deploy: 6c67041fda

docs/master/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/master/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/master/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/master/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/master/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/master/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/pykanidm/sitemap.xml

@@ -2,27 +2,27 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>None</loc>
-         <lastmod>2022-10-17</lastmod>
+         <lastmod>2022-10-18</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-10-17</lastmod>
+         <lastmod>2022-10-18</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-10-17</lastmod>
+         <lastmod>2022-10-18</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-10-17</lastmod>
+         <lastmod>2022-10-18</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>None</loc>
-         <lastmod>2022-10-17</lastmod>
+         <lastmod>2022-10-18</lastmod>
          <changefreq>daily</changefreq>
     </url>
 </urlset>

docs/stable/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/stable/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/stable/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/stable/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/stable/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/stable/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0-rc10/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0-rc10/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0-rc10/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0-rc10/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0-rc10/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0-rc10/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc1/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc1/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc1/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc1/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc1/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc1/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc10/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc10/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc10/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc10/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc10/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc10/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc11/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc11/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc11/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc11/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc11/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc11/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc2/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc2/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc2/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc2/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc2/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc2/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc3/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc3/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc3/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc3/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc3/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc3/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc7/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc7/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc7/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc7/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc7/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc7/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc8/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc8/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc8/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc8/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc8/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc8/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.0.0rc9/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.0.0rc9/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.0.0rc9/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.0.0rc9/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.0.0rc9/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.0.0rc9/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.1.0-alpha.2/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.1.0-alpha.2/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.1.0-alpha.2/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.1.0-alpha.2/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.1.0-alpha.2/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.1.0-alpha.2/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.1.0-alpha.3/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.1.0-alpha.3/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.1.0-alpha.3/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.1.0-alpha.3/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.1.0-alpha.3/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.1.0-alpha.3/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {

