Be a bit more consistent about 'token', the whole record, versus 'secret', the value in that record used to verify logins.

3 files changed, 15 insertions, 14 deletions

diff --git a/src/login/extract/identity_token.rs b/src/login/extract/identity_token.rs
index d39e3df..c322f7b 100644
--- a/src/login/extract/identity_token.rs
+++ b/src/login/extract/identity_token.rs
@@ -14,18 +14,19 @@ pub struct IdentityToken {
 }
 
 impl IdentityToken {
-    /// Get the identity token sent in the request, if any. If the identity was
-    /// not sent, or if it has previously been [clear]ed, then this will return
-    /// [None]. If the identity has previously been [set], then this will return
-    /// that token.
-    pub fn token(&self) -> Option<&str> {
+    /// Get the identity secret sent in the request, if any. If the identity
+    /// was not sent, or if it has previously been [clear]ed, then this will
+    /// return [None]. If the identity has previously been [set], then this
+    /// will return that secret, regardless of what the request originally
+    /// included.
+    pub fn secret(&self) -> Option<&str> {
         self.cookies.get(IDENTITY_COOKIE).map(Cookie::value)
     }
 
-    /// Positively set the identity token, and ensure that it will be sent back
-    /// to the client when this extractor is included in a response.
-    pub fn set(self, token: &str) -> Self {
-        let identity_cookie = Cookie::build((IDENTITY_COOKIE, String::from(token)))
+    /// Positively set the identity secret, and ensure that it will be sent
+    /// back to the client when this extractor is included in a response.
+    pub fn set(self, secret: &str) -> Self {
+        let identity_cookie = Cookie::build((IDENTITY_COOKIE, String::from(secret)))
             .http_only(true)
             .permanent()
             .build();
@@ -35,7 +36,7 @@ impl IdentityToken {
         }
     }
 
-    /// Remove the identity token and ensure that it will be cleared when this
+    /// Remove the identity secret and ensure that it will be cleared when this
     /// extractor is included in a response.
     pub fn clear(self) -> Self {
         IdentityToken {
diff --git a/src/login/extract/login.rs b/src/login/extract/login.rs
index 405aea8..da0a90e 100644
--- a/src/login/extract/login.rs
+++ b/src/login/extract/login.rs
@@ -29,12 +29,12 @@ impl FromRequestParts<SqlitePool> for Login {
         let identity_token = IdentityToken::from_request_parts(parts, state).await?;
         let RequestedAt(requested_at) = RequestedAt::from_request_parts(parts, state).await?;
 
-        let token = identity_token.token().ok_or(LoginError::Forbidden)?;
+        let secret = identity_token.secret().ok_or(LoginError::Forbidden)?;
 
         let db = State::<SqlitePool>::from_request_parts(parts, state).await?;
         let mut tx = db.begin().await?;
         tx.tokens().expire(requested_at).await?;
-        let login = tx.tokens().validate(token, requested_at).await?;
+        let login = tx.tokens().validate(secret, requested_at).await?;
         tx.commit().await?;
 
         login.ok_or(LoginError::Forbidden)
diff --git a/src/login/routes.rs b/src/login/routes.rs
index 840e2fa..c30bcb1 100644
--- a/src/login/routes.rs
+++ b/src/login/routes.rs
@@ -91,9 +91,9 @@ async fn on_logout(
     State(db): State<SqlitePool>,
     identity: IdentityToken,
 ) -> Result<impl IntoResponse, InternalError> {
-    if let Some(token) = identity.token() {
+    if let Some(secret) = identity.secret() {
         let mut tx = db.begin().await?;
-        tx.tokens().revoke(token).await?;
+        tx.tokens().revoke(secret).await?;
         tx.commit().await?;
     }