mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-05-22 08:53:57 +02:00
Code Issues Actions10 Packages Projects Releases Wiki Activity

20221216 a little cleanup as a treat ()

Browse source
This commit is contained in:
Firstyear 2022-12-18 13:26:20 +10:00 committed by GitHub
parent a1a3a363dd
commit a74ac01b18
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
63 changed files with 552 additions and 775 deletions

9
kanidm_client/src/lib.rs
View file

@ -998,7 +998,7 @@ impl KanidmClient {
pub async fn auth_step_securitykey_complete(
&self,
pkc: PublicKeyCredential,
pkc: Box<PublicKeyCredential>,
) -> Result<AuthResponse, ClientError> {
let auth_req = AuthRequest {
step: AuthStep::Cred(AuthCredential::SecurityKey(pkc)),
@ -1015,7 +1015,7 @@ impl KanidmClient {
pub async fn auth_step_passkey_complete(
&self,
pkc: PublicKeyCredential,
pkc: Box<PublicKeyCredential>,
) -> Result<AuthResponse, ClientError> {
let auth_req = AuthRequest {
step: AuthStep::Cred(AuthCredential::Passkey(pkc)),
@ -1211,7 +1211,10 @@ impl KanidmClient {
}
}
pub async fn auth_passkey_complete(&self, pkc: PublicKeyCredential) -> Result<(), ClientError> {
pub async fn auth_passkey_complete(
&self,
pkc: Box<PublicKeyCredential>,
) -> Result<(), ClientError> {
let r = self.auth_step_passkey_complete(pkc).await?;
match r.state {
AuthState::Success(_token) => Ok(()),

80
kanidm_proto/src/scim_v1.rs
View file

@ -52,43 +52,9 @@ pub struct ScimSyncPerson {
pub login_shell: Option<String>,
}
/*
impl TryFrom<&ScimEntry> for ScimSyncPerson {
type Error = ScimError;
fn try_from(value: &ScimEntry) -> Result<Self, Self::Error> {
if !(value.schemas.iter().any(|i| i == SCIM_SCHEMA_SYNC_PERSON)
&& value.schemas.iter().any(|i| i == SCIM_SCHEMA_SYNC_ACCOUNT)) {
return Err(ScimError::EntryMissingSchema);
}
let is_posix = value.schemas.iter().any(|i| i == SCIM_SCHEMA_SYNC_POSIXACCOUNT);
// we clone the inner atters, because these macros will pop things from them.
let attrs = value.attrs.clone();
// Pop stuff
if !attrs.is_empty() {
debug!(?attrs, "Excess attrs detected");
return Err(ScimError::InvalidAttribute);
}
Ok(ScimSyncPerson {
id,
external_id,
user_name,
display_name,
gidnumber,
password_import,
login_shell,
})
}
}
*/
// Need to allow this because clippy is broken and doesn't realise scimentry is out of crate
// so this can't be fufilled
#[allow(clippy::from_over_into)]
impl Into<ScimEntry> for ScimSyncPerson {
fn into(self) -> ScimEntry {
let ScimSyncPerson {
@ -140,6 +106,9 @@ pub struct ScimExternalMember {
pub external_id: String,
}
// Need to allow this because clippy is broken and doesn't realise scimentry is out of crate
// so this can't be fufilled
#[allow(clippy::from_over_into)]
impl Into<ScimComplexAttr> for ScimExternalMember {
fn into(self) -> ScimComplexAttr {
let ScimExternalMember { external_id } = self;
@ -165,40 +134,9 @@ pub struct ScimSyncGroup {
pub members: Vec<ScimExternalMember>,
}
/*
impl TryFrom<&ScimEntry> for ScimSyncGroup {
type Error = ScimError;
fn try_from(value: &ScimEntry) -> Result<Self, Self::Error> {
if !value.schemas.iter().any(|i| i == SCIM_SCHEMA_SYNC_GROUP) {
return Err(ScimError::EntryMissingSchema);
}
let is_posix = value.schemas.iter().any(|i| i == SCIM_SCHEMA_SYNC_POSIXGROUP);
// we clone the inner atters, because these macros will pop things from them.
let attrs = value.attrs.clone();
// Pop stuff
if !attrs.is_empty() {
debug!(?attrs, "Excess attrs detected");
return Err(ScimError::InvalidAttribute);
}
Ok(ScimSyncGroup {
id,
external_id,
name,
description,
gidnumber,
members,
})
}
}
*/
// Need to allow this because clippy is broken and doesn't realise scimentry is out of crate
// so this can't be fufilled
#[allow(clippy::from_over_into)]
impl Into<ScimEntry> for ScimSyncGroup {
fn into(self) -> ScimEntry {
let ScimSyncGroup {

11
kanidm_proto/src/v1.rs
View file

@ -862,10 +862,10 @@ pub enum AuthCredential {
Anonymous,
Password(String),
Totp(u32),
SecurityKey(PublicKeyCredential),
SecurityKey(Box<PublicKeyCredential>),
BackupCode(String),
// Should this just be discoverable?
Passkey(PublicKeyCredential),
Passkey(Box<PublicKeyCredential>),
}
impl fmt::Debug for AuthCredential {
@ -920,17 +920,16 @@ pub enum AuthStep {
// name
Init(String),
// A new way to issue sessions. Doing this as a new init type
// to prevent breaking existing clients.
// to prevent breaking existing clients. Allows requesting of the type
// of session that will be issued at the end if successful.
Init2 {
username: String,
issue: AuthIssueSession,
},
// We want to talk to you like this.
Begin(AuthMech),
// Step
// Provide a response to a challenge.
Cred(AuthCredential),
// Should we have a "finalise" type to attempt to finish based on
// what we have given?
}
// Request auth for identity X with roles Y?

2
kanidm_tools/src/cli/serviceaccount.rs
View file

@ -107,7 +107,7 @@ impl ServiceAccountOpt {
} => {
let expiry_odt = if let Some(t) = expiry {
// Convert the time to local timezone.
match OffsetDateTime::parse(&t, time::Format::Rfc3339).map(|odt| {
match OffsetDateTime::parse(t, time::Format::Rfc3339).map(|odt| {
odt.to_offset(
time::UtcOffset::try_current_local_offset()
.unwrap_or(time::UtcOffset::UTC),

2
kanidm_tools/src/cli/session.rs
View file

@ -199,6 +199,7 @@ impl LoginOpt {
println!("Your authenticator will now flash for you to interact with it.");
let auth = wa
.do_authentication(client.get_origin().clone(), pkr)
.map(Box::new)
.unwrap_or_else(|e| {
error!("Failed to interact with webauthn device. -- {:?}", e);
std::process::exit(1);
@ -216,6 +217,7 @@ impl LoginOpt {
println!("Your authenticator will now flash for you to interact with it.");
let auth = wa
.do_authentication(client.get_origin().clone(), pkr)
.map(Box::new)
.unwrap_or_else(|e| {
error!("Failed to interact with webauthn device. -- {:?}", e);
std::process::exit(1);

8
kanidm_tools/src/cli/synch.rs
View file

@ -36,7 +36,7 @@ impl SynchOpt {
} => {
let client = copt.to_client().await;
match client
.idm_sync_account_create(&account_id, description.as_deref())
.idm_sync_account_create(account_id, description.as_deref())
.await
{
Ok(()) => println!("Success"),
@ -50,7 +50,7 @@ impl SynchOpt {
} => {
let client = copt.to_client().await;
match client
.idm_sync_account_generate_token(&account_id, &label)
.idm_sync_account_generate_token(account_id, label)
.await
{
Ok(token) => println!("token: {}", token),
@ -59,14 +59,14 @@ impl SynchOpt {
}
SynchOpt::DestroyToken { account_id, copt } => {
let client = copt.to_client().await;
match client.idm_sync_account_destroy_token(&account_id).await {
match client.idm_sync_account_destroy_token(account_id).await {
Ok(()) => println!("Success"),
Err(e) => error!("Error -> {:?}", e),
}
}
SynchOpt::ForceRefresh { account_id, copt } => {
let client = copt.to_client().await;
match client.idm_sync_account_force_refresh(&account_id).await {
match client.idm_sync_account_force_refresh(account_id).await {
Ok(()) => println!("Success"),
Err(e) => error!("Error -> {:?}", e),
}

2
kanidmd/core/src/actors/v1_read.rs
View file

@ -1411,7 +1411,7 @@ impl QueryServerReadV1 {
let res = match ServerOps::try_from(protomsg) {
Ok(server_op) => self
.ldap
.do_op(&self.idms, server_op, uat, &eventid)
.do_op(&self.idms, server_op, uat, eventid)
.await
.unwrap_or_else(|e| {
admin_error!("do_op failed -> {:?}", e);

2
kanidmd/core/src/actors/v1_write.rs
View file

@ -125,7 +125,7 @@ impl QueryServerWriteV1 {
e
})?;
let f_uuid = filter_all!(f_eq("uuid", PartialValue::new_uuid(target_uuid)));
let f_uuid = filter_all!(f_eq("uuid", PartialValue::Uuid(target_uuid)));
// Add any supplemental conditions we have.
let joined_filter = Filter::join_parts_and(f_uuid, filter);

4
kanidmd/core/src/https/v1.rs
View file

@ -953,7 +953,7 @@ pub async fn group_get_id_unix_token(req: tide::Request<AppState>) -> tide::Resu
}
pub async fn domain_get(req: tide::Request<AppState>) -> tide::Result {
let filter = filter_all!(f_eq("uuid", PartialValue::new_uuid(UUID_DOMAIN_INFO)));
let filter = filter_all!(f_eq("uuid", PartialValue::Uuid(UUID_DOMAIN_INFO)));
json_rest_event_get(req, filter, None).await
}
@ -974,7 +974,7 @@ pub async fn domain_delete_attr(req: tide::Request<AppState>) -> tide::Result {
}
pub async fn system_get(req: tide::Request<AppState>) -> tide::Result {
let filter = filter_all!(f_eq("uuid", PartialValue::new_uuid(UUID_SYSTEM_CONFIG)));
let filter = filter_all!(f_eq("uuid", PartialValue::Uuid(UUID_SYSTEM_CONFIG)));
json_rest_event_get(req, filter, None).await
}

26
kanidmd/lib/src/access.rs
View file

@ -1586,8 +1586,8 @@ mod tests {
entry_init!(
("class", Value::new_class("object")),
("name", Value::new_iname("test_account_1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_1)),
("memberof", Value::new_refer(UUID_TEST_GROUP_1))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_1)),
("memberof", Value::Refer(UUID_TEST_GROUP_1))
)
.into_sealed_committed()
});
@ -1595,8 +1595,8 @@ mod tests {
entry_init!(
("class", Value::new_class("object")),
("name", Value::new_iname("test_account_1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_2)),
("memberof", Value::new_refer(UUID_TEST_GROUP_2))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_2)),
("memberof", Value::Refer(UUID_TEST_GROUP_2))
)
.into_sealed_committed()
});
@ -1689,11 +1689,11 @@ mod tests {
("name", Value::new_iname("acp_valid")),
(
"uuid",
Value::new_uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
Value::Uuid(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Value::new_refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
@ -1866,11 +1866,11 @@ mod tests {
("name", Value::new_iname("acp_valid")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_receiver_group",
Value::Refer(uuid::uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
(
"acp_targetscope",
@ -2573,7 +2573,7 @@ mod tests {
let ev1 = entry_init!(
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_1))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r1_set = vec![ev1.clone()];
@ -2581,7 +2581,7 @@ mod tests {
("class", Value::new_class("account")),
("notallowed", Value::new_class("notallowed")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_1))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r2_set = vec![ev2.clone()];
@ -2590,7 +2590,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("notallowed")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_1))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r3_set = vec![ev3.clone()];
@ -2598,7 +2598,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("group")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_1))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r4_set = vec![ev4.clone()];
@ -2659,7 +2659,7 @@ mod tests {
let ev1 = entry_init!(
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT_1))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT_1))
);
let r1_set = vec![ev1.clone()];

4
kanidmd/lib/src/be/idl_sqlite.rs
View file

@ -174,7 +174,7 @@ pub trait IdlSqliteTransaction {
for id in idli {
let iid = i64::try_from(id).map_err(|_| OperationError::InvalidEntryId)?;
let id2entry_iter = stmt
.query_map(&[&iid], |row| {
.query_map([&iid], |row| {
Ok(IdSqliteEntry {
id: row.get(0)?,
data: row.get(1)?,
@ -797,7 +797,7 @@ impl IdlSqliteWriteTransaction {
debug_assert!(iid > 0);
stmt.execute(&[&iid]).map(|_| ()).map_err(sqlite_error)
stmt.execute([&iid]).map(|_| ()).map_err(sqlite_error)
}
pub fn write_idl(

20
kanidmd/lib/src/be/mod.rs
View file

@ -1776,7 +1776,6 @@ mod tests {
use std::time::Duration;
use idlset::v2::IDLBitRange;
use uuid::Uuid;
use super::super::entry::{Entry, EntryInit, EntryNew};
use super::{
@ -2347,8 +2346,8 @@ mod tests {
assert_eq!(uuid_p_idl, None);
// Check name2uuid
let claire_uuid = Uuid::parse_str("bd651620-00dd-426b-aaa0-4494f7b7906f").unwrap();
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
let claire_uuid = uuid!("bd651620-00dd-426b-aaa0-4494f7b7906f");
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
assert!(be.name2uuid("claire") == Ok(Some(claire_uuid)));
assert!(be.name2uuid("william") == Ok(Some(william_uuid)));
@ -2392,7 +2391,7 @@ mod tests {
idl_state!(be, "uuid", IndexType::Presence, "_", Some(vec![1]));
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
assert!(be.name2uuid("william") == Ok(Some(william_uuid)));
assert!(be.uuid2spn(william_uuid) == Ok(Some(Value::from("william"))));
assert!(be.uuid2rdn(william_uuid) == Ok(Some("name=william".to_string())));
@ -2481,9 +2480,9 @@ mod tests {
idl_state!(be, "uuid", IndexType::Presence, "_", Some(vec![2]));
let claire_uuid = Uuid::parse_str("bd651620-00dd-426b-aaa0-4494f7b7906f").unwrap();
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
let lucy_uuid = Uuid::parse_str("7b23c99d-c06b-4a9a-a958-3afa56383e1d").unwrap();
let claire_uuid = uuid!("bd651620-00dd-426b-aaa0-4494f7b7906f");
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
let lucy_uuid = uuid!("7b23c99d-c06b-4a9a-a958-3afa56383e1d");
assert!(be.name2uuid("claire") == Ok(Some(claire_uuid)));
let x = be.uuid2spn(claire_uuid);
@ -2539,8 +2538,7 @@ mod tests {
idl_state!(be, "ta", IndexType::Equality, "test", Some(vec![]));
// let claire_uuid = Uuid::parse_str("bd651620-00dd-426b-aaa0-4494f7b7906f").unwrap();
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
assert!(be.name2uuid("william") == Ok(None));
assert!(be.name2uuid("claire") == Ok(Some(william_uuid)));
assert!(be.uuid2spn(william_uuid) == Ok(Some(Value::new_iname("claire"))));
@ -2594,8 +2592,8 @@ mod tests {
);
idl_state!(be, "name", IndexType::Equality, "william", Some(Vec::new()));
let claire_uuid = Uuid::parse_str("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8").unwrap();
let william_uuid = Uuid::parse_str("db237e8a-0079-4b8c-8a56-593b22aa44d1").unwrap();
let claire_uuid = uuid!("04091a7a-6ce4-42d2-abf5-c2ce244ac9e8");
let william_uuid = uuid!("db237e8a-0079-4b8c-8a56-593b22aa44d1");
assert!(be.name2uuid("william") == Ok(None));
assert!(be.name2uuid("claire") == Ok(Some(claire_uuid)));
assert!(be.uuid2spn(william_uuid) == Ok(None));

3
kanidmd/lib/src/constants/acp.rs
View file

@ -343,7 +343,7 @@ lazy_static! {
),
(
"uuid",
Value::new_uuid(UUID_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1)
Value::Uuid(UUID_IDM_ACP_ACCOUNT_MAIL_READ_PRIV_V1)
),
(
"description",
@ -357,6 +357,7 @@ lazy_static! {
),
(
"acp_targetscope",
#[allow(clippy::expect_used)]
Value::new_json_filter_s("{\"and\": [{\"eq\": [\"class\",\"account\"]}, {\"andnot\": {\"or\": [{\"eq\": [\"class\", \"tombstone\"]}, {\"eq\": [\"class\", \"recycled\"]}]}}]}").expect("filter")
),
("acp_search_attr", Value::new_iutf8("mail"))

12
kanidmd/lib/src/constants/entries.rs
View file

@ -26,7 +26,7 @@ lazy_static! {
("class", CLASS_ACCOUNT.clone()),
("class", CLASS_SERVICE_ACCOUNT.clone()),
("name", Value::new_iname("admin")),
("uuid", Value::new_uuid(UUID_ADMIN)),
("uuid", Value::Uuid(UUID_ADMIN)),
(
"description",
Value::new_utf8s("Builtin System Admin account.")
@ -488,7 +488,7 @@ lazy_static! {
),
(
"uuid",
Value::new_uuid(UUID_IDM_UI_ENABLE_EXPERIMENTAL_FEATURES)
Value::Uuid(UUID_IDM_UI_ENABLE_EXPERIMENTAL_FEATURES)
),
(
"description",
@ -508,7 +508,7 @@ lazy_static! {
),
(
"uuid",
Value::new_uuid(UUID_IDM_ACCOUNT_MAIL_READ_PRIV)
Value::Uuid(UUID_IDM_ACCOUNT_MAIL_READ_PRIV)
),
(
"description",
@ -596,7 +596,7 @@ lazy_static! {
("class", CLASS_ACCOUNT.clone()),
("class", CLASS_SERVICE_ACCOUNT.clone()),
("name", Value::new_iname("anonymous")),
("uuid", Value::new_uuid(UUID_ANONYMOUS)),
("uuid", Value::Uuid(UUID_ANONYMOUS)),
("description", Value::new_utf8s("Anonymous access account.")),
("displayname", Value::new_utf8s("Anonymous"))
);
@ -632,11 +632,11 @@ lazy_static! {
pub static ref E_TESTPERSON_1: EntryInitNew = entry_init!(
("class", CLASS_OBJECT.clone()),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(UUID_TESTPERSON_1))
("uuid", Value::Uuid(UUID_TESTPERSON_1))
);
pub static ref E_TESTPERSON_2: EntryInitNew = entry_init!(
("class", CLASS_OBJECT.clone()),
("name", Value::new_iname("testperson2")),
("uuid", Value::new_uuid(UUID_TESTPERSON_2))
("uuid", Value::Uuid(UUID_TESTPERSON_2))
);
}