docs/v1.1.0-alpha.4/rustdoc/kanidmd_lib/idm/server/index.html

@@ -1,3 +1,3 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3830">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="generator" content="rustdoc"><meta name="description" content="API documentation for the Rust `server` mod in crate `kanidmd_lib`."><meta name="keywords" content="rust, rustlang, rust-lang, server"><title>kanidmd_lib::idm::server - Rust</title><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Regular.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../FiraSans-Medium.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Regular.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceSerif4-Bold.ttf.woff2"><link rel="preload" as="font" type="font/woff2" crossorigin href="../../../SourceCodePro-Semibold.ttf.woff2"><link rel="stylesheet" type="text/css" href="../../../normalize.css"><link rel="stylesheet" type="text/css" href="../../../rustdoc.css" id="mainThemeStyle"><link rel="stylesheet" type="text/css" href="../../../ayu.css" disabled><link rel="stylesheet" type="text/css" href="../../../dark.css" disabled><link rel="stylesheet" type="text/css" href="../../../light.css" id="themeStyle"><script id="default-settings" ></script><script src="../../../storage.js"></script><script defer src="../../../main.js"></script><noscript><link rel="stylesheet" href="../../../noscript.css"></noscript><link rel="alternate icon" type="image/png" href="../../../favicon-16x16.png"><link rel="alternate icon" type="image/png" href="../../../favicon-32x32.png"><link rel="icon" type="image/svg+xml" href="../../../favicon.svg"></head><body class="rustdoc mod"><!--[if lte IE 11]><div class="warning">This old browser is unsupported and will most likely display funky things.</div><![endif]--><nav class="mobile-topbar"><button class="sidebar-menu-toggle">&#9776;</button><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"></h2></nav><nav class="sidebar"><a class="sidebar-logo" href="../../../kanidmd_lib/index.html"><div class="logo-container"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></div></a><h2 class="location"><a href="#">Module server</a></h2><div class="sidebar-elems"><section><div class="block"><ul><li><a href="#structs">Structs</a></li><li><a href="#enums">Enums</a></li><li><a href="#traits">Traits</a></li></ul></div></section></div></nav><main><div class="width-limiter"><div class="sub-container"><a class="sub-logo-container" href="../../../kanidmd_lib/index.html"><img class="rust-logo" src="../../../rust-logo.svg" alt="logo"></a><nav class="sub"><form class="search-form"><div class="search-container"><span></span><input class="search-input" name="search" autocomplete="off" spellcheck="false" placeholder="Click or press ‘S’ to search, ‘?’ for more options…" type="search"><div id="help-button" title="help" tabindex="-1"><button type="button">?</button></div><div id="settings-menu" tabindex="-1"><a href="../../../settings.html" title="settings"><img width="22" height="22" alt="Change settings" src="../../../wheel.svg"></a></div></div></form></nav></div><section id="main-content" class="content"><div class="main-heading"><h1 class="fqn"><span class="in-band">Module <a href="../../index.html">kanidmd_lib</a>::<wbr><a href="../index.html">idm</a>::<wbr><a class="mod" href="#">server</a><button id="copy-path" onclick="copy_path(this)" title="Copy item path to clipboard"><img src="../../../clipboard.svg" width="19" height="18" alt="Copy item path"></button></span></h1><span class="out-of-band"><a class="srclink" href="../../../src/kanidmd_lib/idm/server.rs.html#1-3838">source</a> · <a id="toggle-all-docs" href="javascript:void(0)" title="collapse all docs">[<span class="inner">&#x2212;</span>]</a></span></div><h2 id="structs" class="small-section-header"><a href="#structs">Structs</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServer.html" title="kanidmd_lib::idm::server::IdmServer struct">IdmServer</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerAuthTransaction.html" title="kanidmd_lib::idm::server::IdmServerAuthTransaction struct">IdmServerAuthTransaction</a></div><div class="item-right docblock-short"><p>Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerCredUpdateTransaction.html" title="kanidmd_lib::idm::server::IdmServerCredUpdateTransaction struct">IdmServerCredUpdateTransaction</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerDelayed.html" title="kanidmd_lib::idm::server::IdmServerDelayed struct">IdmServerDelayed</a></div><div class="item-right docblock-short"></div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyReadTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyReadTransaction struct">IdmServerProxyReadTransaction</a></div><div class="item-right docblock-short"><p>This contains read-only methods, like getting users, groups and other structured content.</p>
 </div></div><div class="item-row"><div class="item-left module-item"><a class="struct" href="struct.IdmServerProxyWriteTransaction.html" title="kanidmd_lib::idm::server::IdmServerProxyWriteTransaction struct">IdmServerProxyWriteTransaction</a></div><div class="item-right docblock-short"></div></div></div><h2 id="enums" class="small-section-header"><a href="#enums">Enums</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="enum" href="enum.Token.html" title="kanidmd_lib::idm::server::Token enum">Token</a></div><div class="item-right docblock-short"></div></div></div><h2 id="traits" class="small-section-header"><a href="#traits">Traits</a></h2><div class="item-table"><div class="item-row"><div class="item-left module-item"><a class="trait" href="trait.IdmServerTransaction.html" title="kanidmd_lib::idm::server::IdmServerTransaction trait">IdmServerTransaction</a></div><div class="item-right docblock-short"></div></div></div></section></div></main><div id="rustdoc-vars" data-root-path="../../../" data-current-crate="kanidmd_lib" data-themes="ayu,dark,light" data-resource-suffix="" data-rustdoc-version="1.64.0 (a55dd71d5 2022-09-19)" ></div></body></html>

docs/v1.1.0-alpha.4/rustdoc/src/kanidmd_core/https/oauth2.rs.html

@@ -712,6 +712,11 @@
 <span id="712">712</span>
 <span id="713">713</span>
 <span id="714">714</span>
+<span id="715">715</span>
+<span id="716">716</span>
+<span id="717">717</span>
+<span id="718">718</span>
+<span id="719">719</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">kanidm_proto::oauth2::AuthorisationResponse</span>;
 <span class="kw">use</span> <span class="ident">kanidm_proto::v1::Entry</span> <span class="kw">as</span> <span class="ident">ProtoEntry</span>;
 <span class="kw">use</span> <span class="ident">kanidmd_lib::idm::oauth2</span>::{
@@ -1042,6 +1047,11 @@
             <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;WWW-Authenticate&quot;</span>, <span class="string">&quot;Bearer&quot;</span>);
             <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
         }
+        <span class="prelude-val">Err</span>(<span class="ident">Oauth2Error::AccessDenied</span>) =&gt; {
+            <span class="comment">// If scopes are not available for this account.</span>
+            <span class="kw">let</span> <span class="ident">res</span> <span class="op">=</span> <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::Forbidden</span>);
+            <span class="prelude-val">Ok</span>(<span class="ident">res</span>)
+        }
         <span class="comment">/*
         RFC - If the request fails due to a missing, invalid, or mismatching
               redirection URI, or if the client identifier is missing or invalid,
@@ -1142,7 +1152,7 @@
             <span class="comment">// Turns out this instinct was correct:</span>
             <span class="comment">//  https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection</span>
             <span class="comment">// Possible to use this with a malicious client configuration to phish / spam.</span>
-            <span class="ident">tide::Response::new</span>(<span class="number">500</span>)
+            <span class="ident">tide::Response::new</span>(<span class="ident">tide::StatusCode::InternalServerError</span>)
         }
     };
     <span class="ident">res</span>.<span class="ident">insert_header</span>(<span class="string">&quot;X-KANIDM-OPID&quot;</span>, <span class="ident">hvalue</span>);

