You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-07-29 22:01:14 +03:00
Upgrade Rust to 1.72.0
Fixes new clippy errors and upgrade other tools
This commit is contained in:
11
.github/workflows/build.yaml
vendored
11
.github/workflows/build.yaml
vendored
@ -1,4 +1,5 @@
|
|||||||
name: Build
|
name: Build
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches: [ main ]
|
branches: [ main ]
|
||||||
@ -28,7 +29,7 @@ jobs:
|
|||||||
- name: Setup OPA
|
- name: Setup OPA
|
||||||
uses: open-policy-agent/setup-opa@v2.1.0
|
uses: open-policy-agent/setup-opa@v2.1.0
|
||||||
with:
|
with:
|
||||||
version: 0.54.0
|
version: 0.55.0
|
||||||
|
|
||||||
- name: Install Node
|
- name: Install Node
|
||||||
uses: actions/setup-node@v3.8.1
|
uses: actions/setup-node@v3.8.1
|
||||||
@ -91,7 +92,7 @@ jobs:
|
|||||||
save-if: "${{ github.event_name != 'pull_request' }}"
|
save-if: "${{ github.event_name != 'pull_request' }}"
|
||||||
|
|
||||||
- name: Install zig and cargo-zigbuild
|
- name: Install zig and cargo-zigbuild
|
||||||
run: pip3 install ziglang==0.9.1 cargo-zigbuild==0.16.12
|
run: pip3 install ziglang==0.11.0 cargo-zigbuild==0.17.1
|
||||||
|
|
||||||
- name: Build the binary
|
- name: Build the binary
|
||||||
run: |
|
run: |
|
||||||
@ -155,11 +156,7 @@ jobs:
|
|||||||
save-if: "${{ github.event_name != 'pull_request' }}"
|
save-if: "${{ github.event_name != 'pull_request' }}"
|
||||||
|
|
||||||
- name: Install zig and cargo-zigbuild
|
- name: Install zig and cargo-zigbuild
|
||||||
# XXX: note how the ziglang version is not the same as the Dockerfile and the Linux build
|
run: pip3 install ziglang==0.11.0 cargo-zigbuild==0.17.1
|
||||||
# This is because there is an issue with zig 0.10.x when building the `psm` crate for Linux, but it works fine for macOS
|
|
||||||
# The reason we're not on 0.9.x for the macOS build is because there is an issue for linking the final binary with 0.9.x
|
|
||||||
# This should all be fixed once zig 0.11.x is released in a few weeks
|
|
||||||
run: pip3 install ziglang==0.10.1.post1 cargo-zigbuild==0.16.12
|
|
||||||
|
|
||||||
- name: Download the macOS SDK
|
- name: Download the macOS SDK
|
||||||
run: curl -L "https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX11.3.sdk.tar.xz" | tar -J -x -C /opt
|
run: curl -L "https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX11.3.sdk.tar.xz" | tar -J -x -C /opt
|
||||||
|
6
.github/workflows/ci.yaml
vendored
6
.github/workflows/ci.yaml
vendored
@ -29,7 +29,7 @@ jobs:
|
|||||||
- name: Setup OPA
|
- name: Setup OPA
|
||||||
uses: open-policy-agent/setup-opa@v2.1.0
|
uses: open-policy-agent/setup-opa@v2.1.0
|
||||||
with:
|
with:
|
||||||
version: 0.54.0
|
version: 0.55.0
|
||||||
|
|
||||||
- name: Lint policies
|
- name: Lint policies
|
||||||
working-directory: ./policies
|
working-directory: ./policies
|
||||||
@ -196,7 +196,7 @@ jobs:
|
|||||||
- name: Setup OPA
|
- name: Setup OPA
|
||||||
uses: open-policy-agent/setup-opa@v2.1.0
|
uses: open-policy-agent/setup-opa@v2.1.0
|
||||||
with:
|
with:
|
||||||
version: 0.54.0
|
version: 0.55.0
|
||||||
|
|
||||||
- name: Compile OPA policies
|
- name: Compile OPA policies
|
||||||
working-directory: ./policies
|
working-directory: ./policies
|
||||||
@ -260,7 +260,7 @@ jobs:
|
|||||||
- name: Setup OPA
|
- name: Setup OPA
|
||||||
uses: open-policy-agent/setup-opa@v2.1.0
|
uses: open-policy-agent/setup-opa@v2.1.0