2
kanidmd/lib/src/constants/values.rs
View file

@ -36,7 +36,7 @@ lazy_static! {
pub static ref PVCLASS_SYSTEM_INFO: PartialValue = PartialValue::new_class("system_info");
pub static ref PVCLASS_SYSTEM_CONFIG: PartialValue = PartialValue::new_class("system_config");
pub static ref PVCLASS_TOMBSTONE: PartialValue = PartialValue::new_class("tombstone");
pub static ref PVUUID_DOMAIN_INFO: PartialValue = PartialValue::new_uuid(UUID_DOMAIN_INFO);
pub static ref PVUUID_DOMAIN_INFO: PartialValue = PartialValue::Uuid(UUID_DOMAIN_INFO);
pub static ref CLASS_ACCESS_CONTROL_PROFILE: Value = Value::new_class("access_control_profile");
pub static ref CLASS_ACCESS_CONTROL_SEARCH: Value = Value::new_class("access_control_search");
pub static ref CLASS_ACCOUNT: Value = Value::new_class("account");

7
kanidmd/lib/src/entry.rs
View file

@ -383,7 +383,7 @@ impl Entry<EntryInit, EntryNew> {
}
"uuid" | "domain_uuid" => {
valueset::from_value_iter(
vs.into_iter().map(|v| Value::new_uuids(v.as_str())
vs.into_iter().map(|v| Value::new_uuid_s(v.as_str())
.unwrap_or_else(|| {
warn!("WARNING: Allowing syntax incorrect attribute to be presented UTF8 string");
Value::new_utf8(v)
@ -1143,7 +1143,7 @@ impl Entry<EntrySealed, EntryCommitted> {
.get("spn")
.and_then(|vs| vs.to_value_single())
.or_else(|| self.attrs.get("name").and_then(|vs| vs.to_value_single()))
.unwrap_or_else(|| Value::new_uuid(self.get_uuid()))
.unwrap_or_else(|| Value::Uuid(self.get_uuid()))
}
#[inline]
@ -2553,6 +2553,7 @@ impl From<&SchemaClass> for Entry<EntryInit, EntryNew> {
#[cfg(test)]
mod tests {
use crate::prelude::*;
use std::collections::BTreeSet as Set;
use hashbrown::HashMap;
@ -2897,7 +2898,7 @@ mod tests {
e.add_ava("spn", Value::new_spn_str("testperson", "example.com"));
e.add_ava(
"uuid",
Value::new_uuids("9fec0398-c46c-4df4-9df5-b0016f7d563f").unwrap(),
Value::Uuid(uuid!("9fec0398-c46c-4df4-9df5-b0016f7d563f")),
);
let e = unsafe { e.into_sealed_committed() };

6
kanidmd/lib/src/event.rs
View file

@ -189,7 +189,7 @@ impl SearchEvent {
target_uuid: Uuid,
qs: &QueryServerReadTransaction,
) -> Result<Self, OperationError> {
let filter_orig = filter_all!(f_eq("uuid", PartialValue::new_uuid(target_uuid)))
let filter_orig = filter_all!(f_eq("uuid", PartialValue::Uuid(target_uuid)))
.validate(qs.get_schema())
.map_err(OperationError::SchemaViolation)?;
let filter = filter_orig.clone().into_ignore_hidden();
@ -551,7 +551,7 @@ impl ModifyEvent {
filter: Filter<FilterInvalid>,
qs: &QueryServerWriteTransaction,
) -> Result<Self, OperationError> {
let f_uuid = filter_all!(f_eq("uuid", PartialValue::new_uuid(target_uuid)));
let f_uuid = filter_all!(f_eq("uuid", PartialValue::Uuid(target_uuid)));
// Add any supplemental conditions we have.
let f = Filter::join_parts_and(f_uuid, filter);
@ -602,7 +602,7 @@ impl ModifyEvent {
qs: &QueryServerWriteTransaction,
) -> Result<Self, OperationError> {
let ml = ModifyList::new_purge(attr);
let f_uuid = filter_all!(f_eq("uuid", PartialValue::new_uuid(target_uuid)));
let f_uuid = filter_all!(f_eq("uuid", PartialValue::Uuid(target_uuid)));
// Add any supplemental conditions we have.
let f = Filter::join_parts_and(f_uuid, filter);

20
kanidmd/lib/src/filter.rs
View file

@ -86,7 +86,7 @@ pub fn f_self<'a>() -> FC<'a> {
pub fn f_id(id: &str) -> FC<'static> {
let uf = Uuid::parse_str(id)
.ok()
.map(|u| FC::Eq("uuid", PartialValue::new_uuid(u)));
.map(|u| FC::Eq("uuid", PartialValue::Uuid(u)));
let spnf = PartialValue::new_spn_s(id).map(|spn| FC::Eq("spn", spn));
let nf = FC::Eq("name", PartialValue::new_iname(id));
let f: Vec<_> = iter::once(uf)
@ -1087,7 +1087,7 @@ impl FilterResolved {
.get(&idxkref as &dyn IdxKeyToRef)
.copied()
.and_then(NonZeroU8::new);
FilterResolved::Eq(uuid_s, PartialValue::new_uuid(uuid), idx)
FilterResolved::Eq(uuid_s, PartialValue::Uuid(uuid), idx)
}),
FilterComp::Sub(a, v) => {
let idxkref = IdxKeyRef::new(&a, &IndexType::SubString);
@ -1161,7 +1161,7 @@ impl FilterResolved {
FilterComp::SelfUuid => ev.get_uuid().map(|uuid| {
FilterResolved::Eq(
AttrString::from("uuid"),
PartialValue::new_uuid(uuid),
PartialValue::Uuid(uuid),
NonZeroU8::new(true as u8),
)
}),
@ -1839,7 +1839,7 @@ mod tests {
("name", Value::new_iname("testperson3")),
(
"uuid",
Value::new_uuids("9557f49c-97a5-4277-a9a5-097d17eb8317").expect("uuid")
Value::Uuid(uuid!("9557f49c-97a5-4277-a9a5-097d17eb8317"))
),
("description", Value::new_utf8s("testperson3")),
("displayname", Value::new_utf8s("testperson3"))
@ -1876,29 +1876,25 @@ mod tests {
assert!(r1 == Ok(vec!["teststring".to_string()]));
// Resolve UUID with matching spn
let t_uuid =
vs_refer![Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap()] as _;
let t_uuid = vs_refer![uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930")] as _;
let r_uuid = server_txn.resolve_valueset(&t_uuid);
debug!("{:?}", r_uuid);
assert!(r_uuid == Ok(vec!["testperson1@example.com".to_string()]));
// Resolve UUID with matching name
let t_uuid =
vs_refer![Uuid::parse_str("a67c0c71-0b35-4218-a6b0-22d23d131d27").unwrap()] as _;
let t_uuid = vs_refer![uuid!("a67c0c71-0b35-4218-a6b0-22d23d131d27")] as _;
let r_uuid = server_txn.resolve_valueset(&t_uuid);
debug!("{:?}", r_uuid);
assert!(r_uuid == Ok(vec!["testperson2".to_string()]));
// Resolve UUID non-exist
let t_uuid_non =
vs_refer![Uuid::parse_str("b83e98f0-3d2e-41d2-9796-d8d993289c86").unwrap()] as _;
let t_uuid_non = vs_refer![uuid!("b83e98f0-3d2e-41d2-9796-d8d993289c86")] as _;
let r_uuid_non = server_txn.resolve_valueset(&t_uuid_non);
debug!("{:?}", r_uuid_non);
assert!(r_uuid_non == Ok(vec!["b83e98f0-3d2e-41d2-9796-d8d993289c86".to_string()]));
// Resolve UUID to tombstone/recycled (same an non-exst)
let t_uuid_ts =
vs_refer![Uuid::parse_str("9557f49c-97a5-4277-a9a5-097d17eb8317").unwrap()] as _;
let t_uuid_ts = vs_refer![uuid!("9557f49c-97a5-4277-a9a5-097d17eb8317")] as _;
let r_uuid_ts = server_txn.resolve_valueset(&t_uuid_ts);
debug!("{:?}", r_uuid_ts);
assert!(r_uuid_ts == Ok(vec!["9557f49c-97a5-4277-a9a5-097d17eb8317".to_string()]));

2
kanidmd/lib/src/identity.rs
View file

@ -272,7 +272,7 @@ impl Identity {
IdentType::Internal | IdentType::Synch(_) => false,
IdentType::User(u) => u
.entry
.attribute_equality("memberof", &PartialValue::new_refer(group)),
.attribute_equality("memberof", &PartialValue::Refer(group)),
}
}

14
kanidmd/lib/src/idm/account.rs
View file

@ -549,7 +549,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// Get the entry.
let account_entry = self
.qs_write
.internal_search_uuid(&target_uuid)
.internal_search_uuid(target_uuid)
.map_err(|e| {
admin_error!("Failed to start service account into person -> {:?}", e);
e
@ -596,9 +596,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(target_uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(target_uuid))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(target_uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(target_uuid))),
&modlist,
// Provide the entry to impersonate
ident,
@ -705,7 +705,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("person")),
("name", Value::new_iname("testaccount")),
("uuid", Value::new_uuid(target_uuid)),
("uuid", Value::Uuid(target_uuid)),
("description", Value::new_utf8s("testaccount")),
("displayname", Value::new_utf8s("Test Account"))
);
@ -714,7 +714,7 @@ mod tests {
assert!(idms_prox_write.qs_write.create(&ce).is_ok());
let account = idms_prox_write
.target_to_account(&target_uuid)
.target_to_account(target_uuid)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat = account
@ -741,7 +741,7 @@ mod tests {
// Check the ui hints are as expected.
let account = idms_prox_write
.target_to_account(&target_uuid)
.target_to_account(target_uuid)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat = account
@ -765,7 +765,7 @@ mod tests {
// Check the ui hints are as expected.
let account = idms_prox_write
.target_to_account(&target_uuid)
.target_to_account(target_uuid)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat = account

8
kanidmd/lib/src/idm/applinks.rs
View file

@ -118,7 +118,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("person")),
("name", Value::new_iname("testaccount")),
("uuid", Value::new_uuid(usr_uuid)),
("uuid", Value::Uuid(usr_uuid)),
("description", Value::new_utf8s("testaccount")),
("displayname", Value::new_utf8s("Test Account"))
);
@ -126,7 +126,7 @@ mod tests {
let e_grp = entry_init!(
("class", Value::new_class("object")),
("class", Value::new_class("group")),
("uuid", Value::new_uuid(grp_uuid)),
("uuid", Value::Uuid(grp_uuid)),
("name", Value::new_iname("test_oauth2_group"))
);
@ -139,7 +139,7 @@ mod tests {
let ident = idms_prox_read
.qs_read
.internal_search_uuid(&usr_uuid)
.internal_search_uuid(usr_uuid)
.map(Identity::from_impersonate_entry_readonly)
.expect("Failed to impersonate identity");
@ -165,7 +165,7 @@ mod tests {
let ident = idms_prox_read
.qs_read
.internal_search_uuid(&usr_uuid)
.internal_search_uuid(usr_uuid)
.map(Identity::from_impersonate_entry_readonly)
.expect("Failed to impersonate identity");

12
kanidmd/lib/src/idm/authsession.rs
View file

@ -545,6 +545,9 @@ enum AuthSessionState {
Init(Vec<CredHandler>),
// Stop! Don't make this a vec - make the credhandler able to hold multiple
// internal copies of it's type and check against them all.
//
// Clippy wants this to be boxxed, however match on box types is a pain / problematic,
// so I'm not sure it can be done.
InProgress(CredHandler),
Success,
Denied(&'static str),
@ -1514,6 +1517,7 @@ mod tests {
let resp = wa
.do_authentication(webauthn.get_allowed_origins()[0].clone(), chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1547,6 +1551,7 @@ mod tests {
let resp = wa
// HERE -> we use inv_chal instead.
.do_authentication(webauthn.get_allowed_origins()[0].clone(), inv_chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1585,6 +1590,7 @@ mod tests {
// Create the response.
let resp = inv_wa
.do_authentication(webauthn.get_allowed_origins()[0].clone(), chal)
.map(Box::new)
.expect("Failed to use softtoken for response.");
let (mut session, _chal) = start_webauthn_only_session!(&mut audit, account, &webauthn);
@ -1679,6 +1685,7 @@ mod tests {
let resp = wa
// HERE -> we use inv_chal instead.
.do_authentication(webauthn.get_allowed_origins()[0].clone(), inv_chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1702,6 +1709,7 @@ mod tests {
let resp = wa
.do_authentication(webauthn.get_allowed_origins()[0].clone(), chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1742,6 +1750,7 @@ mod tests {
let resp = wa
.do_authentication(webauthn.get_allowed_origins()[0].clone(), chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1862,6 +1871,7 @@ mod tests {
let resp = wa
// HERE -> we use inv_chal instead.
.do_authentication(webauthn.get_allowed_origins()[0].clone(), inv_chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1885,6 +1895,7 @@ mod tests {
let resp = wa
.do_authentication(webauthn.get_allowed_origins()[0].clone(), chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(
@ -1988,6 +1999,7 @@ mod tests {
let resp = wa
.do_authentication(webauthn.get_allowed_origins()[0].clone(), chal)
.map(Box::new)
.expect("failed to use softtoken to authenticate");
match session.validate_creds(

30
kanidmd/lib/src/idm/credupdatesession.rs
View file

@ -270,7 +270,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
target: Uuid,
ident: &Identity,
) -> Result<Account, OperationError> {
let entry = self.qs_write.internal_search_uuid(&target)?;
let entry = self.qs_write.internal_search_uuid(target)?;
security_info!(
%entry,
@ -453,7 +453,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(account.uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(account.uuid))),
&modlist,
)
.map_err(|e| {
@ -627,7 +627,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(account.uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(account.uuid))),
&modlist,
)
.map_err(|e| {
@ -741,7 +741,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// If an intent token was used, remove it's former value, and add it as consumed.
if let Some(intent_token_id) = &session.intent_token_id {
let entry = self.qs_write.internal_search_uuid(&session.account.uuid)?;
let entry = self.qs_write.internal_search_uuid(session.account.uuid)?;
let account = Account::try_from_entry_rw(entry.as_ref(), &mut self.qs_write)?;
let max_ttl = match account.credential_update_intent_tokens.get(intent_token_id) {
@ -808,7 +808,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(session.account.uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(session.account.uuid))),
&modlist,
)
.map_err(|e| {
@ -827,7 +827,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// If an intent token was used, remove it's former value, and add it as VALID since we didn't commit.
if let Some(intent_token_id) = &session.intent_token_id {
let entry = self.qs_write.internal_search_uuid(&session.account.uuid)?;
let entry = self.qs_write.internal_search_uuid(session.account.uuid)?;
let account = Account::try_from_entry_rw(entry.as_ref(), &mut self.qs_write)?;
let max_ttl = match account.credential_update_intent_tokens.get(intent_token_id) {
@ -868,7 +868,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(session.account.uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(session.account.uuid))),
&modlist,
)
.map_err(|e| {
@ -1508,7 +1508,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("service_account")),
("name", Value::new_iname("user_account_only")),
("uuid", Value::new_uuid(testaccount_uuid)),
("uuid", Value::Uuid(testaccount_uuid)),
("description", Value::new_utf8s("testaccount")),
("displayname", Value::new_utf8s("testaccount"))
);
@ -1518,7 +1518,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("person")),
("name", Value::new_iname("testperson")),
("uuid", Value::new_uuid(TESTPERSON_UUID)),
("uuid", Value::Uuid(TESTPERSON_UUID)),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
);
@ -1529,17 +1529,17 @@ mod tests {
let testaccount = idms_prox_write
.qs_write
.internal_search_uuid(&testaccount_uuid)
.internal_search_uuid(testaccount_uuid)
.expect("failed");
let testperson = idms_prox_write
.qs_write
.internal_search_uuid(&TESTPERSON_UUID)
.internal_search_uuid(TESTPERSON_UUID)
.expect("failed");
let idm_admin = idms_prox_write
.qs_write
.internal_search_uuid(&UUID_IDM_ADMIN)
.internal_search_uuid(UUID_IDM_ADMIN)
.expect("failed");
// user without permission - fail
@ -1612,7 +1612,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("person")),
("name", Value::new_iname("testperson")),
("uuid", Value::new_uuid(TESTPERSON_UUID)),
("uuid", Value::Uuid(TESTPERSON_UUID)),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
);
@ -1623,7 +1623,7 @@ mod tests {
let testperson = idms_prox_write
.qs_write
.internal_search_uuid(&TESTPERSON_UUID)
.internal_search_uuid(TESTPERSON_UUID)
.expect("failed");
let cur = idms_prox_write.init_credential_update(
@ -1644,7 +1644,7 @@ mod tests {
let testperson = idms_prox_write
.qs_write
.internal_search_uuid(&TESTPERSON_UUID)
.internal_search_uuid(TESTPERSON_UUID)
.expect("failed");
let cur = idms_prox_write.init_credential_update(

32
kanidmd/lib/src/idm/event.rs
View file

@ -17,10 +17,10 @@ pub(crate) struct PasswordChangeEvent {
#[cfg(test)]
impl PasswordChangeEvent {
pub fn new_internal(target: &Uuid, cleartext: &str) -> Self {
pub fn new_internal(target: Uuid, cleartext: &str) -> Self {
PasswordChangeEvent {
ident: Identity::from_internal(),
target: *target,
target,
cleartext: cleartext.to_string(),
}
}
@ -34,10 +34,10 @@ pub struct UnixPasswordChangeEvent {
impl UnixPasswordChangeEvent {
#[cfg(test)]
pub fn new_internal(target: &Uuid, cleartext: &str) -> Self {
pub fn new_internal(target: Uuid, cleartext: &str) -> Self {
UnixPasswordChangeEvent {
ident: Identity::from_internal(),
target: *target,
target,
cleartext: cleartext.to_string(),
}
}
@ -181,10 +181,10 @@ impl std::fmt::Debug for UnixUserAuthEvent {
impl UnixUserAuthEvent {
#[cfg(test)]
pub fn new_internal(target: &Uuid, cleartext: &str) -> Self {
pub fn new_internal(target: Uuid, cleartext: &str) -> Self {
UnixUserAuthEvent {
ident: Identity::from_internal(),
target: *target,
target,
cleartext: cleartext.to_string(),
}
}
@ -255,23 +255,7 @@ pub struct LdapAuthEvent {
}
impl LdapAuthEvent {
/*
#[cfg(test)]
pub fn new_internal(target: &Uuid, cleartext: &str) -> Self {
LdapAuthEvent {
// ident: Identity::from_internal(),
target: *target,
cleartext: cleartext.to_string(),
}
}
*/
pub fn from_parts(
// qs: &mut QueryServerReadTransaction,
// uat: Option<UserAuthToken>,
target: Uuid,
cleartext: String,
) -> Result<Self, OperationError> {
pub fn from_parts(target: Uuid, cleartext: String) -> Result<Self, OperationError> {
// let e = Event::from_ro_uat(audit, qs, uat)?;
Ok(LdapAuthEvent {
@ -406,7 +390,7 @@ impl AuthEventStep {
pub fn cred_step_passkey(sid: Uuid, passkey_response: PublicKeyCredential) -> Self {
AuthEventStep::Cred(AuthEventStepCred {
sessionid: sid,
cred: AuthCredential::Passkey(passkey_response),
cred: AuthCredential::Passkey(Box::new(passkey_response)),
})
}
}

