Merge branch 'main' into wip/mobile

author: Kit La Touche <kit@transneptune.net> 2024-10-23 21:56:31 -0400
committer: Kit La Touche <kit@transneptune.net> 2024-10-23 21:56:31 -0400
commit: 1f769855df2d9cf2bca883a0475670f227e3678b (patch)
tree: 6c94d9c868eb022588a07245df978478034ac5dd /src/login/routes
parent: 8f360dd9cc45bb14431238ccc5e3d137c020fa7b (diff)
parent: 461814e5174cef1be3e07b4e4069314e9bcbedd6 (diff)
9 files changed, 222 insertions, 123 deletions
diff --git a/src/login/routes/login/mod.rs b/src/login/routes/login/mod.rs
new file mode 100644
index 0000000..36b384e
--- /dev/null
+++ b/src/login/routes/login/mod.rs
@@ -0,0 +1,4 @@
+pub mod post;
+
+#[cfg(test)]
+mod test;
diff --git a/src/login/routes/login/post.rs b/src/login/routes/login/post.rs
new file mode 100644
index 0000000..96da5c5
--- /dev/null
+++ b/src/login/routes/login/post.rs
@@ -0,0 +1,52 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::Internal,
+    login::{Login, Password},
+    name::Name,
+    token::{app, extract::IdentityCookie},
+};
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: IdentityCookie,
+    Json(request): Json<Request>,
+) -> Result<(IdentityCookie, Json<Login>), Error> {
+    let (login, secret) = app
+        .tokens()
+        .login(&request.name, &request.password, &now)
+        .await
+        .map_err(Error)?;
+    let identity = identity.set(secret);
+    Ok((identity, Json(login)))
+}
+
+#[derive(serde::Deserialize)]
+pub struct Request {
+    pub name: Name,
+    pub password: Password,
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::LoginError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        match error {
+            app::LoginError::Rejected => {
+                // not error::Unauthorized due to differing messaging
+                (StatusCode::UNAUTHORIZED, "invalid name or password").into_response()
+            }
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
diff --git a/src/login/routes/test/login.rs b/src/login/routes/login/test.rs
index 68c92de..7399796 100644
--- a/src/login/routes/test/login.rs
+++ b/src/login/routes/login/test.rs
@@ -1,9 +1,7 @@
-use axum::{
-    extract::{Json, State},
-    http::StatusCode,
-};
+use axum::extract::{Json, State};
 
-use crate::{login::routes, test::fixtures, token::app};
+use super::post;
+use crate::{test::fixtures, token::app};
 
 #[tokio::test]
 async fn correct_credentials() {
@@ -14,21 +12,23 @@ async fn correct_credentials() {
 
     // Call the endpoint
 
-    let identity = fixtures::identity::not_logged_in();
+    let identity = fixtures::cookie::not_logged_in();
     let logged_in_at = fixtures::now();
-    let request = routes::LoginRequest {
+    let request = post::Request {
         name: name.clone(),
         password,
     };
-    let (identity, status) =
-        routes::on_login(State(app.clone()), logged_in_at, identity, Json(request))
+    let (identity, Json(response)) =
+        post::handler(State(app.clone()), logged_in_at, identity, Json(request))
             .await
             .expect("logged in with valid credentials");
 
     // Verify the return value's basic structure
 
-    assert_eq!(StatusCode::NO_CONTENT, status);
-    let secret = identity.secret().expect("logged in with valid credentials");
+    assert_eq!(name, response.name);
+    let secret = identity
+        .secret()
+        .expect("logged in with valid credentials issues an identity cookie");
 
     // Verify the semantics
 
@@ -39,7 +39,7 @@ async fn correct_credentials() {
         .await
         .expect("identity secret is valid");
 
-    assert_eq!(name, validated_login.name);
+    assert_eq!(response, validated_login);
 }
 
 #[tokio::test]
@@ -50,17 +50,17 @@ async fn invalid_name() {
 
     // Call the endpoint
 
-    let identity = fixtures::identity::not_logged_in();
+    let identity = fixtures::cookie::not_logged_in();
     let logged_in_at = fixtures::now();
     let (name, password) = fixtures::login::propose();
-    let request = routes::LoginRequest {
+    let request = post::Request {
         name: name.clone(),
         password,
     };
-    let routes::LoginError(error) =
-        routes::on_login(State(app.clone()), logged_in_at, identity, Json(request))
+    let post::Error(error) =
+        post::handler(State(app.clone()), logged_in_at, identity, Json(request))
             .await
-            .expect_err("logged in with an incorrect password");
+            .expect_err("logged in with an incorrect password fails");
 