|
||||||
with:
|
with:
|
||||||
version: 0.54.0
|
version: 0.55.0
|
||||||
|
|
||||||
- name: Compile OPA policies
|
- name: Compile OPA policies
|
||||||
working-directory: ./policies
|
working-directory: ./policies
|
||||||
|
4
.github/workflows/coverage.yaml
vendored
4
.github/workflows/coverage.yaml
vendored
@ -29,7 +29,7 @@ jobs:
|
|||||||
- name: Setup OPA
|
- name: Setup OPA
|
||||||
uses: open-policy-agent/setup-opa@v2.1.0
|
uses: open-policy-agent/setup-opa@v2.1.0
|
||||||
with:
|
with:
|
||||||
version: 0.54.0
|
version: 0.55.0
|
||||||
|
|
||||||
- name: Run OPA tests with coverage
|
- name: Run OPA tests with coverage
|
||||||
working-directory: ./policies
|
working-directory: ./policies
|
||||||
@ -119,7 +119,7 @@ jobs:
|
|||||||
- name: Setup OPA
|
- name: Setup OPA
|
||||||
uses: open-policy-agent/setup-opa@v2.1.0
|
uses: open-policy-agent/setup-opa@v2.1.0
|
||||||
with:
|
with:
|
||||||
version: 0.54.0
|
version: 0.55.0
|
||||||
|
|
||||||
- name: Compile OPA policies
|
- name: Compile OPA policies
|
||||||
working-directory: ./policies
|
working-directory: ./policies
|
||||||
|
11
Dockerfile
11
Dockerfile
@ -12,14 +12,15 @@
|
|||||||
# The Debian version and version name must be in sync
|
# The Debian version and version name must be in sync
|
||||||
ARG DEBIAN_VERSION=11
|
ARG DEBIAN_VERSION=11
|
||||||
ARG DEBIAN_VERSION_NAME=bullseye
|
ARG DEBIAN_VERSION_NAME=bullseye
|
||||||
ARG RUSTC_VERSION=1.71.0
|
ARG RUSTC_VERSION=1.72.0
|
||||||
# XXX: Upgrade to 0.10.0 blocked by https://github.com/ziglang/zig/issues/10915#issuecomment-1354548110
|
# XXX: Upgrade to 0.10.0 blocked by https://github.com/ziglang/zig/issues/10915#issuecomment-1354548110
|
||||||
|
# XXX: Upgrade to 0.11.0 blocked by https://github.com/rust-cross/cargo-zigbuild/issues/162
|
||||||
ARG ZIG_VERSION=0.9.1
|
ARG ZIG_VERSION=0.9.1
|
||||||
ARG NODEJS_VERSION=18.16.1
|
ARG NODEJS_VERSION=18.17.1
|
||||||
ARG OPA_VERSION=0.54.0
|
ARG OPA_VERSION=0.55.0
|
||||||
ARG CARGO_AUDITABLE_VERSION=0.6.1
|
ARG CARGO_AUDITABLE_VERSION=0.6.1
|
||||||
ARG CARGO_CHEF_VERSION=0.1.61
|
ARG CARGO_CHEF_VERSION=0.1.62
|
||||||
ARG CARGO_ZIGBUILD_VERSION=0.16.12
|
ARG CARGO_ZIGBUILD_VERSION=0.17.1
|
||||||
|
|
||||||
##########################################
|
##########################################
|
||||||
## Build stage that builds the frontend ##
|
## Build stage that builds the frontend ##
|
||||||
|
@ -108,6 +108,13 @@ pub struct CookieJar {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl CookieJar {
|
impl CookieJar {
|
||||||
|
/// Save the given payload in a cookie
|
||||||
|
///
|
||||||
|
/// If `permanent` is true, the cookie will be valid for 10 years
|
||||||
|
///
|
||||||
|
/// # Panics
|
||||||
|
///
|
||||||
|
/// Panics if the payload cannot be serialized
|
||||||
#[must_use]
|
#[must_use]
|
||||||
pub fn save<T: Serialize>(mut self, key: &str, payload: &T, permanent: bool) -> Self {
|
pub fn save<T: Serialize>(mut self, key: &str, payload: &T, permanent: bool) -> Self {
|
||||||
let serialized =
|
let serialized =
|
||||||
|
@ -300,7 +300,7 @@ impl Options {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
for scope in oauth2_session.scope.iter() {
|
for scope in &*oauth2_session.scope {
|
||||||
if let Some(device) = Device::from_scope_token(scope) {
|
if let Some(device) = Device::from_scope_token(scope) {
|
||||||
// Schedule a job to delete the device.