4
kanidmd/lib/src/idm/group.rs
View file

@ -48,9 +48,7 @@ macro_rules! try_from_account_e {
// given a list of uuid, make a filter: even if this is empty, the be will
// just give and empty result set.
let f = filter!(f_or(
riter
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.collect()
riter.map(|u| f_eq("uuid", PartialValue::Uuid(u))).collect()
));
let ges: Vec<_> = $qs.internal_search(f).map_err(|e| {
admin_error!(?e, "internal search failed");

29
kanidmd/lib/src/idm/oauth2.rs
View file

@ -529,10 +529,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
)]);
self.qs_write
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(uuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(uuid))), &modlist)
.map_err(|e| {
admin_error!("Failed to modify - revoke oauth2 session {:?}", e);
Oauth2Error::ServerError(e)
@ -997,7 +994,7 @@ impl Oauth2ResourceServersReadTransaction {
self.check_oauth2_token_exchange_authorization_code(o2rs, token_req, ct, async_tx)
} else {
admin_warn!("Invalid oauth2 grant_type (should be 'authorization_code')");
return Err(Oauth2Error::InvalidRequest);
Err(Oauth2Error::InvalidRequest)
}
}
@ -1422,7 +1419,7 @@ impl Oauth2ResourceServersReadTransaction {
iss,
sub: OidcSubject::U(uuid),
aud: client_id.to_string(),
iat: iat,
iat,
nbf: Some(nbf),
exp,
auth_time: None,
@ -1435,7 +1432,7 @@ impl Oauth2ResourceServersReadTransaction {
s_claims: OidcClaims {
// Map from displayname
name: Some(account.displayname.clone()),
scopes: scopes,
scopes,
preferred_username,
email,
email_verified,
@ -1552,7 +1549,7 @@ impl Oauth2ResourceServersReadTransaction {
fn parse_basic_authz(client_authz: &str) -> Result<(String, String), Oauth2Error> {
// Check the client_authz
let authz = base64::decode(&client_authz)
let authz = base64::decode(client_authz)
.map_err(|_| {
admin_error!("Basic authz invalid base64");
Oauth2Error::AuthenticationRequired
@ -1659,7 +1656,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(uuid)),
("uuid", Value::Uuid(uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(
@ -1703,7 +1700,7 @@ mod tests {
let entry = idms_prox_write
.qs_write
.internal_search_uuid(&uuid)
.internal_search_uuid(uuid)
.expect("Failed to retrieve oauth2 resource entry ");
let secret = entry
.get_ava_single_secret("oauth2_rs_basic_secret")
@ -1712,7 +1709,7 @@ mod tests {
// Setup the uat we'll be using.
let account = idms_prox_write
.target_to_account(&UUID_ADMIN)
.target_to_account(UUID_ADMIN)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat = account
@ -1739,7 +1736,7 @@ mod tests {
) -> (UserAuthToken, Identity) {
let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
let account = idms_prox_write
.target_to_account(&UUID_IDM_ADMIN)
.target_to_account(UUID_IDM_ADMIN)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat = account
@ -2002,7 +1999,7 @@ mod tests {
let (uat2, ident2) = {
let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
let account = idms_prox_write
.target_to_account(&UUID_IDM_ADMIN)
.target_to_account(UUID_IDM_ADMIN)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat2 = account
@ -2596,7 +2593,7 @@ mod tests {
// Check it is now there
let entry = idms_prox_write
.qs_write
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("failed");
let valid = entry
.get_ava_as_oauth2session_map("oauth2_session")
@ -2619,7 +2616,7 @@ mod tests {
// integrity plugin.
let entry = idms_prox_write
.qs_write
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("failed");
let valid = entry
.get_ava_as_oauth2session_map("oauth2_session")
@ -2644,7 +2641,7 @@ mod tests {
let (uat2, ident2) = {
let mut idms_prox_write = task::block_on(idms.proxy_write(ct));
let account = idms_prox_write
.target_to_account(&UUID_IDM_ADMIN)
.target_to_account(UUID_IDM_ADMIN)
.expect("account must exist");
let session_id = uuid::Uuid::new_v4();
let uat2 = account

45
kanidmd/lib/src/idm/scim.rs
View file

@ -135,7 +135,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// Get the target signing key.
let sync_account = self
.qs_write
.internal_search_uuid(&gte.target)
.internal_search_uuid(gte.target)
.and_then(|entry| SyncAccount::try_from_entry_rw(&entry))
.map_err(|e| {
admin_error!(?e, "Failed to search service account");
@ -177,9 +177,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(gte.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(gte.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(gte.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(gte.target))),
&modlist,
// Provide the event to impersonate
&gte.ident,
@ -298,13 +298,10 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
};
// Retrieve the related sync entry.
let sync_entry = self
.qs_write
.internal_search_uuid(&sync_uuid)
.map_err(|e| {
error!("Failed to located sync entry related to {}", sync_uuid);
e
})?;
let sync_entry = self.qs_write.internal_search_uuid(sync_uuid).map_err(|e| {
error!("Failed to located sync entry related to {}", sync_uuid);
e
})?;
// Assert that the requested "from" state is consistent to this entry.
// OperationError::InvalidSyncState
@ -369,7 +366,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
let filter_or = change_entries
.keys()
.copied()
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.map(|u| f_eq("uuid", PartialValue::Uuid(u)))
.collect();
// NOTE: We bypass recycled/ts here because we WANT to know if we are in that
@ -422,7 +419,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
("class", Value::new_class("object")),
("class", Value::new_class("sync_object")),
("sync_parent_uuid", Value::Refer(sync_uuid)),
("uuid", Value::new_uuid(u))
("uuid", Value::Uuid(u))
)
})
.collect();
@ -495,7 +492,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
let filter_or = change_entries
.keys()
.copied()
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.map(|u| f_eq("uuid", PartialValue::Uuid(u)))
.collect::<Vec<_>>();
let delete_filter = if filter_or.is_empty() {
@ -547,7 +544,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
SyntaxType::Utf8StringIname,
false,
ScimAttr::SingleSimple(ScimSimpleAttr::String(value)),
) => Ok(vec![Value::new_iname(&value)]),
) => Ok(vec![Value::new_iname(value)]),
(
SyntaxType::Utf8String,
false,
@ -723,7 +720,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
debug!(?sync_owned_attrs);
for attr in sync_owned_attrs.iter().map(|a| *a) {
for attr in sync_owned_attrs.iter().copied() {
if !phantom_attr_set.contains(attr) {
// These are the attrs that are "real" and need to be cleaned out first.
mods.push(Modify::Purged(attr.into()));
@ -865,7 +862,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
let filter_or = delete_uuids
.iter()
.copied()
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.map(|u| f_eq("uuid", PartialValue::Uuid(u)))
.collect();
// NOTE: We bypass recycled/ts here because we WANT to know if we are in that
@ -891,7 +888,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
);
Some(Err(OperationError::AccessDenied))
} else {
Some(Ok(f_eq("uuid", PartialValue::new_uuid(ent.get_uuid()))))
Some(Ok(f_eq("uuid", PartialValue::Uuid(ent.get_uuid()))))
}
})
.collect::<Result<Vec<_>, _>>()?;
@ -953,7 +950,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
}
IdentType::Synch(u) => {
// Ok!
u
*u
}
};
@ -1010,7 +1007,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("sync_account")),
("name", Value::new_iname("test_scim_sync")),
("uuid", Value::new_uuid(sync_uuid)),
("uuid", Value::Uuid(sync_uuid)),
("description", Value::new_utf8s("A test sync agreement"))
);
@ -1078,7 +1075,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("sync_account")),
("name", Value::new_iname("test_scim_sync")),
("uuid", Value::new_uuid(sync_uuid)),
("uuid", Value::Uuid(sync_uuid)),
("description", Value::new_utf8s("A test sync agreement"))
);
@ -1151,7 +1148,7 @@ mod tests {
let sync_entry = idms_prox_read
.qs_read
.internal_search_uuid(&sync_uuid)
.internal_search_uuid(sync_uuid)
.expect("Unable to access sync entry");
let jws_key = sync_entry
@ -1200,7 +1197,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("sync_account")),
("name", Value::new_iname("test_scim_sync")),
("uuid", Value::new_uuid(sync_uuid)),
("uuid", Value::Uuid(sync_uuid)),
("description", Value::new_utf8s("A test sync agreement"))
);
@ -1288,7 +1285,7 @@ mod tests {
let synced_entry = idms_prox_write
.qs_write
.internal_search_uuid(&user_sync_uuid)
.internal_search_uuid(user_sync_uuid)
.expect("Failed to access sync stub entry");
assert!(
@ -1419,7 +1416,7 @@ mod tests {
let ent = idms_prox_write
.qs_write
.internal_search_uuid(&user_sync_uuid)
.internal_search_uuid(user_sync_uuid)
.expect("Unable to access entry");
assert!(ent.get_ava_single_iname("name") == Some("testgroup"));

