Return an identity, rather than the parts of an identity, when validating an identity token.

This is a small refactoring that's been possible for a while, and we only just noticed.

2 files changed, 10 insertions, 7 deletions

diff --git a/src/token/app.rs b/src/token/app.rs
index 56c0e21..8ec61c5 100644
--- a/src/token/app.rs
+++ b/src/token/app.rs
@@ -7,6 +7,7 @@ use sqlx::sqlite::SqlitePool;
 
 use super::{
     Broadcaster, Event as TokenEvent, Id, Secret,
+    extract::Identity,
     repo::{self, Provider as _, auth::Provider as _},
 };
 use crate::{
@@ -104,7 +105,7 @@ impl<'a> Tokens<'a> {
         &self,
         secret: &Secret,
         used_at: &DateTime,
-    ) -> Result<(Id, User), ValidateError> {
+    ) -> Result<Identity, ValidateError> {
         let mut tx = self.db.begin().await?;
         let (token, user) = tx
             .tokens()
@@ -115,7 +116,7 @@ impl<'a> Tokens<'a> {
 
         let user = user.as_snapshot().ok_or(ValidateError::LoginDeleted)?;
 
-        Ok((token, user))
+        Ok(Identity { token, user })
     }
 
     pub async fn limit_stream<S, E>(
diff --git a/src/token/extract/identity.rs b/src/token/extract/identity.rs
index d1c0334..4d076d7 100644
--- a/src/token/extract/identity.rs
+++ b/src/token/extract/identity.rs
@@ -30,11 +30,13 @@ impl FromRequestParts<App> for Identity {
         let secret = cookie.secret().ok_or(LoginError::Unauthorized)?;
 
         let app = State::<App>::from_request_parts(parts, state).await?;
-        match app.tokens().validate(&secret, &used_at).await {
-            Ok((token, user)) => Ok(Identity { token, user }),
-            Err(ValidateError::InvalidToken) => Err(LoginError::Unauthorized),
-            Err(other) => Err(other.into()),
-        }
+        app.tokens()
+            .validate(&secret, &used_at)
+            .await
+            .map_err(|err| match err {
+                ValidateError::InvalidToken => LoginError::Unauthorized,
+                other => other.into(),
+            })
     }
 }