6 files changed, 27 insertions, 44 deletions

diff --git a/src/login/extract.rs b/src/login/extract.rs
deleted file mode 100644
index c2d97f2..0000000
--- a/src/login/extract.rs
+++ /dev/null
@@ -1,15 +0,0 @@
-use axum::{extract::FromRequestParts, http::request::Parts};
-
-use super::Login;
-use crate::{app::App, token::extract::Identity};
-
-#[async_trait::async_trait]
-impl FromRequestParts<App> for Login {
-    type Rejection = <Identity as FromRequestParts<App>>::Rejection;
-
-    async fn from_request_parts(parts: &mut Parts, state: &App) -> Result<Self, Self::Rejection> {
-        let identity = Identity::from_request_parts(parts, state).await?;
-
-        Ok(identity.login)
-    }
-}
diff --git a/src/login/mod.rs b/src/login/mod.rs
index 64a3698..279e9a6 100644
--- a/src/login/mod.rs
+++ b/src/login/mod.rs
@@ -1,6 +1,5 @@
 pub mod app;
 pub mod event;
-pub mod extract;
 mod history;
 mod id;
 pub mod password;
diff --git a/src/login/routes/login/post.rs b/src/login/routes/login/post.rs
index 20430db..96da5c5 100644
--- a/src/login/routes/login/post.rs
+++ b/src/login/routes/login/post.rs
@@ -10,15 +10,15 @@ use crate::{
     error::Internal,
     login::{Login, Password},
     name::Name,
-    token::{app, extract::IdentityToken},
+    token::{app, extract::IdentityCookie},
 };
 
 pub async fn handler(
     State(app): State<App>,
     RequestedAt(now): RequestedAt,
-    identity: IdentityToken,
+    identity: IdentityCookie,
     Json(request): Json<Request>,
-) -> Result<(IdentityToken, Json<Login>), Error> {
+) -> Result<(IdentityCookie, Json<Login>), Error> {
     let (login, secret) = app
         .tokens()
         .login(&request.name, &request.password, &now)
diff --git a/src/login/routes/login/test.rs b/src/login/routes/login/test.rs
index c94f14c..7399796 100644
--- a/src/login/routes/login/test.rs
+++ b/src/login/routes/login/test.rs
@@ -8,14 +8,14 @@ async fn correct_credentials() {
     // Set up the environment
 
     let app = fixtures::scratch_app().await;
-    let (login, password) = fixtures::login::create_with_password(&app, &fixtures::now()).await;
+    let (name, password) = fixtures::login::create_with_password(&app, &fixtures::now()).await;
 
     // Call the endpoint
 
-    let identity = fixtures::identity::not_logged_in();
+    let identity = fixtures::cookie::not_logged_in();
     let logged_in_at = fixtures::now();
     let request = post::Request {
-        name: login.name.clone(),
+        name: name.clone(),
         password,
     };
     let (identity, Json(response)) =
@@ -25,8 +25,10 @@ async fn correct_credentials() {
 
     // Verify the return value's basic structure
 
-    assert_eq!(login, response);
-    let secret = identity.secret().expect("logged in with valid credentials");
+    assert_eq!(name, response.name);
+    let secret = identity
+        .secret()
+        .expect("logged in with valid credentials issues an identity cookie");
 
     // Verify the semantics
 
@@ -37,7 +39,7 @@ async fn correct_credentials() {
         .await
         .expect("identity secret is valid");
 
-    assert_eq!(login, validated_login);
+    assert_eq!(response, validated_login);
 }
 
 #[tokio::test]
@@ -48,7 +50,7 @@ async fn invalid_name() {
 
     // Call the endpoint
 
-    let identity = fixtures::identity::not_logged_in();
+    let identity = fixtures::cookie::not_logged_in();
     let logged_in_at = fixtures::now();
     let (name, password) = fixtures::login::propose();
     let request = post::Request {
@@ -58,7 +60,7 @@ async fn invalid_name() {
     let post::Error(error) =
         post::handler(State(app.clone()), logged_in_at, identity, Json(request))
             .await
-            .expect_err("logged in with an incorrect password");
+            .expect_err("logged in with an incorrect password fails");
 
