storage: make the Clock a trait

crates/handlers/src/compat/login.rs

@@ -22,7 +22,7 @@ use mas_storage::{
         CompatSsoLoginRepository,
     },
     user::{UserPasswordRepository, UserRepository},
-    Clock, Repository,
+    Clock, Repository, SystemClock,
 };
 use mas_storage_pg::PgRepository;
 use serde::{Deserialize, Serialize};
@@ -254,7 +254,7 @@ pub(crate) async fn post(
 
 async fn token_login(
     repo: &mut PgRepository,
-    clock: &Clock,
+    clock: &SystemClock,
     token: &str,
 ) -> Result<(CompatSession, User), RouteError> {
     let login = repo

crates/handlers/src/compat/login_sso_complete.rs

@@ -31,7 +31,7 @@ use mas_keystore::Encrypter;
 use mas_router::{CompatLoginSsoAction, PostAuthAction, Route};
 use mas_storage::{
     compat::{CompatSessionRepository, CompatSsoLoginRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use mas_templates::{CompatSsoContext, ErrorContext, TemplateContext, Templates};

crates/handlers/src/compat/logout.rs

@@ -18,7 +18,7 @@ use hyper::StatusCode;
 use mas_data_model::TokenType;
 use mas_storage::{
     compat::{CompatAccessTokenRepository, CompatSessionRepository},
-    Clock, Repository,
+    Clock, Repository, SystemClock,
 };
 use mas_storage_pg::PgRepository;
 use sqlx::PgPool;
@@ -72,7 +72,7 @@ pub(crate) async fn post(
     State(pool): State<PgPool>,
     maybe_authorization: Option<TypedHeader<Authorization<Bearer>>>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let clock = Clock::default();
+    let clock = SystemClock::default();
     let mut repo = PgRepository::from_pool(&pool).await?;
 
     let TypedHeader(authorization) = maybe_authorization.ok_or(RouteError::MissingAuthorization)?;

crates/handlers/src/compat/refresh.rs

@@ -18,7 +18,7 @@ use hyper::StatusCode;
 use mas_data_model::{TokenFormatError, TokenType};
 use mas_storage::{
     compat::{CompatAccessTokenRepository, CompatRefreshTokenRepository, CompatSessionRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use serde::{Deserialize, Serialize};

crates/handlers/src/lib.rs

@@ -409,8 +409,8 @@ async fn test_state(pool: PgPool) -> Result<AppState, anyhow::Error> {
 }
 
 // XXX: that should be moved somewhere else
-fn clock_and_rng() -> (mas_storage::Clock, rand_chacha::ChaChaRng) {
-    let clock = mas_storage::Clock::default();
+fn clock_and_rng() -> (mas_storage::SystemClock, rand_chacha::ChaChaRng) {
+    let clock = mas_storage::SystemClock::default();
 
     // This rng is used to source the local rng
     #[allow(clippy::disallowed_methods)]

crates/handlers/src/oauth2/consent.rs

@@ -30,7 +30,7 @@ use mas_policy::PolicyFactory;
 use mas_router::{PostAuthAction, Route};
 use mas_storage::{
     oauth2::{OAuth2AuthorizationGrantRepository, OAuth2ClientRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use mas_templates::{ConsentContext, PolicyViolationContext, TemplateContext, Templates};

crates/handlers/src/oauth2/introspection.rs

@@ -25,7 +25,7 @@ use mas_storage::{
     compat::{CompatAccessTokenRepository, CompatRefreshTokenRepository, CompatSessionRepository},
     oauth2::{OAuth2AccessTokenRepository, OAuth2RefreshTokenRepository, OAuth2SessionRepository},
     user::{BrowserSessionRepository, UserRepository},
-    Clock, Repository,
+    Clock, Repository, SystemClock,
 };
 use mas_storage_pg::PgRepository;
 use oauth2_types::{
@@ -130,7 +130,7 @@ pub(crate) async fn post(
     State(encrypter): State<Encrypter>,
     client_authorization: ClientAuthorization<IntrospectionRequest>,
 ) -> Result<impl IntoResponse, RouteError> {
-    let clock = Clock::default();
+    let clock = SystemClock::default();
     let mut repo = PgRepository::from_pool(&pool).await?;
 
     let client = client_authorization

crates/handlers/src/oauth2/token.rs

@@ -37,7 +37,7 @@ use mas_storage::{
         OAuth2RefreshTokenRepository, OAuth2SessionRepository,
     },
     user::BrowserSessionRepository,
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use oauth2_types::{

crates/handlers/src/oauth2/userinfo.rs

@@ -31,7 +31,7 @@ use mas_router::UrlBuilder;
 use mas_storage::{
     oauth2::OAuth2ClientRepository,
     user::{BrowserSessionRepository, UserEmailRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use oauth2_types::scope;

crates/handlers/src/upstream_oauth2/authorize.rs

@@ -24,7 +24,7 @@ use mas_oidc_client::requests::authorization_code::AuthorizationRequestData;
 use mas_router::UrlBuilder;
 use mas_storage::{
     upstream_oauth2::{UpstreamOAuthProviderRepository, UpstreamOAuthSessionRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use sqlx::PgPool;

crates/handlers/src/upstream_oauth2/callback.rs

@@ -30,7 +30,7 @@ use mas_storage::{
         UpstreamOAuthLinkRepository, UpstreamOAuthProviderRepository,
         UpstreamOAuthSessionRepository,
     },
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use oauth2_types::errors::ClientErrorCode;