175
kanidmd/lib/src/idm/server.rs
View file

@ -581,7 +581,7 @@ pub trait IdmServerTransaction<'a> {
iat: i64,
ct: Duration,
) -> Result<Option<Account>, OperationError> {
let entry = self.get_qs_txn().internal_search_uuid(&uuid).map_err(|e| {
let entry = self.get_qs_txn().internal_search_uuid(uuid).map_err(|e| {
admin_error!(?e, "check_oauth2_account_uuid_valid failed");
e
})?;
@ -644,7 +644,7 @@ pub trait IdmServerTransaction<'a> {
// From a UAT, get the current identity and associated information.
let entry = self
.get_qs_txn()
.internal_search_uuid(&uat.uuid)
.internal_search_uuid(uat.uuid)
.map_err(|e| {
admin_error!(?e, "from_ro_uat failed");
e
@ -734,16 +734,16 @@ pub trait IdmServerTransaction<'a> {
LdapSession::UnixBind(uuid) => {
let anon_entry = self
.get_qs_txn()
.internal_search_uuid(&UUID_ANONYMOUS)
.internal_search_uuid(UUID_ANONYMOUS)
.map_err(|e| {
admin_error!("Failed to validate ldap session -> {:?}", e);
e
})?;
let entry = if uuid == &UUID_ANONYMOUS {
let entry = if *uuid == UUID_ANONYMOUS {
anon_entry.clone()
} else {
self.get_qs_txn().internal_search_uuid(uuid).map_err(|e| {
self.get_qs_txn().internal_search_uuid(*uuid).map_err(|e| {
admin_error!("Failed to start auth ldap -> {:?}", e);
e
})?
@ -773,7 +773,7 @@ pub trait IdmServerTransaction<'a> {
LdapSession::ApiToken(apit) => {
let entry = self
.get_qs_txn()
.internal_search_uuid(&apit.account_id)
.internal_search_uuid(apit.account_id)
.map_err(|e| {
admin_error!("Failed to validate ldap session -> {:?}", e);
e
@ -876,15 +876,15 @@ impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a> {
}
fn get_uat_validator_txn(&self) -> &JwsValidator {
&*self.uat_jwt_validator
&self.uat_jwt_validator
}
}
impl<'a> IdmServerAuthTransaction<'a> {
#[cfg(test)]
pub fn is_sessionid_present(&self, sessionid: &Uuid) -> bool {
pub fn is_sessionid_present(&self, sessionid: Uuid) -> bool {
let session_read = self.sessions.read();
session_read.contains_key(sessionid)
session_read.contains_key(&sessionid)
}
#[instrument(level = "trace", skip(self))]
@ -932,7 +932,7 @@ impl<'a> IdmServerAuthTransaction<'a> {
let euuid = self.qs_read.name_to_uuid(init.username.as_str())?;
// Get the first / single entry we expect here ....
let entry = self.qs_read.internal_search_uuid(&euuid)?;
let entry = self.qs_read.internal_search_uuid(euuid)?;
security_info!(
username = %init.username,
@ -1150,7 +1150,7 @@ impl<'a> IdmServerAuthTransaction<'a> {
&self.async_tx,
self.webauthn,
pw_badlist_cache,
&*self.uat_jwt_signer,
&self.uat_jwt_signer,
)
.map(|aus| {
// Inspect the result:
@ -1190,7 +1190,7 @@ impl<'a> IdmServerAuthTransaction<'a> {
// Get the entry/target we are working on.
let account = self
.qs_read
.internal_search_uuid(&uae.target)
.internal_search_uuid(uae.target)
.and_then(|account_entry| {
UnixUserAccount::try_from_entry_ro(account_entry.as_ref(), &mut self.qs_read)
})
@ -1295,13 +1295,10 @@ impl<'a> IdmServerAuthTransaction<'a> {
lae: &LdapAuthEvent,
ct: Duration,
) -> Result<Option<LdapBoundToken>, OperationError> {
let account_entry = self
.qs_read
.internal_search_uuid(&lae.target)
.map_err(|e| {
admin_error!("Failed to start auth ldap -> {:?}", e);
e
})?;
let account_entry = self.qs_read.internal_search_uuid(lae.target).map_err(|e| {
admin_error!("Failed to start auth ldap -> {:?}", e);
e
})?;
// if anonymous
if lae.target == UUID_ANONYMOUS {
@ -1422,7 +1419,7 @@ impl<'a> IdmServerTransaction<'a> for IdmServerProxyReadTransaction<'a> {
}
fn get_uat_validator_txn(&self) -> &JwsValidator {
&*self.uat_jwt_validator
&self.uat_jwt_validator
}
}
@ -1434,7 +1431,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
) -> Result<RadiusAuthToken, OperationError> {
let account = self
.qs_read
.impersonate_search_ext_uuid(&rate.target, &rate.ident)
.impersonate_search_ext_uuid(rate.target, &rate.ident)
.and_then(|account_entry| {
RadiusAccount::try_from_entry_reduced(&account_entry, &mut self.qs_read)
})
@ -1453,7 +1450,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
) -> Result<UnixUserToken, OperationError> {
let account = self
.qs_read
.impersonate_search_uuid(&uute.target, &uute.ident)
.impersonate_search_uuid(uute.target, &uute.ident)
.and_then(|account_entry| {
UnixUserAccount::try_from_entry_ro(&account_entry, &mut self.qs_read)
})
@ -1471,7 +1468,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
) -> Result<UnixGroupToken, OperationError> {
let group = self
.qs_read
.impersonate_search_ext_uuid(&uute.target, &uute.ident)
.impersonate_search_ext_uuid(uute.target, &uute.ident)
.and_then(|e| UnixGroup::try_from_entry_reduced(&e))
.map_err(|e| {
admin_error!("Failed to start unix group token {:?}", e);
@ -1486,7 +1483,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
) -> Result<CredentialStatus, OperationError> {
let account = self
.qs_read
.impersonate_search_ext_uuid(&cse.target, &cse.ident)
.impersonate_search_ext_uuid(cse.target, &cse.ident)
.and_then(|account_entry| {
Account::try_from_entry_reduced(&account_entry, &mut self.qs_read)
})
@ -1504,7 +1501,7 @@ impl<'a> IdmServerProxyReadTransaction<'a> {
) -> Result<BackupCodesView, OperationError> {
let account = self
.qs_read
.impersonate_search_ext_uuid(&rbce.target, &rbce.ident)
.impersonate_search_ext_uuid(rbce.target, &rbce.ident)
.and_then(|account_entry| {
Account::try_from_entry_reduced(&account_entry, &mut self.qs_read)
})
@ -1599,7 +1596,7 @@ impl<'a> IdmServerTransaction<'a> for IdmServerProxyWriteTransaction<'a> {
}
fn get_uat_validator_txn(&self) -> &JwsValidator {
&*self.uat_jwt_validator
&self.uat_jwt_validator
}
}
@ -1668,7 +1665,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
}
}
pub(crate) fn target_to_account(&mut self, target: &Uuid) -> Result<Account, OperationError> {
pub(crate) fn target_to_account(&mut self, target: Uuid) -> Result<Account, OperationError> {
// Get the account
let account = self
.qs_write
@ -1696,7 +1693,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
&mut self,
pce: &PasswordChangeEvent,
) -> Result<(), OperationError> {
let account = self.target_to_account(&pce.target)?;
let account = self.target_to_account(pce.target)?;
// Get the modifications we *want* to perform.
let modlist = account
@ -1713,9 +1710,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
.qs_write
.impersonate_modify_gen_event(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(pce.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(pce.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(pce.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(pce.target))),
&modlist,
&pce.ident,
)
@ -1762,7 +1759,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// Get the account
let account = self
.qs_write
.internal_search_uuid(&pce.target)
.internal_search_uuid(pce.target)
.and_then(|account_entry| {
// Assert the account is unix and valid.
UnixUserAccount::try_from_entry_rw(&account_entry, &mut self.qs_write)
@ -1792,9 +1789,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
.qs_write
.impersonate_modify_gen_event(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(pce.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(pce.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(pce.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(pce.target))),
&modlist,
&pce.ident,
)
@ -1842,7 +1839,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
e
})?;
let account = self.target_to_account(&target)?;
let account = self.target_to_account(target)?;
let cleartext = cleartext
.map(|s| s.to_string())
@ -1859,7 +1856,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(target))),
&filter!(f_eq("uuid", PartialValue::Uuid(target))),
&modlist,
)
.map_err(|e| {
@ -1874,7 +1871,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
&mut self,
gpe: &GeneratePasswordEvent,
) -> Result<String, OperationError> {
let account = self.target_to_account(&gpe.target)?;
let account = self.target_to_account(gpe.target)?;
// Ask if tis all good - this step checks pwpolicy and such
// Generate a new random, long pw.
@ -1898,9 +1895,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(gpe.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(gpe.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(gpe.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(gpe.target))),
&modlist,
// Provide the event to impersonate
&gpe.ident,
@ -1937,9 +1934,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(gbe.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(gbe.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(gbe.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(gbe.target))),
&modlist,
// Provide the event to impersonate
&gbe.ident,
@ -1966,9 +1963,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(account.uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(account.uuid))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(account.uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(account.uuid))),
&modlist,
&rte.ident,
)
@ -1984,7 +1981,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
&mut self,
rrse: &RegenerateRadiusSecretEvent,
) -> Result<String, OperationError> {
let account = self.target_to_account(&rrse.target)?;
let account = self.target_to_account(rrse.target)?;
// Difference to the password above, this is intended to be read/copied
// by a human wiath a keyboard in some cases.
@ -2003,9 +2000,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(rrse.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(rrse.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(rrse.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(rrse.target))),
&modlist,
// Provide the event to impersonate
&rrse.ident,
@ -2020,7 +2017,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
// -- delayed action processing --
fn process_pwupgrade(&mut self, pwu: &PasswordUpgrade) -> Result<(), OperationError> {
// get the account
let account = self.target_to_account(&pwu.target_uuid)?;
let account = self.target_to_account(pwu.target_uuid)?;
info!(session_id = %pwu.target_uuid, "Processing password hash upgrade");
@ -2037,7 +2034,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
})?;
self.qs_write.internal_modify(
&filter_all!(f_eq("uuid", PartialValue::new_uuid(pwu.target_uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(pwu.target_uuid))),
&modlist,
)
} else {
@ -2051,7 +2048,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
let account = self
.qs_write
.internal_search_uuid(&pwu.target_uuid)
.internal_search_uuid(pwu.target_uuid)
.and_then(|account_entry| {
UnixUserAccount::try_from_entry_rw(&account_entry, &mut self.qs_write)
})
@ -2071,7 +2068,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
})?;
self.qs_write.internal_modify(
&filter_all!(f_eq("uuid", PartialValue::new_uuid(pwu.target_uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(pwu.target_uuid))),
&modlist,
)
} else {
@ -2085,7 +2082,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
) -> Result<(), OperationError> {
info!(session_id = %wci.target_uuid, "Processing webauthn counter increment");
let mut account = self.target_to_account(&wci.target_uuid)?;
let mut account = self.target_to_account(wci.target_uuid)?;
// Generate an optional mod and then attempt to apply it.
let opt_modlist = account
@ -2097,7 +2094,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
if let Some(modlist) = opt_modlist {
self.qs_write.internal_modify(
&filter_all!(f_eq("uuid", PartialValue::new_uuid(wci.target_uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(wci.target_uuid))),
&modlist,
)
} else {
@ -2113,7 +2110,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
) -> Result<(), OperationError> {
info!(session_id = %bcr.target_uuid, "Processing backup code removal");
let account = self.target_to_account(&bcr.target_uuid)?;
let account = self.target_to_account(bcr.target_uuid)?;
// Generate an optional mod and then attempt to apply it.
let modlist = account
.invalidate_backup_code_mod(&bcr.code_to_remove)
@ -2123,7 +2120,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
})?;
self.qs_write.internal_modify(
&filter_all!(f_eq("uuid", PartialValue::new_uuid(bcr.target_uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(bcr.target_uuid))),
&modlist,
)
}
@ -2157,7 +2154,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(asr.target_uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(asr.target_uuid))),
&modlist,
)
.map_err(|e| {
@ -2183,7 +2180,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
]);
self.qs_write.internal_modify(
&filter_all!(f_eq("uuid", PartialValue::new_uuid(o2cg.target_uuid))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(o2cg.target_uuid))),
&modlist,
)
}
@ -2209,7 +2206,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(osr.target_uuid))),
&filter!(f_eq("uuid", PartialValue::Uuid(osr.target_uuid))),
&modlist,
)
.map_err(|e| {
@ -2747,7 +2744,7 @@ mod tests {
fn test_idm_simple_password_reset() {
run_idm_test!(
|_qs: &QueryServer, idms: &IdmServer, _idms_delayed: &IdmServerDelayed| {
let pce = PasswordChangeEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
let mut idms_prox_write =
task::block_on(idms.proxy_write(duration_from_epoch_now()));
@ -2762,7 +2759,7 @@ mod tests {
fn test_idm_anonymous_set_password_denied() {
run_idm_test!(
|_qs: &QueryServer, idms: &IdmServer, _idms_delayed: &IdmServerDelayed| {
let pce = PasswordChangeEvent::new_internal(&UUID_ANONYMOUS, TEST_PASSWORD);
let pce = PasswordChangeEvent::new_internal(UUID_ANONYMOUS, TEST_PASSWORD);
let mut idms_prox_write =
task::block_on(idms.proxy_write(duration_from_epoch_now()));
@ -2806,11 +2803,11 @@ mod tests {
.expect("Failed to reset radius credential 1");
// Try and set that as the main account password, should fail.
let pce = PasswordChangeEvent::new_internal(&UUID_ADMIN, r1.as_str());
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, r1.as_str());
let e = idms_prox_write.set_account_password(&pce);
assert!(e.is_err());
let pce = UnixPasswordChangeEvent::new_internal(&UUID_ADMIN, r1.as_str());
let pce = UnixPasswordChangeEvent::new_internal(UUID_ADMIN, r1.as_str());
let e = idms_prox_write.set_unix_account_password(&pce);
assert!(e.is_err());
@ -2851,23 +2848,23 @@ mod tests {
let mut idms_prox_write =
task::block_on(idms.proxy_write(duration_from_epoch_now()));
let pce = PasswordChangeEvent::new_internal(&UUID_ADMIN, "password");
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, "password");
let e = idms_prox_write.set_account_password(&pce);
assert!(e.is_err());
// zxcvbn check
let pce = PasswordChangeEvent::new_internal(&UUID_ADMIN, "password1234");
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, "password1234");
let e = idms_prox_write.set_account_password(&pce);
assert!(e.is_err());
// Check the "name" checking works too (I think admin may hit a common pw rule first)
let pce = PasswordChangeEvent::new_internal(&UUID_ADMIN, "admin_nta");
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, "admin_nta");
let e = idms_prox_write.set_account_password(&pce);
assert!(e.is_err());
// Check that the demo badlist password is rejected.
let pce = PasswordChangeEvent::new_internal(
&UUID_ADMIN,
UUID_ADMIN,
"demo_badlist_shohfie3aeci2oobur0aru9uushah6EiPi2woh4hohngoighaiRuepieN3ongoo1",
);
let e = idms_prox_write.set_account_password(&pce);
@ -2886,7 +2883,7 @@ mod tests {
task::block_on(idms.proxy_write(duration_from_epoch_now()));
// Check that the badlist password inserted is rejected.
let pce = PasswordChangeEvent::new_internal(&UUID_ADMIN, "bad@no3IBTyqHu$list");
let pce = PasswordChangeEvent::new_internal(UUID_ADMIN, "bad@no3IBTyqHu$list");
let e = idms_prox_write.set_account_password(&pce);
assert!(e.is_err());
@ -2923,12 +2920,12 @@ mod tests {
("name", Value::new_iname("testgroup")),
(
"uuid",
Value::new_uuid(uuid::uuid!("01609135-a1c4-43d5-966b-a28227644445"))
Value::Uuid(uuid::uuid!("01609135-a1c4-43d5-966b-a28227644445"))
),
("description", Value::new_utf8s("testgroup")),
(
"member",
Value::new_refer(uuid::uuid!("00000000-0000-0000-0000-000000000000"))
Value::Refer(uuid::uuid!("00000000-0000-0000-0000-000000000000"))
)
);
@ -2940,10 +2937,9 @@ mod tests {
let mut idms_prox_read = task::block_on(idms.proxy_read());
let ugte = UnixGroupTokenEvent::new_internal(
Uuid::parse_str("01609135-a1c4-43d5-966b-a28227644445")
.expect("failed to parse uuid"),
);
let ugte = UnixGroupTokenEvent::new_internal(uuid!(
"01609135-a1c4-43d5-966b-a28227644445"
));
let tok_g = idms_prox_read
.get_unixgrouptoken(&ugte)
.expect("Failed to generate unix group token");
@ -2964,10 +2960,9 @@ mod tests {
assert!(tok_r.valid == true);
// Show we can get the admin as a unix group token too
let ugte = UnixGroupTokenEvent::new_internal(
Uuid::parse_str("00000000-0000-0000-0000-000000000000")
.expect("failed to parse uuid"),
);
let ugte = UnixGroupTokenEvent::new_internal(uuid!(
"00000000-0000-0000-0000-000000000000"
));
let tok_g = idms_prox_read
.get_unixgrouptoken(&ugte)
.expect("Failed to generate unix group token");
@ -2999,7 +2994,7 @@ mod tests {
};
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
let pce = UnixPasswordChangeEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let pce = UnixPasswordChangeEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
assert!(idms_prox_write.set_unix_account_password(&pce).is_ok());
assert!(idms_prox_write.commit().is_ok());
@ -3007,7 +3002,7 @@ mod tests {
let mut idms_auth = idms.auth();
// Check auth verification of the password
let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let uuae_good = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
let a1 = task::block_on(
idms_auth.auth_unix(&uuae_good, Duration::from_secs(TEST_CURRENT_TIME)),
);
@ -3016,7 +3011,7 @@ mod tests {
_ => assert!(false),
};
// Check bad password
let uuae_bad = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD_INC);
let uuae_bad = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD_INC);
let a2 = task::block_on(
idms_auth.auth_unix(&uuae_bad, Duration::from_secs(TEST_CURRENT_TIME)),
);
@ -3138,7 +3133,7 @@ mod tests {
assert!(idms_prox_write.commit().is_ok());
idms_delayed.check_is_empty_or_panic();
// Get the auth ready.
let uuae = UnixUserAuthEvent::new_internal(&UUID_ADMIN, "password");
let uuae = UnixUserAuthEvent::new_internal(UUID_ADMIN, "password");
let mut idms_auth = idms.auth();
let a1 = task::block_on(
idms_auth.auth_unix(&uuae, Duration::from_secs(TEST_CURRENT_TIME)),
@ -3288,14 +3283,14 @@ mod tests {
};
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
let pce = UnixPasswordChangeEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let pce = UnixPasswordChangeEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
assert!(idms_prox_write.set_unix_account_password(&pce).is_ok());
assert!(idms_prox_write.commit().is_ok());
// Now check auth when the time is too high or too low.
let mut idms_auth = idms.auth();
let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let uuae_good = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
let a1 = task::block_on(idms_auth.auth_unix(&uuae_good, time_low));
// Should this actually send an error with the details? Or just silently act as
@ -3647,13 +3642,13 @@ mod tests {
};
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
let pce = UnixPasswordChangeEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let pce = UnixPasswordChangeEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
assert!(idms_prox_write.set_unix_account_password(&pce).is_ok());
assert!(idms_prox_write.commit().is_ok());
let mut idms_auth = idms.auth();
let uuae_good = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let uuae_bad = UnixUserAuthEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD_INC);
let uuae_good = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
let uuae_bad = UnixUserAuthEvent::new_internal(UUID_ADMIN, TEST_PASSWORD_INC);
let a2 = task::block_on(
idms_auth.auth_unix(&uuae_bad, Duration::from_secs(TEST_CURRENT_TIME)),
@ -3738,7 +3733,7 @@ mod tests {
let idms_prox_read = task::block_on(idms.proxy_read());
let admin = idms_prox_read
.qs_read
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("failed");
let sessions = admin.get_ava_as_session_map("user_auth_token_session");
assert!(sessions.is_none());
@ -3761,7 +3756,7 @@ mod tests {
let idms_prox_read = task::block_on(idms.proxy_read());
let admin = idms_prox_read
.qs_read
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("failed");
let sessions = admin
.get_ava_as_session_map("user_auth_token_session")
@ -3794,7 +3789,7 @@ mod tests {
let idms_prox_read = task::block_on(idms.proxy_read());
let admin = idms_prox_read
.qs_read
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("failed");
let sessions = admin
.get_ava_as_session_map("user_auth_token_session")
@ -3897,7 +3892,7 @@ mod tests {
// get an account.
let account = idms_prox_write
.target_to_account(&UUID_ADMIN)
.target_to_account(UUID_ADMIN)
.expect("account must exist");
// Create some fake UATs, then process them and see what claims fall out 🥳
@ -4023,7 +4018,7 @@ mod tests {
let mut idms_prox_write = task::block_on(idms.proxy_write(ct.clone()));
let me_reset_tokens = unsafe {
ModifyEvent::new_internal_invalid(
filter!(f_eq("uuid", PartialValue::new_uuid(UUID_DOMAIN_INFO))),
filter!(f_eq("uuid", PartialValue::Uuid(UUID_DOMAIN_INFO))),
ModifyList::new_list(vec![
Modify::Purged(AttrString::from("fernet_private_key_str")),
Modify::Purged(AttrString::from("es256_private_key_der")),
@ -4070,7 +4065,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("service_account")),
("name", Value::new_iname("testaccount")),
("uuid", Value::new_uuid(target_uuid)),
("uuid", Value::Uuid(target_uuid)),
("description", Value::new_utf8s("testaccount")),
("displayname", Value::new_utf8s("Test Account"))
);

8
kanidmd/lib/src/idm/serviceaccount.rs
View file

@ -194,7 +194,7 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
) -> Result<String, OperationError> {
let service_account = self
.qs_write
.internal_search_uuid(&gte.target)
.internal_search_uuid(gte.target)
.and_then(|account_entry| ServiceAccount::try_from_entry_rw(&account_entry))
.map_err(|e| {
admin_error!(?e, "Failed to search service account");
@ -249,9 +249,9 @@ impl<'a> IdmServerProxyWriteTransaction<'a> {
self.qs_write
.impersonate_modify(
// Filter as executed
&filter!(f_eq("uuid", PartialValue::new_uuid(gte.target))),
&filter!(f_eq("uuid", PartialValue::Uuid(gte.target))),
// Filter as intended (acp)
&filter_all!(f_eq("uuid", PartialValue::new_uuid(gte.target))),
&filter_all!(f_eq("uuid", PartialValue::Uuid(gte.target))),
&modlist,
// Provide the event to impersonate
&gte.ident,
@ -396,7 +396,7 @@ mod tests {
("class", Value::new_class("account")),
("class", Value::new_class("service_account")),
("name", Value::new_iname("test_account_only")),
("uuid", Value::new_uuid(testaccount_uuid)),
("uuid", Value::Uuid(testaccount_uuid)),
("description", Value::new_utf8s("testaccount")),
("displayname", Value::new_utf8s("testaccount"))
);

6
kanidmd/lib/src/idm/unix.rs
View file

@ -370,11 +370,7 @@ macro_rules! try_from_account_group_e {
let f = filter!(f_and!([
f_eq("class", PVCLASS_POSIXGROUP.clone()),
f_eq("class", PVCLASS_GROUP.clone()),
f_or(
riter
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.collect()
)
f_or(riter.map(|u| f_eq("uuid", PartialValue::Uuid(u))).collect())
]));
let ges: Vec<_> = $qs.internal_search(f)?;
let groups: Result<Vec<_>, _> = iter::once(Ok(upg))

18
kanidmd/lib/src/ldap.rs
View file

@ -66,7 +66,7 @@ impl LdapServer {
// get the domain_info item
let domain_entry = idms_prox_read
.qs_read
.internal_search_uuid(&UUID_DOMAIN_INFO)?;
.internal_search_uuid(UUID_DOMAIN_INFO)?;
let domain_name = domain_entry
.get_ava_single_iname("domain_name")
@ -432,7 +432,7 @@ impl LdapServer {
idms: &IdmServer,
server_op: ServerOps,
uat: Option<LdapBoundToken>,
eventid: &Uuid,
eventid: Uuid,
) -> Result<LdapResponseState, OperationError> {
match server_op {
ServerOps::SimpleBind(sbr) => self
@ -487,9 +487,9 @@ impl LdapServer {
Some(u) => Ok(LdapResponseState::Respond(
wr.gen_success(format!("u: {}", u.spn).as_str()),
)),
None => Ok(LdapResponseState::Respond(wr.gen_operror(
format!("Unbound Connection {:?}", &eventid).as_str(),
))),
None => Ok(LdapResponseState::Respond(
wr.gen_operror(format!("Unbound Connection {}", eventid).as_str()),
)),
},
} // end match server op
}
@ -606,7 +606,7 @@ mod tests {
};
assert!(idms_prox_write.qs_write.modify(&me_posix).is_ok());
let pce = UnixPasswordChangeEvent::new_internal(&UUID_ADMIN, TEST_PASSWORD);
let pce = UnixPasswordChangeEvent::new_internal(UUID_ADMIN, TEST_PASSWORD);
assert!(idms_prox_write.set_unix_account_password(&pce).is_ok());
assert!(idms_prox_write.commit().is_ok());
@ -772,7 +772,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1")),
@ -926,7 +926,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("service_account")),
("class", Value::new_class("account")),
("uuid", Value::new_uuid(sa_uuid)),
("uuid", Value::Uuid(sa_uuid)),
("name", Value::new_iname("service_permission_test")),
("displayname", Value::new_utf8s("service_permission_test"))
);
@ -965,7 +965,7 @@ mod tests {
)),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
Value::new_refer(sa_uuid),
Value::Refer(sa_uuid),
)]),
)
};

2
kanidmd/lib/src/lib.rs
View file

@ -65,7 +65,7 @@ pub mod prelude {
};
pub use smartstring::alias::String as AttrString;
pub use url::Url;
pub use uuid::Uuid;
pub use uuid::{uuid, Uuid};
pub use crate::constants::*;
pub use crate::entry::{

4
kanidmd/lib/src/plugins/attrunique.rs
View file

@ -86,7 +86,7 @@ fn enforce_unique<STATE>(
// Basically this says where name but also not self.
f_and(vec![
FC::Eq(attr, v.clone()),
f_andnot(FC::Eq("uuid", PartialValue::new_uuid(*uuid))),
f_andnot(FC::Eq("uuid", PartialValue::Uuid(*uuid))),
])
})
.collect()
@ -121,7 +121,7 @@ fn enforce_unique<STATE>(
// Basically this says where name but also not self.
f_and(vec![
FC::Eq(attr, v),
f_andnot(FC::Eq("uuid", PartialValue::new_uuid(uuid))),
f_andnot(FC::Eq("uuid", PartialValue::Uuid(uuid))),
])
})
.collect();

