidmClient) -> WebauthnAuthenti
.unwrap();
// Assert it now works.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
wa
}
@ -1467,7 +1467,7 @@ async fn test_server_api_token_lifecycle(rsclient: KanidmClient) {
.idm_service_account_add_attr(
test_service_account_username,
Attribute::Mail.as_ref(),
&vec!["test@example.com"]
&["test@example.com"]
)
.await
.is_ok());
@ -1602,7 +1602,7 @@ async fn test_server_user_auth_token_lifecycle(rsclient: KanidmClient) {
.unwrap();
// Logout, we don't need any auth now.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
// Exchange the intent token
let (session_token, _status) = rsclient
.idm_account_credential_update_exchange(intent_token)
@ -1624,7 +1624,7 @@ async fn test_server_user_auth_token_lifecycle(rsclient: KanidmClient) {
// Auth as the user.
let _ = rsclient.logout();
let _ = rsclient.logout().await;
let res = rsclient
.auth_simple_password("demo_account", "eicieY7ahchaoCh0eeTa")
.await;

2
server/testkit/tests/scim_test.rs
View file

@ -53,7 +53,7 @@ async fn test_sync_account_lifecycle(rsclient: KanidmClient) {
let url_a = sync_entry
.attrs
.get("sync_credential_portal")
.and_then(|x| x.get(0));
.and_then(|x| x.first());
assert_eq!(
url_a.map(|s| s.as_str()),

19
server/web_ui/shared/tests/test.rs
View file

@ -1,19 +0,0 @@
//! Test harnesses for WASM things.
//!
//! Here be crabs with troubling pasts.
//!
//! Run this on a mac with Safari using the following command:
//!
//! ```shell
//! wasm-pack test --chrome --headless
//!```
//!
use wasm_bindgen_test::*;
wasm_bindgen_test_configure!(run_in_browser);
#[wasm_bindgen_test]
fn if_this_fails_then_oh_no() {
assert_eq!(1, 1);
}

14
unix_integration/resolver/src/selinux_util.rs
View file

@ -14,10 +14,10 @@ pub fn supported() -> bool {
return false;
}
// check if SELinux is actually running
match current_mode() {
SELinuxMode::Permissive | SELinuxMode::Enforcing => true,
_ => false,
}
matches!(
current_mode(),
SELinuxMode::Permissive | SELinuxMode::Enforcing
)
}
fn do_setfscreatecon_for_path(path_raw: &Path, labeler: &Labeler<File>) -> Result<(), String> {
@ -27,9 +27,7 @@ fn do_setfscreatecon_for_path(path_raw: &Path, labeler: &Labeler<File>) -> Resul
Ok(context) => context
.set_for_new_file_system_objects(true)
.map_err(|_| "Failed setting creation context home directory path".to_string()),
Err(_) => {
return Err("Failed looking up default context for home directory path".to_string());
}
Err(_) => Err("Failed looking up default context for home directory path".to_string()),
}
}
@ -97,7 +95,7 @@ impl SelinuxLabeler {
sel_lookup_path_raw,
} => {
let sel_lookup_path = sel_lookup_path_raw.join(path.as_ref());
do_setfscreatecon_for_path(&sel_lookup_path, &labeler)
do_setfscreatecon_for_path(&sel_lookup_path, labeler)
}
}
}

2
unix_integration/resolver/tests/cache_layer_test.rs
View file

@ -56,7 +56,7 @@ async fn setup_test(fix_fn: Fixture) -> (Resolver, KanidmClient) {
#[allow(clippy::assertions_on_constants)]
if counter >= 5 {
eprintln!("Unable to allocate port!");
assert!(false);
debug_assert!(false);
}
};