crates/handlers/src/upstream_oauth2/link.rs

@@ -27,7 +27,7 @@ use mas_keystore::Encrypter;
 use mas_storage::{
     upstream_oauth2::{UpstreamOAuthLinkRepository, UpstreamOAuthSessionRepository},
     user::{BrowserSessionRepository, UserRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use mas_templates::{

crates/handlers/src/views/account/emails/add.rs

@@ -24,7 +24,7 @@ use mas_axum_utils::{
 use mas_email::Mailer;
 use mas_keystore::Encrypter;
 use mas_router::Route;
-use mas_storage::{user::UserEmailRepository, Repository};
+use mas_storage::{user::UserEmailRepository, Clock, Repository};
 use mas_storage_pg::PgRepository;
 use mas_templates::{EmailAddContext, TemplateContext, Templates};
 use serde::Deserialize;

crates/handlers/src/views/account/emails/mod.rs

@@ -71,7 +71,7 @@ pub(crate) async fn get(
 
 async fn render(
     rng: impl Rng + Send,
-    clock: &Clock,
+    clock: &impl Clock,
     templates: Templates,
     session: BrowserSession,
     cookie_jar: PrivateCookieJar<Encrypter>,
@@ -94,7 +94,7 @@ async fn start_email_verification(
     mailer: &Mailer,
     repo: &mut impl Repository,
     mut rng: impl Rng + Send,
-    clock: &Clock,
+    clock: &impl Clock,
     user: &User,
     user_email: UserEmail,
 ) -> anyhow::Result<()> {

crates/handlers/src/views/account/emails/verify.rs

@@ -24,7 +24,7 @@ use mas_axum_utils::{
 };
 use mas_keystore::Encrypter;
 use mas_router::Route;
-use mas_storage::{user::UserEmailRepository, Clock, Repository};
+use mas_storage::{user::UserEmailRepository, Clock, Repository, SystemClock};
 use mas_storage_pg::PgRepository;
 use mas_templates::{EmailVerificationPageContext, TemplateContext, Templates};
 use serde::Deserialize;
@@ -89,7 +89,7 @@ pub(crate) async fn post(
     Path(id): Path<Ulid>,
     Form(form): Form<ProtectedForm<CodeForm>>,
 ) -> Result<Response, FancyError> {
-    let clock = Clock::default();
+    let clock = SystemClock::default();
     let mut repo = PgRepository::from_pool(&pool).await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/views/account/mod.rs

@@ -25,7 +25,7 @@ use mas_keystore::Encrypter;
 use mas_router::Route;
 use mas_storage::{
     user::{BrowserSessionRepository, UserEmailRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use mas_templates::{AccountContext, TemplateContext, Templates};

crates/handlers/src/views/account/password.rs

@@ -67,7 +67,7 @@ pub(crate) async fn get(
 
 async fn render(
     rng: impl Rng + Send,
-    clock: &Clock,
+    clock: &impl Clock,
     templates: Templates,
     session: BrowserSession,
     cookie_jar: PrivateCookieJar<Encrypter>,

crates/handlers/src/views/index.rs

@@ -20,6 +20,7 @@ use axum_extra::extract::PrivateCookieJar;
 use mas_axum_utils::{csrf::CsrfExt, FancyError, SessionInfoExt};
 use mas_keystore::Encrypter;
 use mas_router::UrlBuilder;
+use mas_storage::Clock;
 use mas_storage_pg::PgRepository;
 use mas_templates::{IndexContext, TemplateContext, Templates};
 use sqlx::PgPool;

crates/handlers/src/views/login.rs

@@ -167,7 +167,7 @@ async fn login(
     password_manager: PasswordManager,
     repo: &mut impl Repository,
     mut rng: impl Rng + CryptoRng + Send,
-    clock: &Clock,
+    clock: &impl Clock,
     username: &str,
     password: &str,
 ) -> Result<BrowserSession, FormError> {

crates/handlers/src/views/logout.rs

@@ -23,7 +23,7 @@ use mas_axum_utils::{
 };
 use mas_keystore::Encrypter;
 use mas_router::{PostAuthAction, Route};
-use mas_storage::{user::BrowserSessionRepository, Clock, Repository};
+use mas_storage::{user::BrowserSessionRepository, Clock, Repository, SystemClock};
 use mas_storage_pg::PgRepository;
 use sqlx::PgPool;
 
@@ -32,7 +32,7 @@ pub(crate) async fn post(
     cookie_jar: PrivateCookieJar<Encrypter>,
     Form(form): Form<ProtectedForm<Option<PostAuthAction>>>,
 ) -> Result<impl IntoResponse, FancyError> {
-    let clock = Clock::default();
+    let clock = SystemClock::default();
     let mut repo = PgRepository::from_pool(&pool).await?;
 
     let form = cookie_jar.verify_form(clock.now(), form)?;

crates/handlers/src/views/reauth.rs

@@ -26,7 +26,7 @@ use mas_keystore::Encrypter;
 use mas_router::Route;
 use mas_storage::{
     user::{BrowserSessionRepository, UserPasswordRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use mas_templates::{ReauthContext, TemplateContext, Templates};

crates/handlers/src/views/register.rs

@@ -33,7 +33,7 @@ use mas_policy::PolicyFactory;
 use mas_router::Route;
 use mas_storage::{
     user::{BrowserSessionRepository, UserEmailRepository, UserPasswordRepository, UserRepository},
-    Repository,
+    Clock, Repository,
 };
 use mas_storage_pg::PgRepository;
 use mas_templates::{