Cleaned up and made compiler happy

2025-05-25 18:33:55 +02:00 · 2025-02-09 18:48:21 +11:00 · 2025-02-09 18:48:21 +11:00 · b2574204e8
parent d88005a1c6
commit b2574204e8
3 changed files with 7 additions and 9 deletions
--- a/server/core/src/actors/v1_read.rs
+++ b/server/core/src/actors/v1_read.rs
@ -1521,7 +1521,7 @@ impl QueryServerReadV1 {
        resource_id: String,
        eventid: Uuid,
    ) -> Result<OidcWebfingerResponse, OperationError> {
-        let idms_prox_read = self.idms.proxy_read().await?;
+        let mut idms_prox_read = self.idms.proxy_read().await?;
        idms_prox_read.oauth2_openid_webfinger_discovery(&client_id, &resource_id)
    }

--- a/server/core/src/https/oauth2.rs
+++ b/server/core/src/https/oauth2.rs
@ -547,9 +547,9 @@ pub async fn oauth2_openid_webfinger_get(
    // Query(rel): Query<Vec<String>>,
    Extension(kopid): Extension<KOpId>,
 ) -> impl IntoResponse {
-    let cleaned_resource = match resource {
+    let cleaned_resource = match &resource {
        s if s.starts_with("acct:") => s[5..].to_string(),
-        s => s,
+        s => s.clone(),
    };

    let res = state
@ -558,7 +558,7 @@ pub async fn oauth2_openid_webfinger_get(
        .await;

    match res {
-        Ok(dsc) => (
+        Ok(mut dsc) => (
            StatusCode::OK,
            [
                (ACCESS_CONTROL_ALLOW_ORIGIN, "*"),
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@ -2744,7 +2744,7 @@ impl IdmServerProxyReadTransaction<'_> {

    #[instrument(level = "debug", skip_all)]
    pub fn oauth2_openid_webfinger_discovery(
-        &self,
+        &mut self,
        client_id: &str,
        resource_id: &str,
    ) -> Result<OidcWebfingerResponse, OperationError> {
@ -2759,12 +2759,10 @@ impl IdmServerProxyReadTransaction<'_> {
            return Err(OperationError::NoMatchingEntries);
        };

-        // Ensure that the account exists. If we consider account's spn privileged information
-        // We can shortcut this step and always return valid. This means it will seem like every user exits
-        // However it will fail at logon. I don't think leaking spn's is a problem however
+        // Ensure that the account exists.
        if !self
            .qs_read
-            .internal_exists(Filter::new(f_eq(Attribute::Spn, spn)))
+            .internal_exists(Filter::new(f_eq(Attribute::Spn, spn)))?
        {
            return Err(OperationError::NoMatchingEntries);
        }