docs/v1.1.0-alpha.4/rustdoc/src/kanidmd_core/ldaps.rs.html

@@ -363,15 +363,15 @@
     <span class="kw">if</span> <span class="ident">address</span>.<span class="ident">starts_with</span>(<span class="string">&quot;:::&quot;</span>) {
         <span class="comment">// takes :::xxxx to xxxx</span>
         <span class="kw">let</span> <span class="ident">port</span> <span class="op">=</span> <span class="ident">address</span>.<span class="ident">replacen</span>(<span class="string">&quot;:::&quot;</span>, <span class="string">&quot;&quot;</span>, <span class="number">1</span>);
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Address &#39;{}&#39; looks like an attempt to wildcard bind with IPv6 on port {} - please try using ldapbindaddress = &#39;[::]:{}&#39;&quot;</span>, <span class="ident">address</span>, <span class="ident">port</span>, <span class="ident">port</span>);
     };
 
     <span class="kw">let</span> <span class="ident">addr</span> <span class="op">=</span> <span class="ident">net::SocketAddr::from_str</span>(<span class="ident">address</span>).<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
+        <span class="macro">error!</span>(<span class="string">&quot;Could not parse LDAP server address {} -&gt; {:?}&quot;</span>, <span class="ident">address</span>, <span class="ident">e</span>);
     })<span class="question-mark">?</span>;
 
     <span class="kw">let</span> <span class="ident">listener</span> <span class="op">=</span> <span class="ident">TcpListener::bind</span>(<span class="kw-2">&amp;</span><span class="ident">addr</span>).<span class="kw">await</span>.<span class="ident">map_err</span>(<span class="op">|</span><span class="ident">e</span><span class="op">|</span> {
-        <span class="macro">eprintln!</span>(
+        <span class="macro">error!</span>(
             <span class="string">&quot;Could not bind to LDAP server address {} -&gt; {:?}&quot;</span>,
             <span class="ident">address</span>, <span class="ident">e</span>
         );
@@ -379,12 +379,12 @@
 
     <span class="kw">match</span> <span class="ident">opt_tls_params</span> {
         <span class="prelude-val">Some</span>(<span class="ident">tls_params</span>) =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
+            <span class="macro">info!</span>(<span class="string">&quot;Starting LDAPS interface ldaps://{} ...&quot;</span>, <span class="ident">address</span>);
             <span class="kw">let</span> <span class="ident">tls_parms</span> <span class="op">=</span> <span class="ident">tls_params</span>.<span class="ident">build</span>();
             <span class="ident">tokio::spawn</span>(<span class="ident">tls_acceptor</span>(<span class="ident">listener</span>, <span class="ident">tls_parms</span>, <span class="ident">qe_r_ref</span>));
         }
         <span class="prelude-val">None</span> =&gt; {
-            <span class="macro">eprintln!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
+            <span class="macro">error!</span>(<span class="string">&quot;The server won&#39;t run without TLS!&quot;</span>);
             <span class="kw">return</span> <span class="prelude-val">Err</span>(());
         }
     }