18
kanidmd/lib/src/plugins/base.rs
View file

@ -47,7 +47,7 @@ impl Plugin for Base {
match entry.get_ava_set("uuid").map(|s| s.len()) {
None => {
// Generate
let ava_uuid = Value::new_uuid(Uuid::new_v4());
let ava_uuid = Value::Uuid(Uuid::new_v4());
trace!("Setting temporary UUID {:?} to entry", ava_uuid);
entry.set_ava("uuid", once(ava_uuid));
}
@ -120,7 +120,7 @@ impl Plugin for Base {
let filt_in = filter_all!(FC::Or(
cand_uuid
.into_iter()
.map(|u| FC::Eq("uuid", PartialValue::new_uuid(u)))
.map(|u| FC::Eq("uuid", PartialValue::Uuid(u)))
.collect(),
));
@ -252,14 +252,14 @@ mod tests {
("class", Value::new_class("memberof")),
("name", Value::new_iname("test_account_1")),
("displayname", Value::new_utf8s("test_account_1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT)),
("memberof", Value::new_refer(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT)),
("memberof", Value::Refer(UUID_TEST_GROUP))
);
pub static ref TEST_GROUP: EntryInitNew = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("test_group_a")),
("uuid", Value::new_uuid(UUID_TEST_GROUP)),
("member", Value::new_refer(UUID_TEST_ACCOUNT))
("uuid", Value::Uuid(UUID_TEST_GROUP)),
("member", Value::Refer(UUID_TEST_ACCOUNT))
);
pub static ref ALLOW_ALL: EntryInitNew = entry_init!(
("class", Value::new_class("object")),
@ -269,7 +269,7 @@ mod tests {
("class", Value::new_class("access_control_delete")),
("class", Value::new_class("access_control_search")),
("name", Value::new_iname("idm_admins_acp_allow_all_test")),
("uuid", Value::new_uuid(UUID_TEST_ACP)),
("uuid", Value::Uuid(UUID_TEST_ACP)),
("acp_receiver_group", Value::Refer(UUID_TEST_GROUP)),
(
"acp_targetscope",
@ -427,7 +427,7 @@ mod tests {
let ue = cands.first().expect("No cand");
assert!(ue.attribute_equality(
"uuid",
&PartialValue::new_uuids("79724141-3603-4060-b6bb-35c72772611d").unwrap()
&PartialValue::Uuid(uuid!("79724141-3603-4060-b6bb-35c72772611d"))
));
}
);
@ -593,7 +593,7 @@ mod tests {
filter!(f_eq("name", PartialValue::new_iname("testgroup_a"))),
ModifyList::new_list(vec![Modify::Removed(
AttrString::from("uuid"),
PartialValue::new_uuids("f15a7219-1d15-44e3-a7b4-bec899c07788").unwrap()
PartialValue::Uuid(uuid!("f15a7219-1d15-44e3-a7b4-bec899c07788"))
)]),
None,
|_| {},

8
kanidmd/lib/src/plugins/domain.rs
View file

@ -52,14 +52,14 @@ impl Plugin for Domain {
impl Domain {
fn modify_inner<T: Clone + std::fmt::Debug>(
qs: &mut QueryServerWriteTransaction,
cand: &mut Vec<Entry<EntryInvalid, T>>,
cand: &mut [Entry<EntryInvalid, T>],
) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| {
if e.attribute_equality("class", &PVCLASS_DOMAIN_INFO)
&& e.attribute_equality("uuid", &PVUUID_DOMAIN_INFO)
{
// We always set this, because the DB uuid is authorative.
let u = Value::new_uuid(qs.get_domain_uuid());
let u = Value::Uuid(qs.get_domain_uuid());
e.set_ava("domain_uuid", once(u));
trace!("plugin_domain: Applying uuid transform");
@ -112,11 +112,11 @@ mod tests {
async fn test_domain_generate_uuid(server: &QueryServer) {
let server_txn = server.write(duration_from_epoch_now()).await;
let e_dom = server_txn
.internal_search_uuid(&UUID_DOMAIN_INFO)
.internal_search_uuid(UUID_DOMAIN_INFO)
.expect("must not fail");
let u_dom = server_txn.get_domain_uuid();
assert!(e_dom.attribute_equality("domain_uuid", &PartialValue::new_uuid(u_dom)));
assert!(e_dom.attribute_equality("domain_uuid", &PartialValue::Uuid(u_dom)));
}
}

38
kanidmd/lib/src/plugins/dyngroup.rs
View file

@ -36,7 +36,7 @@ impl DynGroup {
let filt = filter!(FC::Or(
n_dyn_groups
.iter()
.map(|e| f_eq("uuid", PartialValue::new_uuid(e.get_uuid())))
.map(|e| f_eq("uuid", PartialValue::Uuid(e.get_uuid())))
.collect()
));
let work_set = qs.internal_search_writeable(&filt)?;
@ -178,14 +178,14 @@ impl DynGroup {
.collect();
if !matches.is_empty() {
let filt = filter!(f_eq("uuid", PartialValue::new_uuid(*dg_uuid)));
let filt = filter!(f_eq("uuid", PartialValue::Uuid(*dg_uuid)));
let mut work_set = qs.internal_search_writeable(&filt)?;
if let Some((pre, mut d_group)) = work_set.pop() {
matches
.iter()
.copied()
.for_each(|u| d_group.add_ava("member", Value::new_refer(u)));
.for_each(|u| d_group.add_ava("member", Value::Refer(u)));
affected_uuids.extend(matches.into_iter());
affected_uuids.push(*dg_uuid);
@ -303,13 +303,13 @@ impl DynGroup {
.collect();
if !matches.is_empty() {
let filt = filter!(f_eq("uuid", PartialValue::new_uuid(*dg_uuid)));
let filt = filter!(f_eq("uuid", PartialValue::Uuid(*dg_uuid)));
let mut work_set = qs.internal_search_writeable(&filt)?;
if let Some((pre, mut d_group)) = work_set.pop() {
matches.iter().copied().for_each(|choice| match choice {
Ok(u) => d_group.add_ava("member", Value::new_refer(u)),
Err(u) => d_group.remove_ava("member", &PartialValue::new_refer(u)),
Ok(u) => d_group.add_ava("member", Value::Refer(u)),
Err(u) => d_group.remove_ava("member", &PartialValue::Refer(u)),
});
affected_uuids.extend(matches.into_iter().map(|choice| match choice {
@ -369,7 +369,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_group];
@ -415,7 +415,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn];
@ -464,7 +464,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn];
@ -506,7 +506,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![];
@ -555,7 +555,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -607,7 +607,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -658,7 +658,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -669,7 +669,7 @@ mod tests {
filter!(f_eq("name", PartialValue::new_iname("test_dyngroup"))),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
Value::new_refer(UUID_ADMIN)
Value::Refer(UUID_ADMIN)
)]),
None,
|_| {},
@ -708,7 +708,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -754,7 +754,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("not_testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -803,7 +803,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -848,7 +848,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];
@ -888,7 +888,7 @@ mod tests {
let e_group: Entry<EntryInit, EntryNew> = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("testgroup")),
("uuid", Value::new_uuid(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_GROUP))
);
let preload = vec![e_dyn, e_group];

20
kanidmd/lib/src/plugins/gidnumber.rs
View file

@ -70,7 +70,7 @@ impl Plugin for GidNumber {
cand: &mut Vec<Entry<EntryInvalid, EntryNew>>,
_ce: &CreateEvent,
) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| apply_gidnumber(e))
cand.iter_mut().try_for_each(apply_gidnumber)
}
#[instrument(level = "debug", name = "gidnumber_pre_modify", skip_all)]
@ -79,7 +79,7 @@ impl Plugin for GidNumber {
cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
_me: &ModifyEvent,
) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| apply_gidnumber(e))
cand.iter_mut().try_for_each(apply_gidnumber)
}
#[instrument(level = "debug", name = "gidnumber_pre_batch_modify", skip_all)]
@ -88,7 +88,7 @@ impl Plugin for GidNumber {
cand: &mut Vec<Entry<EntryInvalid, EntryCommitted>>,
_me: &BatchModifyEvent,
) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| apply_gidnumber(e))
cand.iter_mut().try_for_each(apply_gidnumber)
}
}
@ -98,7 +98,7 @@ mod tests {
fn check_gid(qs_write: &QueryServerWriteTransaction, uuid: &str, gid: u32) {
let u = Uuid::parse_str(uuid).unwrap();
let e = qs_write.internal_search_uuid(&u).unwrap();
let e = qs_write.internal_search_uuid(u).unwrap();
let gidnumber = e.get_ava_single("gidnumber").unwrap();
let ex_gid = Value::new_uint32(gid);
assert!(ex_gid == gidnumber);
@ -112,7 +112,7 @@ mod tests {
("name", Value::new_iname("testperson")),
(
"uuid",
Value::new_uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
Value::Uuid(uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
@ -144,7 +144,7 @@ mod tests {
("gidnumber", Value::Uint32(10001)),
(
"uuid",
Value::new_uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
Value::Uuid(uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
@ -175,7 +175,7 @@ mod tests {
("name", Value::new_iname("testperson")),
(
"uuid",
Value::new_uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
Value::Uuid(uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
@ -207,7 +207,7 @@ mod tests {
("name", Value::new_iname("testperson")),
(
"uuid",
Value::new_uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
Value::Uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
@ -239,7 +239,7 @@ mod tests {
("name", Value::new_iname("testperson")),
(
"uuid",
Value::new_uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
Value::Uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-2f7b997ef244"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
@ -273,7 +273,7 @@ mod tests {
("name", Value::new_iname("testperson")),
(
"uuid",
Value::new_uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-000000000244"))
Value::Uuid(uuid::uuid!("83a0927f-3de1-45ec-bea0-000000000244"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))

45
kanidmd/lib/src/plugins/jwskeygen.rs
View file

@ -41,9 +41,7 @@ impl Plugin for JwsKeygen {
}
impl JwsKeygen {
fn modify_inner<T: Clone>(
cand: &mut Vec<Entry<EntryInvalid, T>>,
) -> Result<(), OperationError> {
fn modify_inner<T: Clone>(cand: &mut [Entry<EntryInvalid, T>]) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| {
if e.attribute_equality("class", &PVCLASS_OAUTH2_BASIC) {
if !e.attribute_pres("oauth2_rs_basic_secret") {
@ -68,25 +66,23 @@ impl JwsKeygen {
let v = Value::new_privatebinary(&der);
e.add_ava("es256_private_key_der", v);
}
if e.get_ava_single_bool("oauth2_jwt_legacy_crypto_enable").unwrap_or(false) {
if !e.attribute_pres("rs256_private_key_der") {
security_info!("regenerating oauth2 legacy rs256 private key");
let der = JwsSigner::generate_legacy_rs256()
.and_then(|jws| jws.private_key_to_der())
.map_err(|e| {
admin_error!(err = ?e, "Unable to generate Legacy RS256 JwsSigner private key");
OperationError::CryptographyError
})?;
let v = Value::new_privatebinary(&der);
e.add_ava("rs256_private_key_der", v);
}
if e.get_ava_single_bool("oauth2_jwt_legacy_crypto_enable").unwrap_or(false)
&& !e.attribute_pres("rs256_private_key_der") {
security_info!("regenerating oauth2 legacy rs256 private key");
let der = JwsSigner::generate_legacy_rs256()
.and_then(|jws| jws.private_key_to_der())
.map_err(|e| {
admin_error!(err = ?e, "Unable to generate Legacy RS256 JwsSigner private key");
OperationError::CryptographyError
})?;
let v = Value::new_privatebinary(&der);
e.add_ava("rs256_private_key_der", v);
}
}
if e.attribute_equality("class", &PVCLASS_SERVICE_ACCOUNT) ||
e.attribute_equality("class", &PVCLASS_SYNC_ACCOUNT)
{
if !e.attribute_pres("jws_es256_private_key") {
if (e.attribute_equality("class", &PVCLASS_SERVICE_ACCOUNT) ||
e.attribute_equality("class", &PVCLASS_SYNC_ACCOUNT)) &&
!e.attribute_pres("jws_es256_private_key") {
security_info!("regenerating jws es256 private key");
let jwssigner = JwsSigner::generate_es256()
.map_err(|e| {
@ -95,7 +91,6 @@ impl JwsKeygen {
})?;
let v = Value::JwsKeyEs256(jwssigner);
e.add_ava("jws_es256_private_key", v);
}
}
Ok(())
@ -116,7 +111,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(uuid)),
("uuid", Value::Uuid(uuid)),
("displayname", Value::new_utf8s("test_resource_server")),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
(
@ -139,7 +134,7 @@ mod tests {
None,
|qs: &QueryServerWriteTransaction| {
let e = qs
.internal_search_uuid(&uuid)
.internal_search_uuid(uuid)
.expect("failed to get oauth2 config");
assert!(e.attribute_pres("oauth2_rs_basic_secret"));
assert!(e.attribute_pres("oauth2_rs_token_key"));
@ -155,7 +150,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(uuid)),
("uuid", Value::Uuid(uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(
@ -176,7 +171,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuid(uuid))),
filter!(f_eq("uuid", PartialValue::Uuid(uuid))),
ModifyList::new_list(vec![
Modify::Purged(AttrString::from("oauth2_rs_basic_secret"),),
Modify::Purged(AttrString::from("oauth2_rs_token_key"),)
@ -185,7 +180,7 @@ mod tests {
|_| {},
|qs: &QueryServerWriteTransaction| {
let e = qs
.internal_search_uuid(&uuid)
.internal_search_uuid(uuid)
.expect("failed to get oauth2 config");
assert!(e.attribute_pres("oauth2_rs_basic_secret"));
assert!(e.attribute_pres("oauth2_rs_token_key"));

46
kanidmd/lib/src/plugins/memberof.rs
View file

@ -26,14 +26,14 @@ pub struct MemberOf;
fn do_memberof(
qs: &QueryServerWriteTransaction,
uuid: &Uuid,
uuid: Uuid,
tgte: &mut EntryInvalidCommitted,
) -> Result<(), OperationError> {
// search where we are member
let groups = qs
.internal_search(filter!(f_and!([
f_eq("class", PVCLASS_GROUP.clone()),
f_eq("member", PartialValue::new_refer(*uuid))
f_eq("member", PartialValue::Refer(uuid))
])))
.map_err(|e| {
admin_error!("internal search failure -> {:?}", e);
@ -121,7 +121,7 @@ fn apply_memberof(
let filt = filter!(FC::Or(
group_affect
.drain(0..)
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.map(|u| f_eq("uuid", PartialValue::Uuid(u)))
.collect()
));
@ -142,7 +142,7 @@ fn apply_memberof(
trace!("=> processing group update -> {:?}", guuid);
do_memberof(qs, &guuid, &mut tgte)?;
do_memberof(qs, guuid, &mut tgte)?;
// Did we change? Note we don't check if the class changed, only if mo changed.
if pre.get_ava_set("memberof") != tgte.get_ava_set("memberof")
@ -188,7 +188,7 @@ fn apply_memberof(
.try_for_each(|(auuid, (pre, mut tgte))| {
trace!("=> processing affected uuid {:?}", auuid);
debug_assert!(!tgte.attribute_equality("class", &PVCLASS_GROUP));
do_memberof(qs, &auuid, &mut tgte)?;
do_memberof(qs, auuid, &mut tgte)?;
// Only write if a change occured.
if pre.get_ava_set("memberof") != tgte.get_ava_set("memberof")
|| pre.get_ava_set("directmemberof") != tgte.get_ava_set("directmemberof")
@ -301,7 +301,7 @@ impl Plugin for MemberOf {
for e in all_cand {
let filt_in = filter!(f_and!([
f_eq("class", PVCLASS_GROUP.clone()),
f_eq("member", PartialValue::new_refer(e.get_uuid()))
f_eq("member", PartialValue::Refer(e.get_uuid()))
]));
let direct_memberof = match qs
@ -468,7 +468,7 @@ mod tests {
$cand:expr
) => {{
let filt = filter!(f_and!([
f_eq("uuid", PartialValue::new_uuids($ea).unwrap()),
f_eq("uuid", PartialValue::new_uuid_s($ea).unwrap()),
f_eq($mo, PartialValue::new_refer_s($eb).unwrap())
]));
let cands = $qs.internal_search(filt).expect("Internal search failure");
@ -733,7 +733,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
Value::new_refer_s(&UUID_B).unwrap()
@ -769,7 +769,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
Value::new_refer_s(&UUID_B).unwrap()
@ -823,7 +823,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_B).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_B).unwrap())),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
Value::new_refer_s(&UUID_C).unwrap()
@ -880,7 +880,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_C).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_C).unwrap())),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
Value::new_refer_s(&UUID_A).unwrap()
@ -945,8 +945,8 @@ mod tests {
Ok(()),
preload,
filter!(f_or!([
f_eq("uuid", PartialValue::new_uuids(&UUID_C).unwrap()),
f_eq("uuid", PartialValue::new_uuids(&UUID_D).unwrap()),
f_eq("uuid", PartialValue::new_uuid_s(&UUID_C).unwrap()),
f_eq("uuid", PartialValue::new_uuid_s(&UUID_D).unwrap()),
])),
ModifyList::new_list(vec![Modify::Present(
AttrString::from("member"),
@ -1016,7 +1016,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
ModifyList::new_list(vec![Modify::Removed(
AttrString::from("member"),
PartialValue::new_refer_s(&UUID_B).unwrap()
@ -1055,7 +1055,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
ModifyList::new_list(vec![Modify::Removed(
AttrString::from("member"),
PartialValue::new_refer_s(&UUID_B).unwrap()
@ -1113,7 +1113,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_B).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_B).unwrap())),
ModifyList::new_list(vec![Modify::Removed(
AttrString::from("member"),
PartialValue::new_refer_s(&UUID_C).unwrap()
@ -1181,7 +1181,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_C).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_C).unwrap())),
ModifyList::new_list(vec![Modify::Removed(
AttrString::from("member"),
PartialValue::new_refer_s(&UUID_A).unwrap()
@ -1267,7 +1267,7 @@ mod tests {
run_modify_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_C).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_C).unwrap())),
ModifyList::new_list(vec![
Modify::Removed(
AttrString::from("member"),
@ -1340,7 +1340,7 @@ mod tests {
run_delete_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
None,
|qs: &QueryServerWriteTransaction| {
// V-- this uuid is
@ -1374,7 +1374,7 @@ mod tests {
run_delete_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
None,
|qs: &QueryServerWriteTransaction| {
// V-- this uuid is
@ -1418,7 +1418,7 @@ mod tests {
run_delete_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_B).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_B).unwrap())),
None,
|qs: &QueryServerWriteTransaction| {
// V-- this uuid is
@ -1471,7 +1471,7 @@ mod tests {
run_delete_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_A).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_A).unwrap())),
None,
|qs: &QueryServerWriteTransaction| {
// V-- this uuid is
@ -1537,7 +1537,7 @@ mod tests {
run_delete_test!(
Ok(()),
preload,
filter!(f_eq("uuid", PartialValue::new_uuids(&UUID_B).unwrap())),
filter!(f_eq("uuid", PartialValue::new_uuid_s(&UUID_B).unwrap())),
None,
|qs: &QueryServerWriteTransaction| {
// V-- this uuid is