     // Verify the return value's basic structure
 
@@ -77,13 +77,13 @@ async fn incorrect_password() {
     // Call the endpoint
 
     let logged_in_at = fixtures::now();
-    let identity = fixtures::identity::not_logged_in();
-    let request = routes::LoginRequest {
+    let identity = fixtures::cookie::not_logged_in();
+    let request = post::Request {
         name: login.name,
         password: fixtures::login::propose_password(),
     };
-    let routes::LoginError(error) =
-        routes::on_login(State(app.clone()), logged_in_at, identity, Json(request))
+    let post::Error(error) =
+        post::handler(State(app.clone()), logged_in_at, identity, Json(request))
             .await
             .expect_err("logged in with an incorrect password");
 
@@ -102,9 +102,9 @@ async fn token_expires() {
     // Call the endpoint
 
     let logged_in_at = fixtures::ancient();
-    let identity = fixtures::identity::not_logged_in();
-    let request = routes::LoginRequest { name, password };
-    let (identity, _) = routes::on_login(State(app.clone()), logged_in_at, identity, Json(request))
+    let identity = fixtures::cookie::not_logged_in();
+    let request = post::Request { name, password };
+    let (identity, _) = post::handler(State(app.clone()), logged_in_at, identity, Json(request))
         .await
         .expect("logged in with valid credentials");
     let secret = identity.secret().expect("logged in with valid credentials");
diff --git a/src/login/routes/logout/mod.rs b/src/login/routes/logout/mod.rs
new file mode 100644
index 0000000..36b384e
--- /dev/null
+++ b/src/login/routes/logout/mod.rs
@@ -0,0 +1,4 @@
+pub mod post;
+
+#[cfg(test)]
+mod test;
diff --git a/src/login/routes/logout/post.rs b/src/login/routes/logout/post.rs
new file mode 100644
index 0000000..bb09b9f
--- /dev/null
+++ b/src/login/routes/logout/post.rs
@@ -0,0 +1,47 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::{Internal, Unauthorized},
+    token::{app, extract::IdentityCookie},
+};
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: IdentityCookie,
+    Json(_): Json<Request>,
+) -> Result<(IdentityCookie, StatusCode), Error> {
+    if let Some(secret) = identity.secret() {
+        let (token, _) = app.tokens().validate(&secret, &now).await?;
+        app.tokens().logout(&token).await?;
+    }
+
+    let identity = identity.clear();
+    Ok((identity, StatusCode::NO_CONTENT))
+}
+
+// This forces the only valid request to be `{}`, and not the infinite
+// variation allowed when there's no body extractor.
+#[derive(Default, serde::Deserialize)]
+pub struct Request {}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::ValidateError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        #[allow(clippy::match_wildcard_for_single_variants)]
+        match error {
+            app::ValidateError::InvalidToken => Unauthorized.into_response(),
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
diff --git a/src/login/routes/logout/test.rs b/src/login/routes/logout/test.rs
new file mode 100644
index 0000000..775fa9f
--- /dev/null
+++ b/src/login/routes/logout/test.rs
@@ -0,0 +1,79 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+};
+
+use super::post;
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn successful() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let now = fixtures::now();
+    let creds = fixtures::login::create_with_password(&app, &fixtures::now()).await;
+    let identity = fixtures::cookie::logged_in(&app, &creds, &now).await;
+    let secret = fixtures::cookie::secret(&identity);
+
+    // Call the endpoint
+
+    let (response_identity, response_status) = post::handler(
+        State(app.clone()),
+        fixtures::now(),
+        identity.clone(),
+        Json::default(),
+    )
+    .await
+    .expect("logged out with a valid token");
+
+    // Verify the return value's basic structure
+
+    assert!(response_identity.secret().is_none());
+    assert_eq!(StatusCode::NO_CONTENT, response_status);
+
+    // Verify the semantics
+    let error = app
+        .tokens()
+        .validate(&secret, &now)
+        .await
+        .expect_err("secret is invalid");
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
+
+#[tokio::test]
+async fn no_identity() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let (identity, status) = post::handler(State(app), fixtures::now(), identity, Json::default())