docs/v1.1.0-alpha.4/rustdoc/src/kanidmd_lib/idm/server.rs.html

@@ -3828,6 +3828,14 @@
 <span id="3828">3828</span>
 <span id="3829">3829</span>
 <span id="3830">3830</span>
+<span id="3831">3831</span>
+<span id="3832">3832</span>
+<span id="3833">3833</span>
+<span id="3834">3834</span>
+<span id="3835">3835</span>
+<span id="3836">3836</span>
+<span id="3837">3837</span>
+<span id="3838">3838</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">core::task</span>::{<span class="ident">Context</span>, <span class="ident">Poll</span>};
 <span class="kw">use</span> <span class="ident">std::convert::TryFrom</span>;
 <span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
@@ -5724,6 +5732,8 @@
         <span class="comment">// get the account</span>
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing password hash upgrade&quot;</span>);
+
         <span class="comment">// check, does the pw still match?</span>
         <span class="kw">let</span> <span class="ident">same</span> <span class="op">=</span> <span class="ident">account</span>.<span class="ident">check_credential_pw</span>(<span class="ident">pwu</span>.<span class="ident">existing_password</span>.<span class="ident">as_str</span>())<span class="question-mark">?</span>;
 
@@ -5747,6 +5757,8 @@
     }
 
     <span class="kw">fn</span> <span class="ident">process_unixpwupgrade</span>(<span class="kw-2">&amp;mut</span> <span class="self">self</span>, <span class="ident">pwu</span>: <span class="kw-2">&amp;</span><span class="ident">UnixPasswordUpgrade</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing unix password hash upgrade&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>
             .<span class="ident">qs_write</span>
             .<span class="ident">internal_search_uuid</span>(<span class="kw-2">&amp;</span><span class="ident">pwu</span>.<span class="ident">target_uuid</span>)
@@ -5781,6 +5793,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">wci</span>: <span class="kw-2">&amp;</span><span class="ident">WebauthnCounterIncrement</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing webauthn counter increment&quot;</span>);
+
         <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">wci</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
 
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
@@ -5807,6 +5821,8 @@
         <span class="kw-2">&amp;mut</span> <span class="self">self</span>,
         <span class="ident">bcr</span>: <span class="kw-2">&amp;</span><span class="ident">BackupCodeRemoval</span>,
     ) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span>(), <span class="ident">OperationError</span><span class="op">&gt;</span> {
+        <span class="macro">info!</span>(<span class="ident">session_id</span> <span class="op">=</span> <span class="op">%</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>, <span class="string">&quot;Processing backup code removal&quot;</span>);
+
         <span class="kw">let</span> <span class="ident">account</span> <span class="op">=</span> <span class="self">self</span>.<span class="ident">target_to_account</span>(<span class="kw-2">&amp;</span><span class="ident">bcr</span>.<span class="ident">target_uuid</span>)<span class="question-mark">?</span>;
         <span class="comment">// Generate an optional mod and then attempt to apply it.</span>
         <span class="kw">let</span> <span class="ident">modlist</span> <span class="op">=</span> <span class="ident">account</span>

docs/v1.1.0-alpha.4/rustdoc/src/kanidmd_web_ui/oauth2.rs.html

@@ -536,6 +536,35 @@
 <span id="536">536</span>
 <span id="537">537</span>
 <span id="538">538</span>
+<span id="539">539</span>
+<span id="540">540</span>
+<span id="541">541</span>
+<span id="542">542</span>
+<span id="543">543</span>
+<span id="544">544</span>
+<span id="545">545</span>
+<span id="546">546</span>
+<span id="547">547</span>
+<span id="548">548</span>
+<span id="549">549</span>
+<span id="550">550</span>
+<span id="551">551</span>
+<span id="552">552</span>
+<span id="553">553</span>
+<span id="554">554</span>
+<span id="555">555</span>
+<span id="556">556</span>
+<span id="557">557</span>
+<span id="558">558</span>
+<span id="559">559</span>
+<span id="560">560</span>
+<span id="561">561</span>
+<span id="562">562</span>
+<span id="563">563</span>
+<span id="564">564</span>
+<span id="565">565</span>
+<span id="566">566</span>
+<span id="567">567</span>
 </pre><pre class="rust"><code><span class="comment">// use anyhow::Error;</span>
 <span class="kw">use</span> <span class="ident">gloo::console</span>;
 <span class="kw">pub</span> <span class="kw">use</span> <span class="ident">kanidm_proto::oauth2</span>::{
@@ -568,6 +597,7 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">ConsentGranted</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span>(<span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>),
     <span class="ident">ErrInvalidRequest</span>,
 }
 