8
kanidmd/lib/src/plugins/password_import.rs
View file

@ -91,9 +91,7 @@ impl Plugin for PasswordImport {
}
impl PasswordImport {
fn modify_inner<T: Clone>(
cand: &mut Vec<Entry<EntryInvalid, T>>,
) -> Result<(), OperationError> {
fn modify_inner<T: Clone>(cand: &mut [Entry<EntryInvalid, T>]) -> Result<(), OperationError> {
cand.iter_mut().try_for_each(|e| {
// is there a password we are trying to import?
let vs = match e.pop_ava("password_import") {
@ -280,9 +278,7 @@ mod tests {
|_| {},
|qs: &QueryServerWriteTransaction| {
let e = qs
.internal_search_uuid(
&Uuid::parse_str("d2b496bd-8493-47b7-8142-f568b5cf47ee").unwrap(),
)
.internal_search_uuid(uuid!("d2b496bd-8493-47b7-8142-f568b5cf47ee"))
.expect("failed to get entry");
let c = e
.get_ava_single_credential("primary_credential")

10
kanidmd/lib/src/plugins/protected.rs
View file

@ -273,14 +273,14 @@ mod tests {
("class", Value::new_class("memberof")),
("name", Value::new_iname("test_account_1")),
("displayname", Value::new_utf8s("test_account_1")),
("uuid", Value::new_uuid(UUID_TEST_ACCOUNT)),
("memberof", Value::new_refer(UUID_TEST_GROUP))
("uuid", Value::Uuid(UUID_TEST_ACCOUNT)),
("memberof", Value::Refer(UUID_TEST_GROUP))
);
pub static ref TEST_GROUP: EntryInitNew = entry_init!(
("class", Value::new_class("group")),
("name", Value::new_iname("test_group_a")),
("uuid", Value::new_uuid(UUID_TEST_GROUP)),
("member", Value::new_refer(UUID_TEST_ACCOUNT))
("uuid", Value::Uuid(UUID_TEST_GROUP)),
("member", Value::Refer(UUID_TEST_ACCOUNT))
);
pub static ref ALLOW_ALL: EntryInitNew = entry_init!(
("class", Value::new_class("object")),
@ -290,7 +290,7 @@ mod tests {
("class", Value::new_class("access_control_delete")),
("class", Value::new_class("access_control_search")),
("name", Value::new_iname("idm_admins_acp_allow_all_test")),
("uuid", Value::new_uuid(UUID_TEST_ACP)),
("uuid", Value::Uuid(UUID_TEST_ACP)),
("acp_receiver_group", Value::Refer(UUID_TEST_GROUP)),
(
"acp_targetscope",

31
kanidmd/lib/src/plugins/refint.rs
View file

@ -135,7 +135,7 @@ impl Plugin for ReferentialIntegrity {
.map(|e| e.get_uuid())
.flat_map(|u| ref_types.values().map(move |r_type| {
// For everything that references the uuid's in the deleted set.
f_eq(r_type.name.as_str(), PartialValue::new_refer(u))
f_eq(r_type.name.as_str(), PartialValue::Refer(u))
}))
.collect(),
));
@ -144,7 +144,7 @@ impl Plugin for ReferentialIntegrity {
let removed_ids: BTreeSet<_> = cand
.iter()
.map(|e| PartialValue::new_refer(e.get_uuid()))
.map(|e| PartialValue::Refer(e.get_uuid()))
.collect();
let work_set = qs.internal_search_writeable(&filt)?;
@ -230,7 +230,7 @@ impl ReferentialIntegrity {
vsiter.try_for_each(|vs| {
if let Some(uuid_iter) = vs.as_ref_uuid_iter() {
uuid_iter.for_each(|u| {
i.push(PartialValue::new_uuid(u))
i.push(PartialValue::Uuid(u))
});
Ok(())
} else {
@ -468,11 +468,11 @@ mod tests {
ModifyList::new_list(vec![
Modify::Present(
AttrString::from("member"),
Value::new_refer_s("d2b496bd-8493-47b7-8142-f568b5cf47ee").unwrap()
Value::Refer(uuid!("d2b496bd-8493-47b7-8142-f568b5cf47ee"))
),
Modify::Present(
AttrString::from("member"),
Value::new_refer(UUID_DOES_NOT_EXIST)
Value::Refer(UUID_DOES_NOT_EXIST)
),
]),
None,
@ -724,7 +724,7 @@ mod tests {
(
"oauth2_rs_scope_map",
Value::new_oauthscopemap(
Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid"),
uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"),
btreeset!["read".to_string()]
)
.expect("Invalid scope")
@ -736,7 +736,7 @@ mod tests {
("name", Value::new_iname("testgroup")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testgroup"))
);
@ -779,7 +779,7 @@ mod tests {
("class", Value::new_class("person")),
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(tuuid)),
("uuid", Value::Uuid(tuuid)),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
);
@ -788,7 +788,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(rs_uuid)),
("uuid", Value::Uuid(rs_uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(
@ -809,10 +809,10 @@ mod tests {
// Create a fake session and oauth2 session.
let session_id = Uuid::new_v4();
let pv_session_id = PartialValue::new_refer(session_id);
let pv_session_id = PartialValue::Refer(session_id);
let parent = Uuid::new_v4();
let pv_parent_id = PartialValue::new_refer(parent);
let pv_parent_id = PartialValue::Refer(parent);
let issued_at = curtime_odt;
let issued_by = IdentityId::User(tuuid);
let scope = AccessScope::IdentityOnly;
@ -854,15 +854,12 @@ mod tests {
]);
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Still there
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
assert!(entry.attribute_equality("user_auth_token_session", &pv_parent_id));
assert!(entry.attribute_equality("oauth2_session", &pv_session_id));
@ -870,7 +867,7 @@ mod tests {
assert!(server_txn.internal_delete_uuid(rs_uuid).is_ok());
// Oauth2 Session gone.
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
// Note the uat is present still.
assert!(entry.attribute_equality("user_auth_token_session", &pv_parent_id));

84
kanidmd/lib/src/plugins/session.rs
View file

@ -42,7 +42,7 @@ impl Plugin for SessionConsistency {
impl SessionConsistency {
fn modify_inner<T: Clone + std::fmt::Debug>(
qs: &mut QueryServerWriteTransaction,
cand: &mut Vec<Entry<EntryInvalid, T>>,
cand: &mut [Entry<EntryInvalid, T>],
) -> Result<(), OperationError> {
let curtime = qs.get_curtime();
let curtime_odt = OffsetDateTime::unix_epoch() + curtime;
@ -142,7 +142,7 @@ mod tests {
("class", Value::new_class("person")),
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(tuuid)),
("uuid", Value::Uuid(tuuid)),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
);
@ -152,7 +152,7 @@ mod tests {
// Create a fake session.
let session_id = Uuid::new_v4();
let pv_session_id = PartialValue::new_refer(session_id);
let pv_session_id = PartialValue::Refer(session_id);
let expiry = Some(exp_curtime_odt);
let issued_at = curtime_odt;
let issued_by = IdentityId::User(tuuid);
@ -178,15 +178,12 @@ mod tests {
let modlist = ModifyList::new_append("user_auth_token_session", session);
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Still there
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
assert!(entry.attribute_equality("user_auth_token_session", &pv_session_id));
@ -198,14 +195,11 @@ mod tests {
ModifyList::new_purge_and_set("description", Value::new_utf8s("test person 1 change"));
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Session gone.
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
// Note it's a not condition now.
assert!(!entry.attribute_equality("user_auth_token_session", &pv_session_id));
@ -234,7 +228,7 @@ mod tests {
("class", Value::new_class("person")),
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(tuuid)),
("uuid", Value::Uuid(tuuid)),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
);
@ -243,7 +237,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(rs_uuid)),
("uuid", Value::Uuid(rs_uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(
@ -264,10 +258,10 @@ mod tests {
// Create a fake session and oauth2 session.
let session_id = Uuid::new_v4();
let pv_session_id = PartialValue::new_refer(session_id);
let pv_session_id = PartialValue::Refer(session_id);
let parent = Uuid::new_v4();
let pv_parent_id = PartialValue::new_refer(parent);
let pv_parent_id = PartialValue::Refer(parent);
let expiry = Some(exp_curtime_odt);
let issued_at = curtime_odt;
let issued_by = IdentityId::User(tuuid);
@ -310,15 +304,12 @@ mod tests {
]);
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Still there
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
assert!(entry.attribute_equality("user_auth_token_session", &pv_parent_id));
assert!(entry.attribute_equality("oauth2_session", &pv_session_id));
@ -334,14 +325,11 @@ mod tests {
ModifyList::new_purge_and_set("description", Value::new_utf8s("test person 1 change"));
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Session gone.
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
// Note the uat is still present
assert!(entry.attribute_equality("user_auth_token_session", &pv_parent_id));
@ -369,7 +357,7 @@ mod tests {
("class", Value::new_class("person")),
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(tuuid)),
("uuid", Value::Uuid(tuuid)),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
);
@ -378,7 +366,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(rs_uuid)),
("uuid", Value::Uuid(rs_uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(
@ -399,10 +387,10 @@ mod tests {
// Create a fake session and oauth2 session.
let session_id = Uuid::new_v4();
let pv_session_id = PartialValue::new_refer(session_id);
let pv_session_id = PartialValue::Refer(session_id);
let parent = Uuid::new_v4();
let pv_parent_id = PartialValue::new_refer(parent);
let pv_parent_id = PartialValue::Refer(parent);
let issued_at = curtime_odt;
let issued_by = IdentityId::User(tuuid);
let scope = AccessScope::IdentityOnly;
@ -444,15 +432,12 @@ mod tests {
]);
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Still there
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
assert!(entry.attribute_equality("user_auth_token_session", &pv_parent_id));
assert!(entry.attribute_equality("oauth2_session", &pv_session_id));
@ -465,14 +450,11 @@ mod tests {
let modlist = ModifyList::new_remove("user_auth_token_session", pv_parent_id.clone());
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Session gone.
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
// Note the uat is removed
assert!(!entry.attribute_equality("user_auth_token_session", &pv_parent_id));
@ -503,7 +485,7 @@ mod tests {
("class", Value::new_class("person")),
("class", Value::new_class("account")),
("name", Value::new_iname("testperson1")),
("uuid", Value::new_uuid(tuuid)),
("uuid", Value::Uuid(tuuid)),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
);
@ -512,7 +494,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("oauth2_resource_server")),
("class", Value::new_class("oauth2_resource_server_basic")),
("uuid", Value::new_uuid(rs_uuid)),
("uuid", Value::Uuid(rs_uuid)),
("oauth2_rs_name", Value::new_iname("test_resource_server")),
("displayname", Value::new_utf8s("test_resource_server")),
(
@ -532,7 +514,7 @@ mod tests {
// Create a fake session.
let session_id = Uuid::new_v4();
let pv_session_id = PartialValue::new_refer(session_id);
let pv_session_id = PartialValue::Refer(session_id);
let parent = Uuid::new_v4();
let issued_at = curtime_odt;
@ -553,15 +535,12 @@ mod tests {
let modlist = ModifyList::new_append("oauth2_session", session);
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Still there
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
assert!(entry.attribute_equality("oauth2_session", &pv_session_id));
@ -576,14 +555,11 @@ mod tests {
ModifyList::new_purge_and_set("description", Value::new_utf8s("test person 1 change"));
server_txn
.internal_modify(
&filter!(f_eq("uuid", PartialValue::new_uuid(tuuid))),
&modlist,
)
.internal_modify(&filter!(f_eq("uuid", PartialValue::Uuid(tuuid))), &modlist)
.expect("Failed to modify user");
// Session gone.
let entry = server_txn.internal_search_uuid(&tuuid).expect("failed");
let entry = server_txn.internal_search_uuid(tuuid).expect("failed");
// Note it's a not condition now.
assert!(!entry.attribute_equality("oauth2_session", &pv_session_id));

6
kanidmd/lib/src/plugins/spn.rs
View file

@ -135,7 +135,7 @@ impl Plugin for Spn {
impl Spn {
fn modify_inner<T: Clone + std::fmt::Debug>(
qs: &mut QueryServerWriteTransaction,
cand: &mut Vec<Entry<EntryInvalid, T>>,
cand: &mut [Entry<EntryInvalid, T>],
) -> Result<(), OperationError> {
let domain_name = qs.get_domain_name();
@ -326,7 +326,7 @@ mod tests {
// get the current domain name
// check the spn on admin is admin@<initial domain>
let e_pre = server_txn
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("must not fail");
let e_pre_spn = e_pre.get_ava_single("spn").expect("must not fail");
@ -343,7 +343,7 @@ mod tests {
// check the spn on admin is admin@<new domain>
let e_post = server_txn
.internal_search_uuid(&UUID_ADMIN)
.internal_search_uuid(UUID_ADMIN)
.expect("must not fail");
let e_post_spn = e_post.get_ava_single("spn").expect("must not fail");

41
kanidmd/lib/src/repl/cid.rs
View file

@ -1,9 +1,9 @@
use std::fmt;
use std::time::Duration;
use crate::prelude::*;
use kanidm_proto::v1::OperationError;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Eq, PartialOrd, Ord, Hash)]
pub struct Cid {
@ -42,8 +42,8 @@ impl Cid {
#[cfg(test)]
pub unsafe fn new_count(c: u64) -> Self {
Cid {
d_uuid: Uuid::parse_str("00000000-0000-0000-0000-000000000000").unwrap(),
s_uuid: Uuid::parse_str("00000000-0000-0000-0000-000000000000").unwrap(),
d_uuid: uuid!("00000000-0000-0000-0000-000000000000"),
s_uuid: uuid!("00000000-0000-0000-0000-000000000000"),
ts: Duration::new(c, 0),
}
}
@ -62,10 +62,8 @@ impl Cid {
self.ts
.checked_sub(Duration::from_secs(secs))
.map(|r| Cid {
d_uuid: Uuid::parse_str("00000000-0000-0000-0000-000000000000")
.expect("Invalid compiled d_uuid"),
s_uuid: Uuid::parse_str("00000000-0000-0000-0000-000000000000")
.expect("Invalid compiled s_uuid"),
d_uuid: uuid!("00000000-0000-0000-0000-000000000000"),
s_uuid: uuid!("00000000-0000-0000-0000-000000000000"),
ts: r,
})
.ok_or(OperationError::InvalidReplChangeId)
@ -74,24 +72,23 @@ impl Cid {
#[cfg(test)]
mod tests {
use crate::prelude::*;
use std::cmp::Ordering;
use std::time::Duration;
use uuid::Uuid;
use crate::repl::cid::Cid;
#[test]
fn test_cid_ordering() {
// Check diff ts
let cid_a = Cid::new(
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
uuid!("00000000-0000-0000-0000-000000000001"),
uuid!("00000000-0000-0000-0000-000000000001"),
Duration::new(5, 0),
);
let cid_b = Cid::new(
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
uuid!("00000000-0000-0000-0000-000000000001"),
uuid!("00000000-0000-0000-0000-000000000001"),
Duration::new(15, 0),
);
@ -101,13 +98,13 @@ mod tests {
// check same ts diff d_uuid
let cid_c = Cid::new(
Uuid::parse_str("00000000-0000-0000-0000-000000000000").unwrap(),
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
uuid!("00000000-0000-0000-0000-000000000000"),
uuid!("00000000-0000-0000-0000-000000000001"),
Duration::new(5, 0),
);
let cid_d = Cid::new(
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
uuid!("00000000-0000-0000-0000-000000000001"),
uuid!("00000000-0000-0000-0000-000000000001"),
Duration::new(5, 0),
);
@ -117,13 +114,13 @@ mod tests {
// check same ts, d_uuid, diff s_uuid
let cid_e = Cid::new(
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
Uuid::parse_str("00000000-0000-0000-0000-000000000000").unwrap(),
uuid!("00000000-0000-0000-0000-000000000001"),
uuid!("00000000-0000-0000-0000-000000000000"),
Duration::new(5, 0),
);
let cid_f = Cid::new(
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap(),
uuid!("00000000-0000-0000-0000-000000000001"),
uuid!("00000000-0000-0000-0000-000000000001"),
Duration::new(5, 0),
);
@ -134,7 +131,7 @@ mod tests {
#[test]
fn test_cid_lamport() {
let d_uuid = Uuid::parse_str("00000000-0000-0000-0000-000000000001").unwrap();
let d_uuid = uuid!("00000000-0000-0000-0000-000000000001");
let s_uuid = d_uuid.clone();
let ts5 = Duration::new(5, 0);

2
kanidmd/lib/src/repl/entry.rs
View file

@ -130,7 +130,7 @@ impl State {
if attrs
.get(attr)
.map(|vs| vs.contains(&value))
.map(|vs| vs.contains(value))
.unwrap_or(false)
{
// Valid

26
kanidmd/lib/src/schema.rs
View file

@ -1696,37 +1696,37 @@ impl<'a> SchemaWriteTransaction<'a> {
impl<'a> SchemaTransaction for SchemaWriteTransaction<'a> {
fn get_attributes_unique(&self) -> &Vec<AttrString> {
&(*self.unique_cache)
&self.unique_cache
}
fn get_reference_types(&self) -> &HashMap<AttrString, SchemaAttribute> {
&(*self.ref_cache)
&self.ref_cache
}
fn get_classes(&self) -> &HashMap<AttrString, SchemaClass> {
&(*self.classes)
&self.classes
}
fn get_attributes(&self) -> &HashMap<AttrString, SchemaAttribute> {
&(*self.attributes)
&self.attributes
}
}
impl SchemaTransaction for SchemaReadTransaction {
fn get_attributes_unique(&self) -> &Vec<AttrString> {
&(*self.unique_cache)
&self.unique_cache
}
fn get_reference_types(&self) -> &HashMap<AttrString, SchemaAttribute> {
&(*self.ref_cache)
&self.ref_cache
}
fn get_classes(&self) -> &HashMap<AttrString, SchemaClass> {
&(*self.classes)
&self.classes
}
fn get_attributes(&self) -> &HashMap<AttrString, SchemaAttribute> {
&(*self.attributes)
&self.attributes
}
}
@ -2570,7 +2570,7 @@ mod tests {
let e_account = unsafe {
entry_init!(
("class", Value::new_class("account")),
("uuid", Value::new_uuid(Uuid::new_v4()))
("uuid", Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new()
};
@ -2602,7 +2602,7 @@ mod tests {
("class", Value::new_class("service")),
("class", Value::new_class("account")),
("class", Value::new_class("person")),
("uuid", Value::new_uuid(Uuid::new_v4()))
("uuid", Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new()
};
@ -2619,7 +2619,7 @@ mod tests {
entry_init!(
("class", Value::new_class("service")),
("class", Value::new_class("account")),
("uuid", Value::new_uuid(Uuid::new_v4()))
("uuid", Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new()
};
@ -2630,7 +2630,7 @@ mod tests {
entry_init!(
("class", Value::new_class("person")),
("class", Value::new_class("account")),
("uuid", Value::new_uuid(Uuid::new_v4()))
("uuid", Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new()
};
@ -2640,7 +2640,7 @@ mod tests {
let e_person_valid = unsafe {
entry_init!(
("class", Value::new_class("person")),
("uuid", Value::new_uuid(Uuid::new_v4()))
("uuid", Value::Uuid(Uuid::new_v4()))
)
.into_invalid_new()
};

