Reimplement the logout machinery in terms of token IDs, not token secrets.

This (a) reduces the amount of passing secrets around that's needed, and (b) allows tests to log out in a more straightforwards manner.

Ish. The fixtures are a mess, but so is the nomenclature. Fix the latter and the former will probably follow.

1 files changed, 11 insertions, 6 deletions

diff --git a/src/login/routes.rs b/src/login/routes.rs
index 4664063..8d9e938 100644
--- a/src/login/routes.rs
+++ b/src/login/routes.rs
@@ -78,27 +78,32 @@ struct LogoutRequest {}
 
 async fn on_logout(
     State(app): State<App>,
+    RequestedAt(now): RequestedAt,
     identity: IdentityToken,
     // This forces the only valid request to be `{}`, and not the infinite
     // variation allowed when there's no body extractor.
     Json(LogoutRequest {}): Json<LogoutRequest>,
 ) -> Result<(IdentityToken, StatusCode), LogoutError> {
     if let Some(secret) = identity.secret() {
-        app.logins().logout(&secret).await.map_err(LogoutError)?;
+        let (token, _) = app.logins().validate(&secret, &now).await?;
+        app.logins().logout(&token).await?;
     }
 
     let identity = identity.clear();
     Ok((identity, StatusCode::NO_CONTENT))
 }
 
-#[derive(Debug)]
-struct LogoutError(app::ValidateError);
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+enum LogoutError {
+    ValidateError(#[from] app::ValidateError),
+    DatabaseError(#[from] sqlx::Error),
+}
 
 impl IntoResponse for LogoutError {
     fn into_response(self) -> Response {
-        let Self(error) = self;
-        match error {
-            error @ app::ValidateError::InvalidToken => {
+        match self {
+            error @ Self::ValidateError(app::ValidateError::InvalidToken) => {
                 (StatusCode::UNAUTHORIZED, error.to_string()).into_response()
             }
             other => Internal::from(other).into_response(),