@@ -586,6 +616,9 @@
         <span class="ident">consent_token</span>: <span class="ident">String</span>,
     },
     <span class="ident">Redirect</span>(<span class="ident">String</span>),
+    <span class="ident">AccessDenied</span> {
+        <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
+    },
     <span class="ident">Error</span> {
         <span class="ident">emsg</span>: <span class="ident">String</span>,
         <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span>,
@@ -698,6 +731,8 @@
                     }
                 }
             }
+        } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">403</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> })
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
             <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
@@ -918,6 +953,11 @@
                 <span class="comment">// We need to send off fetch task here.</span>
                 <span class="bool-val">true</span>
             }
+            <span class="ident">Oauth2Msg::AccessDenied</span> { <span class="ident">kopid</span> } =&gt; {
+                <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
+                <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>);
+                <span class="bool-val">true</span>
+            }
             <span class="ident">Oauth2Msg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> } =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::ErrInvalidRequest</span>;
                 <span class="macro">console::error!</span>(<span class="macro">format!</span>(<span class="string">&quot;{:?}&quot;</span>, <span class="ident">kopid</span>).<span class="ident">as_str</span>());
@@ -1043,6 +1083,24 @@
                     <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
                 }
             }
+            <span class="ident">State::AccessDenied</span>(<span class="ident">kopid</span>) =&gt; {
+                <span class="macro">html!</span> {
+                    <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">h1</span><span class="op">&gt;</span>{ <span class="string">&quot;Access Denied&quot;</span> } <span class="op">&lt;</span><span class="op">/</span><span class="ident">h1</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="string">&quot;You do not have access to the requested resources.&quot;</span> }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                        <span class="op">&lt;</span><span class="ident">p</span><span class="op">&gt;</span>
+                        { <span class="kw">if</span> <span class="kw">let</span> <span class="prelude-val">Some</span>(<span class="ident">opid</span>) <span class="op">=</span> <span class="ident">kopid</span> {
+                            <span class="macro">format!</span>(<span class="string">&quot;Operation ID: {}&quot;</span>, <span class="ident">opid</span>)
+                          } <span class="kw">else</span> {
+                            <span class="string">&quot;Operation ID: -&quot;</span>.<span class="ident">to_string</span>()
+                          }
+                        }
+                        <span class="op">&lt;</span><span class="op">/</span><span class="ident">p</span><span class="op">&gt;</span>
+                    <span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span>
+                }
+            }
             <span class="ident">State::ErrInvalidRequest</span> =&gt; {
                 <span class="macro">html!</span> {
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;alert alert-danger&quot;</span> <span class="ident">role</span><span class="op">=</span><span class="string">&quot;alert&quot;</span><span class="op">&gt;</span>

docs/v1.1.0-alpha.4/rustdoc/src/kanidmd_web_ui/views/mod.rs.html

@@ -423,6 +423,55 @@
 <span id="423">423</span>
 <span id="424">424</span>
 <span id="425">425</span>
+<span id="426">426</span>
+<span id="427">427</span>
+<span id="428">428</span>
+<span id="429">429</span>
+<span id="430">430</span>
+<span id="431">431</span>
+<span id="432">432</span>
+<span id="433">433</span>
+<span id="434">434</span>
+<span id="435">435</span>
+<span id="436">436</span>
+<span id="437">437</span>
+<span id="438">438</span>
+<span id="439">439</span>
+<span id="440">440</span>
+<span id="441">441</span>
+<span id="442">442</span>
+<span id="443">443</span>
+<span id="444">444</span>
+<span id="445">445</span>
+<span id="446">446</span>
+<span id="447">447</span>
+<span id="448">448</span>
+<span id="449">449</span>
+<span id="450">450</span>
+<span id="451">451</span>
+<span id="452">452</span>
+<span id="453">453</span>
+<span id="454">454</span>
+<span id="455">455</span>
+<span id="456">456</span>
+<span id="457">457</span>
+<span id="458">458</span>
+<span id="459">459</span>
+<span id="460">460</span>
+<span id="461">461</span>
+<span id="462">462</span>
+<span id="463">463</span>
+<span id="464">464</span>
+<span id="465">465</span>
+<span id="466">466</span>
+<span id="467">467</span>
+<span id="468">468</span>
+<span id="469">469</span>
+<span id="470">470</span>
+<span id="471">471</span>
+<span id="472">472</span>
+<span id="473">473</span>
+<span id="474">474</span>
 </pre><pre class="rust"><code><span class="kw">use</span> <span class="ident">std::str::FromStr</span>;
 