6
kanidmd/lib/src/server/batch_modify.rs
View file

@ -52,7 +52,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
.modset
.keys()
.copied()
.map(|u| f_eq("uuid", PartialValue::new_uuid(u)))
.map(|u| f_eq("uuid", PartialValue::Uuid(u)))
.collect();
let filter = filter_all!(f_or(filter_or))
@ -299,10 +299,10 @@ mod tests {
// Now check them
let ent_a = server_txn
.internal_search_uuid(&uuid_a)
.internal_search_uuid(uuid_a)
.expect("Failed to get entry.");
let ent_b = server_txn
.internal_search_uuid(&uuid_b)
.internal_search_uuid(uuid_b)
.expect("Failed to get entry.");
assert!(ent_a.get_ava_single_utf8("description") == Some("a"));

170
kanidmd/lib/src/server/mod.rs
View file

@ -280,12 +280,10 @@ pub trait QueryServerTransaction<'a> {
// Similar to name, but where we lookup from external_id instead.
fn sync_external_id_to_uuid(&self, external_id: &str) -> Result<Option<Uuid>, OperationError> {
// Is it just a uuid?
Uuid::parse_str(external_id)
.map(|uuid| Some(uuid))
.or_else(|_| {
let lname = external_id.to_lowercase();
self.get_be_txn().externalid2uuid(lname.as_str())
})
Uuid::parse_str(external_id).map(Some).or_else(|_| {
let lname = external_id.to_lowercase();
self.get_be_txn().externalid2uuid(lname.as_str())
})
}
fn uuid_to_spn(&self, uuid: Uuid) -> Result<Option<Value>, OperationError> {
@ -391,9 +389,9 @@ pub trait QueryServerTransaction<'a> {
#[instrument(level = "debug", skip_all)]
fn internal_search_uuid(
&self,
uuid: &Uuid,
uuid: Uuid,
) -> Result<Arc<EntrySealedCommitted>, OperationError> {
let filter = filter!(f_eq("uuid", PartialValue::new_uuid(*uuid)));
let filter = filter!(f_eq("uuid", PartialValue::Uuid(uuid)));
let f_valid = filter.validate(self.get_schema()).map_err(|e| {
error!(?e, "Filter Validate - SchemaViolation");
OperationError::SchemaViolation(e)
@ -410,11 +408,11 @@ pub trait QueryServerTransaction<'a> {
#[instrument(level = "debug", skip_all)]
fn impersonate_search_ext_uuid(
&self,
uuid: &Uuid,
uuid: Uuid,
event: &Identity,
) -> Result<Entry<EntryReduced, EntryCommitted>, OperationError> {
let filter_intent = filter_all!(f_eq("uuid", PartialValue::new_uuid(*uuid)));
let filter = filter!(f_eq("uuid", PartialValue::new_uuid(*uuid)));
let filter_intent = filter_all!(f_eq("uuid", PartialValue::Uuid(uuid)));
let filter = filter!(f_eq("uuid", PartialValue::Uuid(uuid)));
let mut vs = self.impersonate_search_ext(filter, filter_intent, event)?;
match vs.pop() {
@ -426,11 +424,11 @@ pub trait QueryServerTransaction<'a> {
#[instrument(level = "debug", skip_all)]
fn impersonate_search_uuid(
&self,
uuid: &Uuid,
uuid: Uuid,
event: &Identity,
) -> Result<Arc<EntrySealedCommitted>, OperationError> {
let filter_intent = filter_all!(f_eq("uuid", PartialValue::new_uuid(*uuid)));
let filter = filter!(f_eq("uuid", PartialValue::new_uuid(*uuid)));
let filter_intent = filter_all!(f_eq("uuid", PartialValue::Uuid(uuid)));
let filter = filter!(f_eq("uuid", PartialValue::Uuid(uuid)));
let mut vs = self.impersonate_search(filter, filter_intent, event)?;
match vs.pop() {
@ -677,7 +675,7 @@ pub trait QueryServerTransaction<'a> {
/// Pull the domain name from the database
fn get_db_domain_name(&self) -> Result<String, OperationError> {
self.internal_search_uuid(&UUID_DOMAIN_INFO)
self.internal_search_uuid(UUID_DOMAIN_INFO)
.and_then(|e| {
trace!(?e);
e.get_ava_single_iname("domain_name")
@ -691,7 +689,7 @@ pub trait QueryServerTransaction<'a> {
}
fn get_domain_fernet_private_key(&self) -> Result<String, OperationError> {
self.internal_search_uuid(&UUID_DOMAIN_INFO)
self.internal_search_uuid(UUID_DOMAIN_INFO)
.and_then(|e| {
e.get_ava_single_secret("fernet_private_key_str")
.map(str::to_string)
@ -704,7 +702,7 @@ pub trait QueryServerTransaction<'a> {
}
fn get_domain_es256_private_key(&self) -> Result<Vec<u8>, OperationError> {
self.internal_search_uuid(&UUID_DOMAIN_INFO)
self.internal_search_uuid(UUID_DOMAIN_INFO)
.and_then(|e| {
e.get_ava_single_private_binary("es256_private_key_der")
.map(|s| s.to_vec())
@ -718,7 +716,7 @@ pub trait QueryServerTransaction<'a> {
// This is a helper to get password badlist.
fn get_password_badlist(&self) -> Result<HashSet<String>, OperationError> {
self.internal_search_uuid(&UUID_SYSTEM_CONFIG)
self.internal_search_uuid(UUID_SYSTEM_CONFIG)
.map(|e| match e.get_ava_iter_iutf8("badlist_password") {
Some(vs_str_iter) => vs_str_iter.map(str::to_string).collect::<HashSet<_>>(),
None => HashSet::default(),
@ -1087,7 +1085,7 @@ impl QueryServer {
// If we are "in the process of being setup" this is 0, and the migrations will have no
// effect as ... there is nothing to migrate! It allows reset of the version to 0 to force
// db migrations to take place.
let system_info_version = match migrate_txn.internal_search_uuid(&UUID_SYSTEM_INFO) {
let system_info_version = match migrate_txn.internal_search_uuid(UUID_SYSTEM_INFO) {
Ok(e) => Ok(e.get_ava_single_uint32("version").unwrap_or(0)),
Err(OperationError::NoMatchingEntries) => Ok(0),
Err(r) => Err(r),
@ -1586,13 +1584,11 @@ impl<'a> QueryServerWriteTransaction<'a> {
dm_mods
.entry(g_uuid)
.and_modify(|mlist| {
let m =
Modify::Present(AttrString::from("member"), Value::new_refer_r(&u));
let m = Modify::Present(AttrString::from("member"), Value::Refer(u));
mlist.push_mod(m);
})
.or_insert({
let m =
Modify::Present(AttrString::from("member"), Value::new_refer_r(&u));
let m = Modify::Present(AttrString::from("member"), Value::Refer(u));
ModifyList::new_list(vec![m])
});
}
@ -1651,7 +1647,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
// I think the filter/filter_all shouldn't matter here because the only
// valid direct memberships should be still valid/live references, as refint
// removes anything that was deleted even from recycled entries.
let f = filter_all!(f_eq("uuid", PartialValue::new_uuid(g)));
let f = filter_all!(f_eq("uuid", PartialValue::Uuid(g)));
self.internal_modify(&f, &mods)?;
}
@ -1702,13 +1698,11 @@ impl<'a> QueryServerWriteTransaction<'a> {
dm_mods
.entry(g_uuid)
.and_modify(|mlist| {
let m =
Modify::Present(AttrString::from("member"), Value::new_refer_r(&u));
let m = Modify::Present(AttrString::from("member"), Value::Refer(u));
mlist.push_mod(m);
})
.or_insert({
let m =
Modify::Present(AttrString::from("member"), Value::new_refer_r(&u));
let m = Modify::Present(AttrString::from("member"), Value::Refer(u));
ModifyList::new_list(vec![m])
});
}
@ -1722,7 +1716,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
for (g, mods) in dm_mods {
// I think the filter/filter_all shouldn't matter here because the only
// valid direct memberships should be still valid/live references.
let f = filter_all!(f_eq("uuid", PartialValue::new_uuid(g)));
let f = filter_all!(f_eq("uuid", PartialValue::Uuid(g)));
self.internal_modify(&f, &mods)?;
}
Ok(())
@ -2348,7 +2342,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
}
pub fn internal_delete_uuid(&mut self, target_uuid: Uuid) -> Result<(), OperationError> {
let filter = filter!(f_eq("uuid", PartialValue::new_uuid(target_uuid)));
let filter = filter!(f_eq("uuid", PartialValue::Uuid(target_uuid)));
let f_valid = filter
.validate(self.get_schema())
.map_err(OperationError::SchemaViolation)?;
@ -2377,7 +2371,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
target_uuid: Uuid,
modlist: &ModifyList<ModifyInvalid>,
) -> Result<(), OperationError> {
let filter = filter!(f_eq("uuid", PartialValue::new_uuid(target_uuid)));
let filter = filter!(f_eq("uuid", PartialValue::Uuid(target_uuid)));
let f_valid = filter
.validate(self.get_schema())
.map_err(OperationError::SchemaViolation)?;
@ -3045,7 +3039,7 @@ impl<'a> QueryServerWriteTransaction<'a> {
}
fn get_db_domain_display_name(&self) -> Result<String, OperationError> {
self.internal_search_uuid(&UUID_DOMAIN_INFO)
self.internal_search_uuid(UUID_DOMAIN_INFO)
.and_then(|e| {
trace!(?e);
e.get_ava_single_utf8("domain_display_name")
@ -3231,9 +3225,7 @@ mod tests {
async fn test_create_user(server: &QueryServer) {
let mut server_txn = server.write(duration_from_epoch_now()).await;
let filt = filter!(f_eq("name", PartialValue::new_iname("testperson")));
let admin = server_txn
.internal_search_uuid(&UUID_ADMIN)
.expect("failed");
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
let se1 = unsafe { SearchEvent::new_impersonate_entry(admin.clone(), filt.clone()) };
let se2 = unsafe { SearchEvent::new_impersonate_entry(admin, filt) };
@ -3246,7 +3238,7 @@ mod tests {
("spn", Value::new_spn_str("testperson", "example.com")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson"))
@ -3266,10 +3258,10 @@ mod tests {
// We apply some member-of in the server now, so we add these before we seal.
e.add_ava("class", Value::new_class("memberof"));
e.add_ava("memberof", Value::new_refer(UUID_IDM_ALL_PERSONS));
e.add_ava("directmemberof", Value::new_refer(UUID_IDM_ALL_PERSONS));
e.add_ava("memberof", Value::new_refer(UUID_IDM_ALL_ACCOUNTS));
e.add_ava("directmemberof", Value::new_refer(UUID_IDM_ALL_ACCOUNTS));
e.add_ava("memberof", Value::Refer(UUID_IDM_ALL_PERSONS));
e.add_ava("directmemberof", Value::Refer(UUID_IDM_ALL_PERSONS));
e.add_ava("memberof", Value::Refer(UUID_IDM_ALL_ACCOUNTS));
e.add_ava("directmemberof", Value::Refer(UUID_IDM_ALL_ACCOUNTS));
let expected = unsafe { vec![Arc::new(e.into_sealed_committed())] };
@ -3315,7 +3307,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -3327,7 +3319,7 @@ mod tests {
("name", Value::new_iname("testperson2")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63932").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63932"))
),
("description", Value::new_utf8s("testperson2")),
("displayname", Value::new_utf8s("testperson2"))
@ -3475,7 +3467,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -3547,7 +3539,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson1"))
@ -3559,7 +3551,7 @@ mod tests {
("name", Value::new_iname("testperson2")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63932").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63932"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson2"))
@ -3571,7 +3563,7 @@ mod tests {
("name", Value::new_iname("testperson3")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63933").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63933"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson3"))
@ -3591,7 +3583,7 @@ mod tests {
let de_empty = unsafe {
DeleteEvent::new_internal_invalid(filter!(f_eq(
"uuid",
PartialValue::new_uuids("cc8e95b4-c24f-4d68-ba54-000000000000").unwrap()
PartialValue::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-000000000000"))
)))
};
assert!(server_txn.delete(&de_empty).is_err());
@ -3625,9 +3617,7 @@ mod tests {
let time_p3 = time_p2 + Duration::from_secs(CHANGELOG_MAX_AGE * 2);
let mut server_txn = server.write(time_p1).await;
let admin = server_txn
.internal_search_uuid(&UUID_ADMIN)
.expect("failed");
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
let filt_i_ts = filter_all!(f_eq("class", PartialValue::new_class("tombstone")));
@ -3654,7 +3644,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("9557f49c-97a5-4277-a9a5-097d17eb8317").expect("uuid")
Value::Uuid(uuid!("9557f49c-97a5-4277-a9a5-097d17eb8317"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -3734,9 +3724,7 @@ mod tests {
let time_p2 = time_p1 + Duration::from_secs(RECYCLEBIN_MAX_AGE * 2);
let mut server_txn = server.write(time_p1).await;
let admin = server_txn
.internal_search_uuid(&UUID_ADMIN)
.expect("failed");
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
let filt_i_rc = filter_all!(f_eq("class", PartialValue::new_class("recycled")));
@ -3778,7 +3766,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -3790,7 +3778,7 @@ mod tests {
("name", Value::new_iname("testperson2")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63932").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63932"))
),
("description", Value::new_utf8s("testperson2")),
("displayname", Value::new_utf8s("testperson2"))
@ -3878,9 +3866,7 @@ mod tests {
async fn test_qs_recycle_advanced(server: &QueryServer) {
// Create items
let mut server_txn = server.write(duration_from_epoch_now()).await;
let admin = server_txn
.internal_search_uuid(&UUID_ADMIN)
.expect("failed");
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
let e1 = entry_init!(
("class", Value::new_class("object")),
@ -3888,7 +3874,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -3988,7 +3974,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -3998,18 +3984,15 @@ mod tests {
assert!(cr.is_ok());
// Name doesn't exist
let r1 = server_txn
.uuid_to_spn(Uuid::parse_str("bae3f507-e6c3-44ba-ad01-f8ff1083534a").unwrap());
let r1 = server_txn.uuid_to_spn(uuid!("bae3f507-e6c3-44ba-ad01-f8ff1083534a"));
// There is nothing.
assert!(r1 == Ok(None));
// Name does exist
let r3 = server_txn
.uuid_to_spn(Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap());
let r3 = server_txn.uuid_to_spn(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"));
println!("{:?}", r3);
assert!(r3.unwrap().unwrap() == Value::new_spn_str("testperson1", "example.com"));
// Name is not syntax normalised (but exists)
let r4 = server_txn
.uuid_to_spn(Uuid::parse_str("CC8E95B4-C24F-4D68-BA54-8BED76F63930").unwrap());
let r4 = server_txn.uuid_to_spn(uuid!("CC8E95B4-C24F-4D68-BA54-8BED76F63930"));
assert!(r4.unwrap().unwrap() == Value::new_spn_str("testperson1", "example.com"));
}
@ -4024,7 +4007,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson")),
("displayname", Value::new_utf8s("testperson1"))
@ -4034,18 +4017,15 @@ mod tests {
assert!(cr.is_ok());
// Name doesn't exist
let r1 = server_txn
.uuid_to_rdn(Uuid::parse_str("bae3f507-e6c3-44ba-ad01-f8ff1083534a").unwrap());
let r1 = server_txn.uuid_to_rdn(uuid!("bae3f507-e6c3-44ba-ad01-f8ff1083534a"));
// There is nothing.
assert!(r1.unwrap() == "uuid=bae3f507-e6c3-44ba-ad01-f8ff1083534a");
// Name does exist
let r3 = server_txn
.uuid_to_rdn(Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap());
let r3 = server_txn.uuid_to_rdn(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"));
println!("{:?}", r3);
assert!(r3.unwrap() == "spn=testperson1@example.com");
// Uuid is not syntax normalised (but exists)
let r4 = server_txn
.uuid_to_rdn(Uuid::parse_str("CC8E95B4-C24F-4D68-BA54-8BED76F63930").unwrap());
let r4 = server_txn.uuid_to_rdn(uuid!("CC8E95B4-C24F-4D68-BA54-8BED76F63930"));
assert!(r4.unwrap() == "spn=testperson1@example.com");
}
@ -4060,13 +4040,13 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
);
let tuuid = Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap();
let tuuid = uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930");
let ce = CreateEvent::new_internal(vec![e1]);
let cr = server_txn.create(&ce);
@ -4101,9 +4081,7 @@ mod tests {
assert!(server_txn.name_to_uuid("testperson1").is_err());
// revive
let admin = server_txn
.internal_search_uuid(&UUID_ADMIN)
.expect("failed");
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
let rre_rc = unsafe {
ReviveRecycledEvent::new_impersonate_entry(
admin,
@ -4133,7 +4111,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -4156,7 +4134,7 @@ mod tests {
// test attr reference
let r3 = server_txn.clone_value(&"member".to_string(), &"testperson1".to_string());
assert!(r3 == Ok(Value::new_refer_s("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap()));
assert!(r3 == Ok(Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))));
// test attr reference already resolved.
let r4 = server_txn.clone_value(
@ -4165,7 +4143,7 @@ mod tests {
);
debug!("{:?}", r4);
assert!(r4 == Ok(Value::new_refer_s("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap()));
assert!(r4 == Ok(Value::Refer(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))));
}
#[qs_test]
@ -4176,7 +4154,7 @@ mod tests {
("name", Value::new_iname("testobj1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
)
);
@ -4187,7 +4165,7 @@ mod tests {
("classname", Value::new_iutf8("testclass")),
(
"uuid",
Value::new_uuids("cfcae205-31c3-484b-8ced-667d1709c5e3").expect("uuid")
Value::Uuid(uuid!("cfcae205-31c3-484b-8ced-667d1709c5e3"))
),
("description", Value::new_utf8s("Test Class")),
("may", Value::new_iutf8("name"))
@ -4233,7 +4211,7 @@ mod tests {
assert!(server_txn.create(&ce_fail).is_err());
// Search our entry
let testobj1 = server_txn
.internal_search_uuid(&Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap())
.internal_search_uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
.expect("failed");
assert!(testobj1.attribute_equality("class", &PartialValue::new_class("testclass")));
@ -4250,7 +4228,7 @@ mod tests {
("name", Value::new_iname("testobj1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("testattr", Value::new_utf8s("test"))
);
@ -4261,7 +4239,7 @@ mod tests {
("class", Value::new_class("attributetype")),
(
"uuid",
Value::new_uuids("cfcae205-31c3-484b-8ced-667d1709c5e3").expect("uuid")
Value::Uuid(uuid!("cfcae205-31c3-484b-8ced-667d1709c5e3"))
),
("attributename", Value::new_iutf8("testattr")),
("description", Value::new_utf8s("Test Attribute")),
@ -4315,7 +4293,7 @@ mod tests {
// Search the entry - the attribute will still be present
// even if we can't search on it.
let testobj1 = server_txn
.internal_search_uuid(&Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap())
.internal_search_uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
.expect("failed");
assert!(testobj1.attribute_equality("testattr", &PartialValue::new_utf8s("test")));
@ -4332,7 +4310,7 @@ mod tests {
("name", Value::new_iname("testperson1")),
(
"uuid",
Value::new_uuids("cc8e95b4-c24f-4d68-ba54-8bed76f63930").expect("uuid")
Value::Uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
),
("description", Value::new_utf8s("testperson1")),
("displayname", Value::new_utf8s("testperson1"))
@ -4365,7 +4343,7 @@ mod tests {
// assert it exists and the password checks out
let test_ent = server_txn
.internal_search_uuid(&Uuid::parse_str("cc8e95b4-c24f-4d68-ba54-8bed76f63930").unwrap())
.internal_search_uuid(uuid!("cc8e95b4-c24f-4d68-ba54-8bed76f63930"))
.expect("failed");
// get the primary ava
let cred_ref = test_ent
@ -4380,7 +4358,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("person")),
("name", Value::new_iname(name)),
("uuid", Value::new_uuids(uuid).expect("uuid")),
("uuid", Value::new_uuid_s(uuid).expect("uuid")),
("description", Value::new_utf8s("testperson-entry")),
("displayname", Value::new_utf8s(name))
)
@ -4391,7 +4369,7 @@ mod tests {
("class", Value::new_class("object")),
("class", Value::new_class("group")),
("name", Value::new_iname(name)),
("uuid", Value::new_uuids(uuid).expect("uuid")),
("uuid", Value::new_uuid_s(uuid).expect("uuid")),
("description", Value::new_utf8s("testgroup-entry"))
);
members
@ -4414,9 +4392,7 @@ mod tests {
async fn test_revive_advanced_directmemberships(server: &QueryServer) {
// Create items
let mut server_txn = server.write(duration_from_epoch_now()).await;
let admin = server_txn
.internal_search_uuid(&UUID_ADMIN)
.expect("failed");
let admin = server_txn.internal_search_uuid(UUID_ADMIN).expect("failed");
// Right need a user in a direct group.
let u1 = create_user("u1", "22b47373-d123-421f-859e-9ddd8ab14a2a");
@ -4597,7 +4573,7 @@ mod tests {
// ++ Mod domain name and name to be the old type.
let me_dn = unsafe {
ModifyEvent::new_internal_invalid(
filter!(f_eq("uuid", PartialValue::new_uuid(UUID_DOMAIN_INFO))),
filter!(f_eq("uuid", PartialValue::Uuid(UUID_DOMAIN_INFO))),
ModifyList::new_list(vec![
Modify::Purged(AttrString::from("name")),
Modify::Purged(AttrString::from("domain_name")),
@ -4648,7 +4624,7 @@ mod tests {
// Assert that it migrated and worked as expected.
let server_txn = server.write(duration_from_epoch_now()).await;
let domain = server_txn
.internal_search_uuid(&UUID_DOMAIN_INFO)
.internal_search_uuid(UUID_DOMAIN_INFO)
.expect("failed");
// ++ assert all names are iname
assert!(

