From 8a4e25c2a7d6235d726499d43fd1721104314e86 Mon Sep 17 00:00:00 2001 From: Owen Jacobson Date: Thu, 12 Sep 2024 00:24:31 -0400 Subject: Be a bit more consistent about 'token', the whole record, versus 'secret', the value in that record used to verify logins. --- src/login/extract/identity_token.rs | 21 +++++++++++---------- src/login/extract/login.rs | 4 ++-- src/login/routes.rs | 4 ++-- 3 files changed, 15 insertions(+), 14 deletions(-) (limited to 'src/login') diff --git a/src/login/extract/identity_token.rs b/src/login/extract/identity_token.rs index d39e3df..c322f7b 100644 --- a/src/login/extract/identity_token.rs +++ b/src/login/extract/identity_token.rs @@ -14,18 +14,19 @@ pub struct IdentityToken { } impl IdentityToken { - /// Get the identity token sent in the request, if any. If the identity was - /// not sent, or if it has previously been [clear]ed, then this will return - /// [None]. If the identity has previously been [set], then this will return - /// that token. - pub fn token(&self) -> Option<&str> { + /// Get the identity secret sent in the request, if any. If the identity + /// was not sent, or if it has previously been [clear]ed, then this will + /// return [None]. If the identity has previously been [set], then this + /// will return that secret, regardless of what the request originally + /// included. + pub fn secret(&self) -> Option<&str> { self.cookies.get(IDENTITY_COOKIE).map(Cookie::value) } - /// Positively set the identity token, and ensure that it will be sent back - /// to the client when this extractor is included in a response. - pub fn set(self, token: &str) -> Self { - let identity_cookie = Cookie::build((IDENTITY_COOKIE, String::from(token))) + /// Positively set the identity secret, and ensure that it will be sent + /// back to the client when this extractor is included in a response. + pub fn set(self, secret: &str) -> Self { + let identity_cookie = Cookie::build((IDENTITY_COOKIE, String::from(secret))) .http_only(true) .permanent() .build(); @@ -35,7 +36,7 @@ impl IdentityToken { } } - /// Remove the identity token and ensure that it will be cleared when this + /// Remove the identity secret and ensure that it will be cleared when this /// extractor is included in a response. pub fn clear(self) -> Self { IdentityToken { diff --git a/src/login/extract/login.rs b/src/login/extract/login.rs index 405aea8..da0a90e 100644 --- a/src/login/extract/login.rs +++ b/src/login/extract/login.rs @@ -29,12 +29,12 @@ impl FromRequestParts for Login { let identity_token = IdentityToken::from_request_parts(parts, state).await?; let RequestedAt(requested_at) = RequestedAt::from_request_parts(parts, state).await?; - let token = identity_token.token().ok_or(LoginError::Forbidden)?; + let secret = identity_token.secret().ok_or(LoginError::Forbidden)?; let db = State::::from_request_parts(parts, state).await?; let mut tx = db.begin().await?; tx.tokens().expire(requested_at).await?; - let login = tx.tokens().validate(token, requested_at).await?; + let login = tx.tokens().validate(secret, requested_at).await?; tx.commit().await?; login.ok_or(LoginError::Forbidden) diff --git a/src/login/routes.rs b/src/login/routes.rs index 840e2fa..c30bcb1 100644 --- a/src/login/routes.rs +++ b/src/login/routes.rs @@ -91,9 +91,9 @@ async fn on_logout( State(db): State, identity: IdentityToken, ) -> Result { - if let Some(token) = identity.token() { + if let Some(secret) = identity.secret() { let mut tx = db.begin().await?; - tx.tokens().revoke(token).await?; + tx.tokens().revoke(secret).await?; tx.commit().await?; } -- cgit v1.2.3