Apply clippy fixes

Signed-off-by: Olivier 'reivilibre <olivier@librepush.net>
2024-06-25 22:09:10 +01:00 · 2024-06-25 22:09:10 +01:00 · 9bbae5411b
commit 9bbae5411b
parent 073fa99bdc
7 changed files with 22 additions and 23 deletions
--- a/src/config.rs
+++ b/src/config.rs
@ -109,7 +109,7 @@ impl SecretConfig {
            .await
            .context("failed to load RSA private key")?;
        let rsa_key_pair =
-            RsaKeyPair::from_pem(&rsa_keypair_bytes).context("Failed to decode RSA key pair")?;
+            RsaKeyPair::from_pem(rsa_keypair_bytes).context("Failed to decode RSA key pair")?;

        Ok(Self { rsa_key_pair })
    }
--- a/src/web.rs
+++ b/src/web.rs
@ -114,7 +114,7 @@ pub async fn serve(
        .layer(Extension(Arc::new(PasswordHashInflightLimiter::new(1))))
        .layer(client_ip_source.into_extension())
        .layer(Extension(Arc::new(ratelimiters)))
-        .layer(Extension(VolatileCodeStore::new()));
+        .layer(Extension(VolatileCodeStore::default()));

    info!("Listening on {bind:?}");
    axum::Server::try_bind(&bind)
--- a/src/web/login.rs
+++ b/src/web/login.rs
@ -133,10 +133,10 @@ impl LoginSession {

        // TODO this is only using the key, not the salt and persona
        let mac_tag_bytes = Blake2sMac256::new_with_salt_and_personal(&self.xsrf_secret, &[], &[])?
-            .chain_update(&now_8bytes)
+            .chain_update(now_8bytes)
            .finalize()
            .into_bytes();
-        let mac_b64 = BASE64_URL_SAFE_NO_PAD.encode(&mac_tag_bytes);
+        let mac_b64 = BASE64_URL_SAFE_NO_PAD.encode(mac_tag_bytes);

        Ok(format!("{now_timestamp}.{mac_b64}"))
    }
@ -158,7 +158,7 @@ impl LoginSession {
        // TODO this is only using the key, not the salt and persona
        // TODO perhaps the persona should be the user UUID hashed?
        Blake2sMac256::new_with_salt_and_personal(&self.xsrf_secret, &[], &[])?
-            .chain_update(&timestamp_8bytes)
+            .chain_update(timestamp_8bytes)
            .verify_slice(&mac_tag_bytes)
            .context("bad MAC in XSRF token")?;

@ -270,6 +270,7 @@ fn render_login_retry_form() -> Response {
    (StatusCode::UNAUTHORIZED, "Wrong username or password!").into_response() // TODO(ui): this should re-render the login form for another go
 }

+#[allow(clippy::too_many_arguments)]
 pub async fn post_login(
    Query(query): Query<LoginQuery>,
    cookies: Cookies,
@ -346,7 +347,7 @@ pub async fn post_login(
    let login_session_token = thread_rng().gen::<[u8; LOGIN_SESSION_TOKEN_BYTES]>();
    let login_session_token_b64 = BASE64_URL_SAFE_NO_PAD.encode(login_session_token);
    let login_session_token_hash: [u8; LOGIN_SESSION_TOKEN_HASH_BYTES] =
-        Blake2s256::digest(&login_session_token).into();
+        Blake2s256::digest(login_session_token).into();
    let xsrf_secret = thread_rng().gen::<[u8; LOGIN_SESSION_XSRF_SECRET_BYTES]>();