 <span class="kw">use</span> <span class="ident">compact_jwt</span>::{<span class="ident">Jws</span>, <span class="ident">JwsUnverified</span>};
@@ -495,6 +544,7 @@
 
 <span class="kw">enum</span> <span class="ident">State</span> {
     <span class="ident">LoginRequired</span>,
+    <span class="ident">LoggingOut</span>,
     <span class="ident">Verifying</span>,
     <span class="ident">Authenticated</span>(<span class="ident">String</span>),
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
@@ -516,6 +566,7 @@
 <span class="kw">pub</span> <span class="kw">enum</span> <span class="ident">ViewsMsg</span> {
     <span class="ident">Verified</span>(<span class="ident">String</span>),
     <span class="ident">Logout</span>,
+    <span class="ident">LogoutComplete</span>,
     <span class="ident">ProfileInfoRecieved</span> { <span class="ident">uat</span>: <span class="ident">UserAuthToken</span> },
     <span class="ident">Error</span> { <span class="ident">emsg</span>: <span class="ident">String</span>, <span class="ident">kopid</span>: <span class="prelude-ty">Option</span><span class="op">&lt;</span><span class="ident">String</span><span class="op">&gt;</span> },
 }
@@ -584,7 +635,22 @@
                 <span class="bool-val">true</span>
             }
             <span class="ident">ViewsMsg::Logout</span> =&gt; {
-                <span class="ident">models::clear_bearer_token</span>();
+                <span class="kw">match</span> <span class="ident">models::get_bearer_token</span>() {
+                    <span class="prelude-val">Some</span>(<span class="ident">tk</span>) =&gt; {
+                        <span class="ident">models::clear_bearer_token</span>();
+                        <span class="ident">ctx</span>.<span class="ident">link</span>().<span class="ident">send_future</span>(<span class="kw">async</span> {
+                            <span class="kw">match</span> <span class="ident"><span class="self">Self</span>::fetch_logout</span>(<span class="ident">tk</span>).<span class="kw">await</span> {
+                                <span class="prelude-val">Ok</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>,
+                                <span class="prelude-val">Err</span>(<span class="ident">v</span>) =&gt; <span class="ident">v</span>.<span class="ident">into</span>(),
+                            }
+                        });
+                        <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoggingOut</span>;
+                    }
+                    <span class="prelude-val">None</span> =&gt; <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>,
+                }
+                <span class="bool-val">true</span>
+            }
+            <span class="ident">ViewsMsg::LogoutComplete</span> =&gt; {
                 <span class="self">self</span>.<span class="ident">state</span> <span class="op">=</span> <span class="ident">State::LoginRequired</span>;
                 <span class="bool-val">true</span>
             }
@@ -624,7 +690,7 @@
                     .<span class="ident">push</span>(<span class="ident">Route::Login</span>);
                 <span class="macro">html!</span> { <span class="op">&lt;</span><span class="ident">div</span><span class="op">&gt;</span><span class="op">&lt;</span><span class="op">/</span><span class="ident">div</span><span class="op">&gt;</span> }
             }
-            <span class="ident">State::Verifying</span> =&gt; {
+            <span class="ident">State::LoggingOut</span> <span class="op">|</span> <span class="ident">State::Verifying</span> =&gt; {
                 <span class="macro">html!</span> {
                   <span class="op">&lt;</span><span class="ident">main</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;text-center form-signin h-100&quot;</span><span class="op">&gt;</span>
                     <span class="op">&lt;</span><span class="ident">div</span> <span class="ident">class</span><span class="op">=</span><span class="string">&quot;vert-center&quot;</span><span class="op">&gt;</span>
@@ -791,7 +857,7 @@
             <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Verified</span>(<span class="ident">token</span>))
         } <span class="kw">else</span> <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">401</span> {
             <span class="comment">// Not valid, re-auth</span>
-            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Logout</span>)
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
         } <span class="kw">else</span> {
             <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
