From 4eb63b8adda4559df3dadcf721e2bb0d1f65a01f Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 24 Aug 2025 03:48:17 -0400
Subject: Stop returning body data from `POST /api/auth/login`.

As with `/api/setup`, the response was an ad-hoc choice, which we are not using and which constrains future development just by existing.
---
 src/user/handlers/login/mod.rs     | 8 ++++----
 src/user/handlers/login/test.rs    | 7 +++----
 src/user/handlers/password/test.rs | 7 ++++++-
 3 files changed, 13 insertions(+), 9 deletions(-)

(limited to 'src/user')

diff --git a/src/user/handlers/login/mod.rs b/src/user/handlers/login/mod.rs
index da88885..d3e0e8c 100644
--- a/src/user/handlers/login/mod.rs
+++ b/src/user/handlers/login/mod.rs
@@ -7,11 +7,11 @@ use axum::{
 use crate::{
     app::App,
     clock::RequestedAt,
+    empty::Empty,
     error::Internal,
     name::Name,
     password::Password,
     token::{app, extract::IdentityCookie},
-    user::User,
 };
 
 #[cfg(test)]
@@ -22,14 +22,14 @@ pub async fn handler(
     RequestedAt(now): RequestedAt,
     identity: IdentityCookie,
     Json(request): Json<Request>,
-) -> Result<(IdentityCookie, Json<User>), Error> {
-    let (user, secret) = app
+) -> Result<(IdentityCookie, Empty), Error> {
+    let secret = app
         .tokens()
         .login(&request.name, &request.password, &now)
         .await
         .map_err(Error)?;
     let identity = identity.set(secret);
-    Ok((identity, Json(user)))
+    Ok((identity, Empty))
 }
 
 #[derive(serde::Deserialize)]
diff --git a/src/user/handlers/login/test.rs b/src/user/handlers/login/test.rs
index b8f24f6..bdd1957 100644
--- a/src/user/handlers/login/test.rs
+++ b/src/user/handlers/login/test.rs
@@ -1,6 +1,6 @@
 use axum::extract::{Json, State};
 
-use crate::{test::fixtures, token::app};
+use crate::{empty::Empty, test::fixtures, token::app};
 
 #[tokio::test]
 async fn correct_credentials() {
@@ -17,14 +17,13 @@ async fn correct_credentials() {
         name: name.clone(),
         password,
     };
-    let (identity, Json(response)) =
+    let (identity, Empty) =
         super::handler(State(app.clone()), logged_in_at, identity, Json(request))
             .await
             .expect("logged in with valid credentials");
 
     // Verify the return value's basic structure
 
-    assert_eq!(name, response.name);
     let secret = identity
         .secret()
         .expect("logged in with valid credentials issues an identity cookie");
@@ -38,7 +37,7 @@ async fn correct_credentials() {
         .await
         .expect("identity secret is valid");
 
-    assert_eq!(response, validated_login);
+    assert_eq!(name, validated_login.name);
 }
 
 #[tokio::test]
diff --git a/src/user/handlers/password/test.rs b/src/user/handlers/password/test.rs
index 42e41d8..278d27b 100644
--- a/src/user/handlers/password/test.rs
+++ b/src/user/handlers/password/test.rs
@@ -58,10 +58,15 @@ async fn password_change() {
     assert!(matches!(login_err, LoginError::Rejected));
 
     // Verify that our new password is valid
-    let (login, _) = app
+    let secret = app
         .tokens()
         .login(&name, &to, &fixtures::now())
         .await
         .expect("logging in with the new password should succeed");
+    let (_, login) = app
+        .tokens()
+        .validate(&secret, &fixtures::now())
+        .await
+        .expect("validating a newly-issued token secret succeeds");
     assert_eq!(identity.user, login);
 }
-- 
cgit v1.2.3