    // store session in the database
--- a/src/web/oauth_openid/application_session_access_token.rs
+++ b/src/web/oauth_openid/application_session_access_token.rs
@ -31,7 +31,7 @@ where
        let Ok(TypedHeader(Authorization(bearer))) = TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state).await else {
            return Err((StatusCode::UNAUTHORIZED, "No access token."));
        };
-        let Ok(access_token) = BASE64_URL_SAFE_NO_PAD.decode(&bearer.token()) else {
+        let Ok(access_token) = BASE64_URL_SAFE_NO_PAD.decode(bearer.token()) else {
            return Err((
                StatusCode::UNAUTHORIZED,
                "Invalid access token."
--- a/src/web/oauth_openid/authorisation.rs
+++ b/src/web/oauth_openid/authorisation.rs
@ -194,26 +194,26 @@ fn validate_authorisation_basics<'a>(
    if &query.response_type != "code" {
        return Err(fail_authorisation_with_redirect(
            query,
-            &client_config,
+            client_config,
            AuthorisationRedirectableError::UnsupportedResponseType,
            "We only support `code` authorisation responses here.".to_owned(),
        ));
    }
    if query.code_challenge.is_none() {
        return Err(fail_authorisation_with_redirect(
-            &query,
+            query,
            client_config,
            AuthorisationRedirectableError::InvalidRequest,
            "`code_challenge` not specified.".to_owned(),
        ));
    }
-    match query.code_challenge_method.as_ref().map(String::as_str) {
+    match query.code_challenge_method.as_deref() {
        None | Some("S256") | Some("plain") => {
            // OK: supported (None = 'plain')
        }
        _other => {
            return Err(fail_authorisation_with_redirect(
-                &query,
+                query,
                client_config,
                AuthorisationRedirectableError::InvalidRequest,
                "`code_challenge_method` is not supported.".to_owned(),
--- a/src/web/oauth_openid/ext_codes.rs
+++ b/src/web/oauth_openid/ext_codes.rs
@ -92,8 +92,8 @@ impl VolatileCodeStoreInner {
    ) -> CodeRedemption {
        if let Some(conflicted) = self.conflictable_codes.get(auth_code) {
            return CodeRedemption::Conflicted {
-                access_token_to_invalidate: conflicted.access_token_hash.clone(),
-                refresh_token_to_invalidate: conflicted.refresh_token_hash.clone(),
+                access_token_to_invalidate: conflicted.access_token_hash,
+                refresh_token_to_invalidate: conflicted.refresh_token_hash,
            };
        }

@ -146,8 +146,8 @@ pub struct VolatileCodeStore {
    inner: Arc<Mutex<VolatileCodeStoreInner>>,
 }

-impl VolatileCodeStore {
-    pub fn new() -> Self {
+impl Default for VolatileCodeStore {
+    fn default() -> Self {
        let poke = Arc::new(Notify::new());
        let inner: Arc<Mutex<VolatileCodeStoreInner>> = Default::default();

@ -159,7 +159,9 @@ impl VolatileCodeStore {

        VolatileCodeStore { inner, poke }
    }
+}

+impl VolatileCodeStore {
    async fn expirer(inner: Arc<Mutex<VolatileCodeStoreInner>>, poke: Arc<Notify>) {
        let mut next_expiry: Option<u64> = None;
        loop {
--- a/src/web/oauth_openid/token.rs
+++ b/src/web/oauth_openid/token.rs
@ -176,17 +176,13 @@ pub async fn oidc_token(
    // so double redemptions can invalidate the access token appropriately.
    let access_token = thread_rng().gen::<AccessToken>();
    let access_token_b64 = BASE64_URL_SAFE_NO_PAD.encode(access_token);
-    let access_token_hash: AccessTokenHash = Blake2s256::digest(&access_token).into();
+    let access_token_hash: AccessTokenHash = Blake2s256::digest(access_token).into();
    let refresh_token = thread_rng().gen::<RefreshToken>();
    let refresh_token_b64 = BASE64_URL_SAFE_NO_PAD.encode(refresh_token);
-    let refresh_token_hash: RefreshTokenHash = Blake2s256::digest(&refresh_token).into();
+    let refresh_token_hash: RefreshTokenHash = Blake2s256::digest(refresh_token).into();

    // Redeem the auth code so we can check it and then maybe issue an access token.
-    let binding = match code_store.redeem(
-        &auth_code,
-        access_token_hash.clone(),
-        refresh_token_hash.clone(),
-    ) {
+    let binding = match code_store.redeem(&auth_code, access_token_hash, refresh_token_hash) {
        CodeRedemption::Invalid => {
            return (
                StatusCode::BAD_REQUEST,
@ -382,7 +378,7 @@ pub async fn oidc_token(
 }

 fn make_id_token(id_token: IdToken, secrets: &SecretConfig) -> eyre::Result<String> {
-    let Ok(serde_json::Value::Object(map)) = serde_json::to_value(&id_token).context("failed to serialise ID Token content") else {
+    let Ok(serde_json::Value::Object(map)) = serde_json::to_value(id_token).context("failed to serialise ID Token content") else {
        bail!("ID Token not a map");
    };