13
kanidmd/lib/src/utils.rs
View file

@ -15,9 +15,9 @@ use rand::{thread_rng, Rng};
use touch::file as touch_file;
// #[cfg(target_os = "windows")]
// use std::os::windows::fs::MetadataExt;
use crate::prelude::*;
#[cfg(target_family = "unix")]
use users::{get_current_gid, get_current_uid};
use uuid::{Builder, Uuid};
#[derive(Debug)]
pub struct DistinctAlpha;
@ -38,7 +38,7 @@ fn uuid_from_u64_u32(a: u64, b: u32, sid: Sid) -> Uuid {
v.extend_from_slice(&sid);
#[allow(clippy::expect_used)]
Builder::from_slice(v.as_slice())
uuid::Builder::from_slice(v.as_slice())
.expect("invalid slice for uuid builder")
.into_uuid()
}
@ -185,10 +185,9 @@ pub fn file_permissions_readonly(meta: &Metadata) -> bool {
#[cfg(test)]
mod tests {
use crate::prelude::*;
use std::time::Duration;
use uuid::Uuid;
use crate::utils::{uuid_from_duration, uuid_to_gid_u32};
#[test]
@ -208,15 +207,15 @@ mod tests {
#[test]
fn test_utils_uuid_to_gid_u32() {
let u1 = Uuid::parse_str("00000000-0000-0001-0000-000000000000").unwrap();
let u1 = uuid!("00000000-0000-0001-0000-000000000000");
let r1 = uuid_to_gid_u32(u1);
assert!(r1 == 0);
let u2 = Uuid::parse_str("00000000-0000-0001-0000-0000ffffffff").unwrap();
let u2 = uuid!("00000000-0000-0001-0000-0000ffffffff");
let r2 = uuid_to_gid_u32(u2);
assert!(r2 == 0xffffffff);
let u3 = Uuid::parse_str("00000000-0000-0001-0000-ffff12345678").unwrap();
let u3 = uuid!("00000000-0000-0001-0000-ffff12345678");
let r3 = uuid_to_gid_u32(u3);
assert!(r3 == 0x12345678);
}

82
kanidmd/lib/src/value.rs
View file

@ -423,11 +423,7 @@ impl PartialValue {
matches!(self, PartialValue::Bool(_))
}
pub fn new_uuid(u: Uuid) -> Self {
PartialValue::Uuid(u)
}
pub fn new_uuids(us: &str) -> Option<Self> {
pub fn new_uuid_s(us: &str) -> Option<Self> {
Uuid::parse_str(us).map(PartialValue::Uuid).ok()
}
@ -435,14 +431,6 @@ impl PartialValue {
matches!(self, PartialValue::Uuid(_))
}
pub fn new_refer(u: Uuid) -> Self {
PartialValue::Refer(u)
}
pub fn new_refer_r(u: &Uuid) -> Self {
PartialValue::Refer(*u)
}
pub fn new_refer_s(us: &str) -> Option<Self> {
match Uuid::parse_str(us) {
Ok(u) => Some(PartialValue::Refer(u)),
@ -970,11 +958,7 @@ impl Value {
matches!(self, Value::Iname(_))
}
pub fn new_uuid(u: Uuid) -> Self {
Value::Uuid(u)
}
pub fn new_uuids(s: &str) -> Option<Self> {
pub fn new_uuid_s(s: &str) -> Option<Self> {
Uuid::parse_str(s).map(Value::Uuid).ok()
}
@ -1020,14 +1004,6 @@ impl Value {
matches!(self, Value::Index(_))
}
pub fn new_refer(u: Uuid) -> Self {
Value::Refer(u)
}
pub fn new_refer_r(u: &Uuid) -> Self {
Value::Refer(*u)
}
pub fn new_refer_s(us: &str) -> Option<Self> {
Uuid::parse_str(us).map(Value::Refer).ok()
}
@ -1807,58 +1783,4 @@ mod tests {
assert!(val2.is_some());
assert!(val3.is_some());
}
/*
#[test]
fn test_schema_syntax_json_filter() {
let sa = SchemaAttribute {
name: String::from("acp_receiver"),
uuid: Uuid::parse_str(UUID_SCHEMA_ATTR_ACP_RECEIVER)
.expect("unable to parse const uuid"),
description: String::from(
"Who the ACP applies to, constraining or allowing operations.",
),
multivalue: false,
index: vec![IndexType::Equality, IndexType::SubString],
syntax: SyntaxType::JSON_FILTER,
};
// Outright wrong
let r1 = sa.validate_json_filter(&String::from("Whargarble lol not a filter"));
assert!(r1.is_err());
// Json error
let r2 = sa.validate_json_filter(&String::from(
"{\"And\":[{\"Eq\":[\"a\",\"a\"]},\"Self\",]}",
));
assert!(r2.is_err());
// Invalid keyword
let r3 = sa.validate_json_filter(&String::from(
"{\"And\":[{\"Nalf\":[\"a\",\"a\"]},\"Self\"]}",
));
assert!(r3.is_err());
// valid
let r4 = sa.validate_json_filter(&String::from("{\"Or\":[{\"Eq\":[\"a\",\"a\"]}]}"));
assert!(r4.is_ok());
// valid with self keyword
let r5 =
sa.validate_json_filter(&String::from("{\"And\":[{\"Eq\":[\"a\",\"a\"]},\"Self\"]}"));
assert!(r5.is_ok());
}
#[test]
fn test_schema_normalise_uuid() {
let sa = SchemaAttribute {
name: String::from("uuid"),
uuid: Uuid::parse_str(UUID_SCHEMA_ATTR_UUID).expect("unable to parse const uuid"),
description: String::from("The universal unique id of the object"),
multivalue: false,
index: vec![IndexType::Equality],
syntax: SyntaxType::UUID,
};
let u1 = String::from("936DA01F9ABD4d9d80C702AF85C822A8");
let un1 = sa.normalise_value(&u1);
assert_eq!(un1, "936da01f-9abd-4d9d-80c7-02af85c822a8");
}
*/
}

3
kanidmd/lib/src/valueset/mod.rs
View file

@ -671,7 +671,8 @@ pub fn from_db_valueset_v2(dbvs: DbValueSetV2) -> Result<ValueSet, OperationErro
DbValueSetV2::JwsKeyRs256(set) => ValueSetJwsKeyEs256::from_dbvs2(&set),
DbValueSetV2::UiHint(set) => ValueSetUiHint::from_dbvs2(set),
DbValueSetV2::PhoneNumber(_, _) | DbValueSetV2::TrustedDeviceEnrollment(_) => {
todo!()
debug_assert!(false);
Err(OperationError::InvalidValueState)
}
}
}

2
kanidmd/lib/src/valueset/session.rs
View file

@ -505,7 +505,7 @@ impl ValueSetT for ValueSetOauth2Session {
b.iter().for_each(|(k, v)| {
if !self.map.contains_key(k) {
self.rs_filter.insert(v.rs_uuid);
self.map.insert(k.clone(), v.clone());
self.map.insert(*k, v.clone());
}
});
Ok(())

6
kanidmd/lib/src/valueset/uihint.rs
View file

@ -53,7 +53,7 @@ impl ValueSetT for ValueSetUiHint {
fn contains(&self, pv: &PartialValue) -> bool {
match pv {
PartialValue::UiHint(s) => self.set.contains(&s),
PartialValue::UiHint(s) => self.set.contains(s),
_ => false,
}
}
@ -91,11 +91,11 @@ impl ValueSetT for ValueSetUiHint {
}
fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
Box::new(self.set.iter().copied().map(|i| PartialValue::UiHint(i)))
Box::new(self.set.iter().copied().map(PartialValue::UiHint))
}
fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
Box::new(self.set.iter().copied().map(|i| Value::UiHint(i)))
Box::new(self.set.iter().copied().map(Value::UiHint))
}
fn equal(&self, other: &ValueSet) -> bool {

8
kanidmd/lib/src/valueset/uuid.rs
View file

@ -107,11 +107,11 @@ impl ValueSetT for ValueSetUuid {
}
fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
Box::new(self.set.iter().copied().map(PartialValue::new_uuid))
Box::new(self.set.iter().copied().map(PartialValue::Uuid))
}
fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
Box::new(self.set.iter().copied().map(Value::new_uuid))
Box::new(self.set.iter().copied().map(Value::Uuid))
}
fn equal(&self, other: &ValueSet) -> bool {
@ -256,11 +256,11 @@ impl ValueSetT for ValueSetRefer {
}
fn to_partialvalue_iter(&self) -> Box<dyn Iterator<Item = PartialValue> + '_> {
Box::new(self.set.iter().copied().map(PartialValue::new_refer))
Box::new(self.set.iter().copied().map(PartialValue::Refer))
}
fn to_value_iter(&self) -> Box<dyn Iterator<Item = Value> + '_> {
Box::new(self.set.iter().copied().map(Value::new_refer))
Box::new(self.set.iter().copied().map(Value::Refer))
}
fn equal(&self, other: &ValueSet) -> bool {

1
kanidmd/testkit/tests/proto_v1_test.rs
View file

@ -1161,6 +1161,7 @@ async fn test_server_credential_update_session_passkey(rsclient: KanidmClient) {
let pkc = wa
.do_authentication(rsclient.get_origin().clone(), res)
.map(Box::new)
.expect("Failed to authentication with soft passkey");
let res = rsclient.auth_passkey_complete(pkc).await;

9
kanidmd_web_ui/src/components/admin_oauth2.rs
View file

@ -225,10 +225,11 @@ impl Component for AdminListOAuth2 {
// TODO: do we paginate here?
#[cfg(debug_assertions)]
for key in response.keys() {
console::log!(
"response: {:?}",
serde_json::to_string(response.get(key).unwrap()).unwrap()
);
let j = response
.get(key)
.and_then(|k| serde_json::to_string(k).ok())
.unwrap_or_else(|| "Failed to dump response key".to_string());
console::log!("response: {}", j);
}
self.state = ListViewState::Responded { response };
return true;

7
kanidmd_web_ui/src/components/change_unix_password.rs
View file

@ -120,10 +120,9 @@ impl Component for ChangeUnixPassword {
true
}
Msg::PasswordCheck => {
let pw = utils::get_value_from_element_id("password_input")
.unwrap_or_else(|| "".to_string());
let check = utils::get_value_from_element_id("password_repeat_input")
.unwrap_or_else(|| "".to_string());
let pw = utils::get_value_from_element_id("password_input").unwrap_or_default();
let check =
utils::get_value_from_element_id("password_repeat_input").unwrap_or_default();
if pw == check {
self.pw_check = PwCheck::Valid

3
kanidmd_web_ui/src/credential/passkey.rs
View file

@ -133,7 +133,8 @@ impl Component for PasskeyModalApp {
match msg {
Msg::LabelCheck => {
let label = utils::get_value_from_element_id("passkey-label")
.unwrap_or_else(|| "".to_string());
// Default is empty string.
.unwrap_or_default();
self.label_val = label;
}

11
kanidmd_web_ui/src/credential/pwmodal.rs
View file

@ -136,10 +136,9 @@ impl Component for PwModalApp {
console::debug!("pw modal::update");
match msg {
Msg::PasswordCheck => {
let pw =
utils::get_value_from_element_id("password").unwrap_or_else(|| "".to_string());
let check = utils::get_value_from_element_id("password-check")
.unwrap_or_else(|| "".to_string());
// default is empty string
let pw = utils::get_value_from_element_id("password").unwrap_or_default();
let check = utils::get_value_from_element_id("password-check").unwrap_or_default();
if pw == check {
self.pw_check = PwCheck::Valid
@ -156,8 +155,8 @@ impl Component for PwModalApp {
Msg::PasswordSubmit => {
self.state = PwState::Waiting;
let pw =
utils::get_value_from_element_id("password").unwrap_or_else(|| "".to_string());
// default is empty string
let pw = utils::get_value_from_element_id("password").unwrap_or_default();
let token_c = ctx.props().token.clone();
ctx.link().send_future(async {

4
kanidmd_web_ui/src/credential/totpmodal.rs
View file

@ -159,8 +159,8 @@ impl Component for TotpModalApp {
}
Msg::TotpSubmit => {
// Send off the submit, lock the form.
let totp =
utils::get_value_from_element_id("totp").unwrap_or_else(|| "".to_string());
// default is empty str
let totp = utils::get_value_from_element_id("totp").unwrap_or_default();
match totp.trim().parse::<u32>() {
Ok(totp) => {

8
kanidmd_web_ui/src/login.rs
View file

@ -116,7 +116,7 @@ impl LoginApp {
.get("x-kanidm-auth-session-id")
.ok()
.flatten()
.unwrap_or_else(|| "".to_string());
.unwrap_or_default();
let jsval = JsFuture::from(resp.json()?).await?;
let state: AuthResponse = serde_wasm_bindgen::from_value(jsval)
.expect_throw("Invalid response type - auth_init::AuthResponse");
@ -553,7 +553,7 @@ impl Component for LoginApp {
// -- clear the bearer to prevent conflict
models::clear_bearer_token();
// Do we have a login hint?
let inputvalue = models::pop_login_hint().unwrap_or_else(|| "".to_string());
let inputvalue = models::pop_login_hint().unwrap_or_default();
#[cfg(debug_assertions)]
{
@ -682,7 +682,7 @@ impl Component for LoginApp {
#[cfg(debug_assertions)]
console::debug!("At securitykey step".to_string());
let authreq = AuthRequest {
step: AuthStep::Cred(AuthCredential::SecurityKey(resp)),
step: AuthStep::Cred(AuthCredential::SecurityKey(Box::new(resp))),
};
let session_id = self.session_id.clone();
ctx.link().send_future(async {
@ -698,7 +698,7 @@ impl Component for LoginApp {
#[cfg(debug_assertions)]
console::debug!("At passkey step".to_string());
let authreq = AuthRequest {
step: AuthStep::Cred(AuthCredential::Passkey(resp)),
step: AuthStep::Cred(AuthCredential::Passkey(Box::new(resp))),
};
let session_id = self.session_id.clone();
ctx.link().send_future(async {

2
kanidmd_web_ui/src/views/apps.rs
View file

@ -82,7 +82,7 @@ impl Component for AppsApp {
match &self.state {
State::Waiting => self.view_waiting(),
State::Ready { apps } => self.view_ready(ctx, apps.as_slice()),
State::Error { emsg, kopid } => self.view_error(ctx, &emsg, kopid.as_deref()),
State::Error { emsg, kopid } => self.view_error(ctx, emsg, kopid.as_deref()),
}
}
}