+        .await
+        .expect("logged out with no token succeeds");
+
+    // Verify the return value's basic structure
+
+    assert!(identity.secret().is_none());
+    assert_eq!(StatusCode::NO_CONTENT, status);
+}
+
+#[tokio::test]
+async fn invalid_token() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::fictitious();
+    let post::Error(error) = post::handler(State(app), fixtures::now(), identity, Json::default())
+        .await
+        .expect_err("logged out with an invalid token fails");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
diff --git a/src/login/routes/mod.rs b/src/login/routes/mod.rs
new file mode 100644
index 0000000..8cb8852
--- /dev/null
+++ b/src/login/routes/mod.rs
@@ -0,0 +1,12 @@
+use axum::{routing::post, Router};
+
+use crate::app::App;
+
+mod login;
+mod logout;
+
+pub fn router() -> Router<App> {
+    Router::new()
+        .route("/api/auth/login", post(login::post::handler))
+        .route("/api/auth/logout", post(logout::post::handler))
+}
diff --git a/src/login/routes/test/logout.rs b/src/login/routes/test/logout.rs
deleted file mode 100644
index 611829e..0000000
--- a/src/login/routes/test/logout.rs
+++ /dev/null
@@ -1,97 +0,0 @@
-use axum::{
-    extract::{Json, State},
-    http::StatusCode,
-};
-
-use crate::{login::routes, test::fixtures, token::app};
-
-#[tokio::test]
-async fn successful() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-    let now = fixtures::now();
-    let login = fixtures::login::create_with_password(&app, &fixtures::now()).await;
-    let identity = fixtures::identity::logged_in(&app, &login, &now).await;
-    let secret = fixtures::identity::secret(&identity);
-
-    // Call the endpoint
-
-    let (response_identity, response_status) = routes::on_logout(
-        State(app.clone()),
-        fixtures::now(),
-        identity.clone(),
-        Json(routes::LogoutRequest {}),
-    )
-    .await
-    .expect("logged out with a valid token");
-
-    // Verify the return value's basic structure
-
-    assert!(response_identity.secret().is_none());
-    assert_eq!(StatusCode::NO_CONTENT, response_status);
-
-    // Verify the semantics
-
-    let error = app
-        .tokens()
-        .validate(&secret, &now)
-        .await
-        .expect_err("secret is invalid");
-    match error {
-        app::ValidateError::InvalidToken => (), // should be invalid
-        other @ app::ValidateError::DatabaseError(_) => {
-            panic!("expected ValidateError::InvalidToken, got {other:#}")
-        }
-    }
-}
-
-#[tokio::test]
-async fn no_identity() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-
-    // Call the endpoint
-
-    let identity = fixtures::identity::not_logged_in();
-    let (identity, status) = routes::on_logout(
-        State(app),
-        fixtures::now(),
-        identity,
-        Json(routes::LogoutRequest {}),
-    )
-    .await
-    .expect("logged out with no token");
-
-    // Verify the return value's basic structure
-
-    assert!(identity.secret().is_none());
-    assert_eq!(StatusCode::NO_CONTENT, status);
-}
-
-#[tokio::test]
-async fn invalid_token() {
-    // Set up the environment
-
-    let app = fixtures::scratch_app().await;
-
-    // Call the endpoint
-
-    let identity = fixtures::identity::fictitious();
-    let error = routes::on_logout(
-        State(app),
-        fixtures::now(),
-        identity,
-        Json(routes::LogoutRequest {}),
-    )
-    .await
-    .expect_err("logged out with an invalid token");
-
-    // Verify the return value's basic structure
-
-    assert!(matches!(
-        error,
-        routes::LogoutError::ValidateError(app::ValidateError::InvalidToken)
-    ));
-}
diff --git a/src/login/routes/test/mod.rs b/src/login/routes/test/mod.rs
deleted file mode 100644
index 90522c4..0000000
--- a/src/login/routes/test/mod.rs
+++ /dev/null
@@ -1,2 +0,0 @@
-mod login;
-mod logout;
author	Kit La Touche <kit@transneptune.net>	2024-10-23 21:56:31 -0400
committer	Kit La Touche <kit@transneptune.net>	2024-10-23 21:56:31 -0400
commit	1f769855df2d9cf2bca883a0475670f227e3678b (patch)
tree	6c94d9c868eb022588a07245df978478034ac5dd /src/login/routes
parent	8f360dd9cc45bb14431238ccc5e3d137c020fa7b (diff)
parent	461814e5174cef1be3e07b4e4069314e9bcbedd6 (diff)