             <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
@@ -815,6 +881,38 @@
             <span class="ident">uat</span>: <span class="ident">uat</span>.<span class="ident">into_inner</span>(),
         })
     }
+
+    <span class="kw">async</span> <span class="kw">fn</span> <span class="ident">fetch_logout</span>(<span class="ident">token</span>: <span class="ident">String</span>) -&gt; <span class="prelude-ty">Result</span><span class="op">&lt;</span><span class="ident">ViewsMsg</span>, <span class="ident">FetchError</span><span class="op">&gt;</span> {
+        <span class="kw">let</span> <span class="kw-2">mut</span> <span class="ident">opts</span> <span class="op">=</span> <span class="ident">RequestInit::new</span>();
+        <span class="ident">opts</span>.<span class="ident">method</span>(<span class="string">&quot;GET&quot;</span>);
+        <span class="ident">opts</span>.<span class="ident">mode</span>(<span class="ident">RequestMode::SameOrigin</span>);
+
+        <span class="kw">let</span> <span class="ident">request</span> <span class="op">=</span> <span class="ident">Request::new_with_str_and_init</span>(<span class="string">&quot;/v1/logout&quot;</span>, <span class="kw-2">&amp;</span><span class="ident">opts</span>)<span class="question-mark">?</span>;
+
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;content-type&quot;</span>, <span class="string">&quot;application/json&quot;</span>)
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+        <span class="ident">request</span>
+            .<span class="ident">headers</span>()
+            .<span class="ident">set</span>(<span class="string">&quot;authorization&quot;</span>, <span class="macro">format!</span>(<span class="string">&quot;Bearer {}&quot;</span>, <span class="ident">token</span>).<span class="ident">as_str</span>())
+            .<span class="ident">expect_throw</span>(<span class="string">&quot;failed to set header&quot;</span>);
+
+        <span class="kw">let</span> <span class="ident">window</span> <span class="op">=</span> <span class="ident">utils::window</span>();
+        <span class="kw">let</span> <span class="ident">resp_value</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">window</span>.<span class="ident">fetch_with_request</span>(<span class="kw-2">&amp;</span><span class="ident">request</span>)).<span class="kw">await</span><span class="question-mark">?</span>;
+        <span class="kw">let</span> <span class="ident">resp</span>: <span class="ident">Response</span> <span class="op">=</span> <span class="ident">resp_value</span>.<span class="ident">dyn_into</span>().<span class="ident">expect_throw</span>(<span class="string">&quot;Invalid response type&quot;</span>);
+        <span class="kw">let</span> <span class="ident">status</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">status</span>();
+
+        <span class="kw">if</span> <span class="ident">status</span> <span class="op">==</span> <span class="number">200</span> {
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::LogoutComplete</span>)
+        } <span class="kw">else</span> {
+            <span class="kw">let</span> <span class="ident">headers</span> <span class="op">=</span> <span class="ident">resp</span>.<span class="ident">headers</span>();
+            <span class="kw">let</span> <span class="ident">kopid</span> <span class="op">=</span> <span class="ident">headers</span>.<span class="ident">get</span>(<span class="string">&quot;x-kanidm-opid&quot;</span>).<span class="ident">ok</span>().<span class="ident">flatten</span>();
+            <span class="kw">let</span> <span class="ident">text</span> <span class="op">=</span> <span class="ident">JsFuture::from</span>(<span class="ident">resp</span>.<span class="ident">text</span>()<span class="question-mark">?</span>).<span class="kw">await</span><span class="question-mark">?</span>;
+            <span class="kw">let</span> <span class="ident">emsg</span> <span class="op">=</span> <span class="ident">text</span>.<span class="ident">as_string</span>().<span class="ident">unwrap_or_else</span>(<span class="op">|</span><span class="op">|</span> <span class="string">&quot;&quot;</span>.<span class="ident">to_string</span>());
+            <span class="prelude-val">Ok</span>(<span class="ident">ViewsMsg::Error</span> { <span class="ident">emsg</span>, <span class="ident">kopid</span> })
+        }
+    }
 }
 
 <span class="kw">fn</span> <span class="ident">admin_routes</span>(<span class="ident">route</span>: <span class="kw-2">&amp;</span><span class="ident">AdminRoute</span>) -&gt; <span class="ident">Html</span> {