6 files changed, 38 insertions, 28 deletions

diff --git a/src/login/handlers/login/mod.rs b/src/login/handlers/login/mod.rs
index 6591984..2ce8a67 100644
--- a/src/login/handlers/login/mod.rs
+++ b/src/login/handlers/login/mod.rs
@@ -5,21 +5,25 @@ use axum::{
 };
 
 use crate::{
-    app::App, clock::RequestedAt, empty::Empty, error::Internal, login::app, name::Name,
-    password::Password, token::extract::IdentityCookie,
+    clock::RequestedAt,
+    empty::Empty,
+    error::Internal,
+    login::{app, app::Logins},
+    name::Name,
+    password::Password,
+    token::extract::IdentityCookie,
 };
 
 #[cfg(test)]
 mod test;
 
 pub async fn handler(
-    State(app): State<App>,
+    State(logins): State<Logins>,
     RequestedAt(now): RequestedAt,
     identity: IdentityCookie,
     Json(request): Json<Request>,
 ) -> Result<(IdentityCookie, Empty), Error> {
-    let secret = app
-        .logins()
+    let secret = logins
         .with_password(&request.name, &request.password, &now)
         .await
         .map_err(Error)?;
diff --git a/src/login/handlers/login/test.rs b/src/login/handlers/login/test.rs
index f3911d0..7bb56b6 100644
--- a/src/login/handlers/login/test.rs
+++ b/src/login/handlers/login/test.rs
@@ -22,7 +22,7 @@ async fn correct_credentials() {
         password,
     };
     let (identity, Empty) =
-        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        super::handler(State(app.logins()), logged_in_at, identity, Json(request))
             .await
             .expect("logged in with valid credentials");
 
@@ -52,7 +52,7 @@ async fn invalid_name() {
         password,
     };
     let super::Error(error) =
-        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        super::handler(State(app.logins()), logged_in_at, identity, Json(request))
             .await
             .expect_err("logged in with an incorrect password fails");
 
@@ -77,7 +77,7 @@ async fn incorrect_password() {
         password: fixtures::user::propose_password(),
     };
     let super::Error(error) =
-        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        super::handler(State(app.logins()), logged_in_at, identity, Json(request))
             .await
             .expect_err("logged in with an incorrect password");
 
@@ -98,7 +98,7 @@ async fn token_expires() {
     let logged_in_at = fixtures::ancient();
     let identity = fixtures::cookie::not_logged_in();
     let request = super::Request { name, password };
-    let (identity, _) = super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+    let (identity, _) = super::handler(State(app.logins()), logged_in_at, identity, Json(request))
         .await
         .expect("logged in with valid credentials");
     let secret = identity.secret().expect("logged in with valid credentials");
diff --git a/src/login/handlers/logout/mod.rs b/src/login/handlers/logout/mod.rs
index 73efe73..ce4cb1a 100644
--- a/src/login/handlers/logout/mod.rs
+++ b/src/login/handlers/logout/mod.rs
@@ -4,25 +4,24 @@ use axum::{
 };
 
 use crate::{
-    app::App,
     clock::RequestedAt,
     empty::Empty,
     error::{Internal, Unauthorized},
-    token::{app, extract::IdentityCookie},
+    token::{app, app::Tokens, extract::IdentityCookie},
 };
 
 #[cfg(test)]
 mod test;
 
 pub async fn handler(
-    State(app): State<App>,
+    State(tokens): State<Tokens>,
     RequestedAt(now): RequestedAt,
     identity: IdentityCookie,
     Json(_): Json<Request>,
 ) -> Result<(IdentityCookie, Empty), Error> {
     if let Some(secret) = identity.secret() {
-        let identity = app.tokens().validate(&secret, &now).await?;
-        app.tokens().logout(&identity.token).await?;
+        let identity = tokens.validate(&secret, &now).await?;
+        tokens.logout(&identity.token).await?;
     }
 
     let identity = identity.clear();
diff --git a/src/login/handlers/logout/test.rs b/src/login/handlers/logout/test.rs
index e7b7dd4..18744ed 100644
--- a/src/login/handlers/logout/test.rs
+++ b/src/login/handlers/logout/test.rs
@@ -18,7 +18,7 @@ async fn successful() {
     // Call the endpoint
 
     let (response_identity, Empty) = super::handler(
-        State(app.clone()),
+        State(app.tokens()),
         fixtures::now(),
         identity.clone(),
         Json::default(),
@@ -42,9 +42,14 @@ async fn no_identity() {
     // Call the endpoint
 
     let identity = fixtures::cookie::not_logged_in();
-    let (identity, Empty) = super::handler(State(app), fixtures::now(), identity, Json::default())
-        .await
-        .expect("logged out with no token succeeds");
+    let (identity, Empty) = super::handler(
+        State(app.tokens()),
+        fixtures::now(),
+        identity,
+        Json::default(),
+    )
+    .await
+    .expect("logged out with no token succeeds");
 
     // Verify the return value's basic structure
 
@@ -60,10 +65,14 @@ async fn invalid_token() {
     // Call the endpoint
 
     let identity = fixtures::cookie::fictitious();
-    let super::Error(error) =
-        super::handler(State(app), fixtures::now(), identity, Json::default())
-            .await
-            .expect_err("logged out with an invalid token fails");
+    let super::Error(error) = super::handler(
+        State(app.tokens()),
+        fixtures::now(),
+        identity,
+        Json::default(),
+    )
+    .await
+    .expect_err("logged out with an invalid token fails");
 
     // Verify the return value's basic structure
 
diff --git a/src/login/handlers/password/mod.rs b/src/login/handlers/password/mod.rs
index 94c7fb4..8b82605 100644
--- a/src/login/handlers/password/mod.rs
+++ b/src/login/handlers/password/mod.rs
@@ -5,11 +5,10 @@ use axum::{
 };
 
 use crate::{
-    app::App,
     clock::RequestedAt,
     empty::Empty,
     error::Internal,
-    login::app,
+    login::{app, app::Logins},
     password::Password,
     token::extract::{Identity, IdentityCookie},
 };
@@ -18,14 +17,13 @@ use crate::{
 mod test;
 
 pub async fn handler(
-    State(app): State<App>,
+    State(logins): State<Logins>,
     RequestedAt(now): RequestedAt,
     identity: Identity,
     cookie: IdentityCookie,
     Json(request): Json<Request>,
 ) -> Result<(IdentityCookie, Empty), Error> {
-    let secret = app
-        .logins()
+    let secret = logins
         .change_password(&identity.login, &request.password, &request.to, &now)
         .await
         .map_err(Error)?;
diff --git a/src/login/handlers/password/test.rs b/src/login/handlers/password/test.rs
index ba2f28f..61d5b5a 100644
--- a/src/login/handlers/password/test.rs
+++ b/src/login/handlers/password/test.rs
@@ -21,7 +21,7 @@ async fn password_change() {
         to: to.clone(),
     };
     let (new_cookie, Empty) = super::handler(
-        State(app.clone()),
+        State(app.logins()),
         fixtures::now(),
         identity.clone(),
         cookie.clone(),