Cleanup of TODO comments

Signed-off-by: Olivier 'reivilibre <olivier@librepush.net>
2024-04-21 18:17:17 +01:00 · 2024-04-21 18:17:17 +01:00 · e06d60cdf2
commit e06d60cdf2
parent 9a855f094d
5 changed files with 12 additions and 13 deletions
--- a/src/web.rs
+++ b/src/web.rs
@ -126,7 +126,8 @@ pub async fn serve(
 }

 async fn hello(ConnectInfo(_): ConnectInfo<SocketAddr>) -> impl IntoResponse {
-    "idCoop. TODO landing page"
+    // TODO(v0.0.2): landing page
+    "idCoop is running!"
 }

 fn make_login_redirect(then_uri: Uri) -> Response {
--- a/src/web/oauth_openid.rs
+++ b/src/web/oauth_openid.rs
@ -127,11 +127,9 @@ pub async fn oidc_discovery_configuration(
        response_types_supported: vec!["code".to_owned()],
        response_modes_supported: vec!["query".to_owned()],
        // TODO should we support 'implicit'?
-        // TODO should we support 'refresh_token'
+        // TODO(refresh) should we support 'refresh_token'
        grant_types_supported: vec!["authorization_code".to_owned()],
-        // TODO this is currently a lie
        subject_types_supported: vec!["public".to_owned()],
-        // TODO this is currently a lie
        // TODO we should support other types?
        id_token_signing_alg_values_supported: vec!["RS256".to_owned()],
    })
--- a/src/web/oauth_openid/authorisation.rs
+++ b/src/web/oauth_openid/authorisation.rs
@ -70,7 +70,7 @@ pub async fn oidc_authorisation(
    let Query(query) = match query {
        Ok(query) => query,
        Err(err) => {
-            // TODO this should be a pretty page
+            // TODO(ui) this should be a pretty page
            return (
                StatusCode::BAD_REQUEST,
                format!("TODO bad authorisation request: {err:?}"),
@ -182,12 +182,12 @@ fn validate_authorisation_basics<'a>(
    config: &'a Configuration,
 ) -> Result<(String, &'a OidcClientConfiguration), Response> {
    let Some(client_config) = config.oidc.clients.get(&query.client_id) else {
-        // TODO format as pretty page
+        // TODO(ui) format as pretty page
        return Err((StatusCode::BAD_REQUEST, "TODO bad client_id").into_response());
    };

    if !client_config.redirect_uris.contains(&query.redirect_uri) {
-        // TODO format as pretty page
+        // TODO(ui) format as pretty page
        return Err((StatusCode::BAD_REQUEST, "TODO bad redirect_uri").into_response());
    }

--- a/src/web/oauth_openid/ext_codes.rs
+++ b/src/web/oauth_openid/ext_codes.rs
@ -218,7 +218,7 @@ pub enum CodeRedemption {
    Valid { binding: AuthCodeBinding },
    /// That auth code had already been redeemed: please invalidate the given access token and reject this redemption.
    Conflicted {
-        // TODO what if the token was refreshed since?
+        // TODO(refresh) what if the token was refreshed since?
        access_token_to_invalidate: AccessTokenHash,
        refresh_token_to_invalidate: RefreshTokenHash,
    },
--- a/src/web/oauth_openid/token.rs
+++ b/src/web/oauth_openid/token.rs
@ -128,7 +128,7 @@ pub async fn oidc_token(
    // now we have checked that the client is who they say they are...
    let _client_config = unverified_client_config;

-    // TODO support other grant types, e.g. refresh tokens
+    // TODO(refresh) support other grant types, e.g. refresh tokens
    if form.grant_type != "authorization_code" {
        return (
            StatusCode::BAD_REQUEST,
@ -304,7 +304,7 @@ pub async fn oidc_token(
                txn.issue_access_token(
                    &access_token_hash,
                    session_id,
-                    // TODO Support custom expiry, not 100 years
+                    // TODO(expiry) Support custom expiry, not 100 years
                    Utc::now() + Duration::days(365 * 100),
                )
                .await
@ -312,7 +312,7 @@ pub async fn oidc_token(
                txn.issue_refresh_token(
                    &refresh_token_hash,
                    session_id,
-                    // TODO Support custom expiry, not 100 years
+                    // TODO(expiry) Support custom expiry, not 100 years
                    Utc::now() + Duration::days(365 * 100),
                )
                .await
@ -345,7 +345,7 @@ pub async fn oidc_token(
        .duration_since(UNIX_EPOCH)
        .expect("Before unix epoch?")
        .as_secs();
-    // TODO Support custom expiry times (not just 100 years)
+    // TODO(expiry) Support custom expiry times (not just 100 years)
    let exp = now + 100 * 365 * 86400;
    let sub = binding.user_id.hyphenated().to_string();
    let id_token = IdToken {
@ -372,7 +372,7 @@ pub async fn oidc_token(
            access_token: access_token_b64,
            token_type: "Bearer".to_owned(),
            refresh_token: refresh_token_b64,
-            expires_in: 86400 * 365, // TODO
+            expires_in: 86400 * 365, // TODO(expiry)
            // This assumes that we only support the OpenID scope at present.
            scope: "openid".to_owned(),
            id_token,