storage: unify most oauth2 related errors

2025-07-29 22:01:14 +03:00 · 2022-12-07 20:11:49 +01:00
parent b7cad48bbd
commit 102571512e
15 changed files with 261 additions and 388 deletions
--- a/crates/axum-utils/src/client_authorization.rs
+++ b/crates/axum-utils/src/client_authorization.rs
@ -31,7 +31,7 @@ use mas_http::HttpServiceExt;
 use mas_iana::oauth::OAuthClientAuthenticationMethod;
 use mas_jose::{jwk::PublicJsonWebKeySet, jwt::Jwt};
 use mas_keystore::Encrypter;
-use mas_storage::oauth2::client::{lookup_client_by_client_id, ClientFetchError};
+use mas_storage::{oauth2::client::lookup_client_by_client_id, DatabaseError};
 use serde::{de::DeserializeOwned, Deserialize};
 use serde_json::Value;
 use sqlx::PgExecutor;
@ -73,7 +73,10 @@ pub enum Credentials {
 }

 impl Credentials {
-    pub async fn fetch(&self, executor: impl PgExecutor<'_>) -> Result<Client, ClientFetchError> {
+    pub async fn fetch(
+        &self,
+        executor: impl PgExecutor<'_>,
+    ) -> Result<Option<Client>, DatabaseError> {
        let client_id = match self {
            Credentials::None { client_id }
            | Credentials::ClientSecretBasic { client_id, .. }
--- a/crates/axum-utils/src/user_authorization.rs
+++ b/crates/axum-utils/src/user_authorization.rs
@ -27,10 +27,7 @@ use axum::{
 use headers::{authorization::Bearer, Authorization, Header, HeaderMapExt, HeaderName};
 use http::{header::WWW_AUTHENTICATE, HeaderMap, HeaderValue, Request, StatusCode};
 use mas_data_model::Session;
-use mas_storage::{
-    oauth2::access_token::{lookup_active_access_token, AccessTokenLookupError},
-    LookupError,
-};
+use mas_storage::{oauth2::access_token::lookup_active_access_token, DatabaseError};
 use serde::{de::DeserializeOwned, Deserialize};
 use sqlx::PgConnection;
 use thiserror::Error;
@ -61,7 +58,9 @@ impl AccessToken {
            AccessToken::None => return Err(AuthorizationVerificationError::MissingToken),
        };

-        let (token, session) = lookup_active_access_token(conn, token.as_str()).await?;
+        let (token, session) = lookup_active_access_token(conn, token.as_str())
+            .await?
+            .ok_or(AuthorizationVerificationError::InvalidToken)?;

        Ok((token, session))
    }
@ -119,17 +118,7 @@ pub enum AuthorizationVerificationError {
    MissingForm,

    #[error(transparent)]
-    Internal(Box<dyn Error>),
-}
-
-impl From<AccessTokenLookupError> for AuthorizationVerificationError {
-    fn from(e: AccessTokenLookupError) -> Self {
-        if e.not_found() {
-            Self::InvalidToken
-        } else {
-            Self::Internal(Box::new(e))
-        }
-    }
+    Internal(#[from] DatabaseError),
 }

 enum BearerError {