     // Verify the return value's basic structure
 
@@ -75,7 +77,7 @@ async fn incorrect_password() {
     // Call the endpoint
 
     let logged_in_at = fixtures::now();
-    let identity = fixtures::identity::not_logged_in();
+    let identity = fixtures::cookie::not_logged_in();
     let request = post::Request {
         name: login.name,
         password: fixtures::login::propose_password(),
@@ -95,16 +97,13 @@ async fn token_expires() {
     // Set up the environment
 
     let app = fixtures::scratch_app().await;
-    let (login, password) = fixtures::login::create_with_password(&app, &fixtures::now()).await;
+    let (name, password) = fixtures::login::create_with_password(&app, &fixtures::now()).await;
 
     // Call the endpoint
 
     let logged_in_at = fixtures::ancient();
-    let identity = fixtures::identity::not_logged_in();
-    let request = post::Request {
-        name: login.name.clone(),
-        password,
-    };
+    let identity = fixtures::cookie::not_logged_in();
+    let request = post::Request { name, password };
     let (identity, _) = post::handler(State(app.clone()), logged_in_at, identity, Json(request))
         .await
         .expect("logged in with valid credentials");
diff --git a/src/login/routes/logout/post.rs b/src/login/routes/logout/post.rs
index 6b7a62a..bb09b9f 100644
--- a/src/login/routes/logout/post.rs
+++ b/src/login/routes/logout/post.rs
@@ -8,15 +8,15 @@ use crate::{
     app::App,
     clock::RequestedAt,
     error::{Internal, Unauthorized},
-    token::{app, extract::IdentityToken},
+    token::{app, extract::IdentityCookie},
 };
 
 pub async fn handler(
     State(app): State<App>,
     RequestedAt(now): RequestedAt,
-    identity: IdentityToken,
+    identity: IdentityCookie,
     Json(_): Json<Request>,
-) -> Result<(IdentityToken, StatusCode), Error> {
+) -> Result<(IdentityCookie, StatusCode), Error> {
     if let Some(secret) = identity.secret() {
         let (token, _) = app.tokens().validate(&secret, &now).await?;
         app.tokens().logout(&token).await?;
diff --git a/src/login/routes/logout/test.rs b/src/login/routes/logout/test.rs
index 91837fe..775fa9f 100644
--- a/src/login/routes/logout/test.rs
+++ b/src/login/routes/logout/test.rs
@@ -12,9 +12,9 @@ async fn successful() {
 
     let app = fixtures::scratch_app().await;
     let now = fixtures::now();
-    let login = fixtures::login::create_with_password(&app, &fixtures::now()).await;
-    let identity = fixtures::identity::logged_in(&app, &login, &now).await;
-    let secret = fixtures::identity::secret(&identity);
+    let creds = fixtures::login::create_with_password(&app, &fixtures::now()).await;
+    let identity = fixtures::cookie::logged_in(&app, &creds, &now).await;
+    let secret = fixtures::cookie::secret(&identity);
 
     // Call the endpoint
 
@@ -49,10 +49,10 @@ async fn no_identity() {
 
     // Call the endpoint
 
-    let identity = fixtures::identity::not_logged_in();
+    let identity = fixtures::cookie::not_logged_in();
     let (identity, status) = post::handler(State(app), fixtures::now(), identity, Json::default())
         .await
-        .expect("logged out with no token");
+        .expect("logged out with no token succeeds");
 
     // Verify the return value's basic structure
 
@@ -68,10 +68,10 @@ async fn invalid_token() {
 
     // Call the endpoint
 
-    let identity = fixtures::identity::fictitious();
+    let identity = fixtures::cookie::fictitious();
     let post::Error(error) = post::handler(State(app), fixtures::now(), identity, Json::default())
         .await
-        .expect_err("logged out with an invalid token");
+        .expect_err("logged out with an invalid token fails");
 
     // Verify the return value's basic structure