|
// Schedule a job to delete the device.
|
||||||
repo.job()
|
repo.job()
|
||||||
|
@ -12,9 +12,9 @@
|
|||||||
// See the License for the specific language governing permissions and
|
// See the License for the specific language governing permissions and
|
||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
pub(self) mod authorization_grant;
|
mod authorization_grant;
|
||||||
pub(self) mod client;
|
mod client;
|
||||||
pub(self) mod session;
|
mod session;
|
||||||
|
|
||||||
pub use self::{
|
pub use self::{
|
||||||
authorization_grant::{AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, Pkce},
|
authorization_grant::{AuthorizationCode, AuthorizationGrant, AuthorizationGrantStage, Pkce},
|
||||||
|
@ -109,7 +109,7 @@ impl OAuth2SessionMutations {
|
|||||||
// XXX: this might not be the right semantic, but it's the best we
|
// XXX: this might not be the right semantic, but it's the best we
|
||||||
// can do for now, since we're not explicitly storing devices for OAuth2
|
// can do for now, since we're not explicitly storing devices for OAuth2
|
||||||
// sessions.
|
// sessions.
|
||||||
for scope in session.scope.iter() {
|
for scope in &*session.scope {
|
||||||
if let Some(device) = Device::from_scope_token(scope) {
|
if let Some(device) = Device::from_scope_token(scope) {
|
||||||
// Schedule a job to delete the device.
|
// Schedule a job to delete the device.
|
||||||
repo.job()
|
repo.job()
|
||||||
|
@ -213,7 +213,7 @@ pub(crate) async fn post(
|
|||||||
// XXX: this might not be the right semantic, but it's the best we
|
// XXX: this might not be the right semantic, but it's the best we
|
||||||
// can do for now, since we're not explicitly storing devices for OAuth2
|
// can do for now, since we're not explicitly storing devices for OAuth2
|
||||||
// sessions.
|
// sessions.
|
||||||
for scope in session.scope.iter() {
|
for scope in &*session.scope {
|
||||||
if let Some(device) = Device::from_scope_token(scope) {
|
if let Some(device) = Device::from_scope_token(scope) {
|
||||||
// Schedule a job to delete the device.
|
// Schedule a job to delete the device.
|
||||||
repo.job()
|
repo.job()
|
||||||
|
@ -337,7 +337,7 @@ async fn authorization_code_grant(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Look for device to provision
|
// Look for device to provision
|
||||||
for scope in session.scope.iter() {
|
for scope in &*session.scope {
|
||||||
if let Some(device) = Device::from_scope_token(scope) {
|
if let Some(device) = Device::from_scope_token(scope) {
|
||||||
// Note that we're not waiting for the job to finish, we just schedule it. We
|
// Note that we're not waiting for the job to finish, we just schedule it. We
|
||||||
// might get in a situation where the provisioning job is not finished when the
|
// might get in a situation where the provisioning job is not finished when the
|
||||||
|
@ -61,7 +61,7 @@ impl CorsLayerExt for CorsLayer {
|
|||||||
H: IntoIterator<Item = HeaderName>,
|
H: IntoIterator<Item = HeaderName>,
|
||||||
{
|
{
|
||||||
let base = PROPAGATOR_HEADERS.get().cloned().unwrap_or_default();
|
let base = PROPAGATOR_HEADERS.get().cloned().unwrap_or_default();
|
||||||
let headers: Vec<_> = headers.into_iter().chain(base.into_iter()).collect();
|
let headers: Vec<_> = headers.into_iter().chain(base).collect();
|
||||||
self.allow_headers(headers)
|
self.allow_headers(headers)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -17,7 +17,7 @@ use sha2::{Sha256, Sha384, Sha512};
|
|||||||
|
|
||||||
mod asymmetric;
|
mod asymmetric;
|
||||||
pub(crate) mod hmac;
|
pub(crate) mod hmac;
|
||||||
pub(self) mod signature;
|
mod signature;
|
||||||
mod symmetric;
|
mod symmetric;
|
||||||
|
|
||||||
pub use self::{
|
pub use self::{
|
||||||
|
@ -80,6 +80,10 @@ impl<T> MaybeTlsStream<T> {
|
|||||||
|
|
||||||
/// Gather informations about the TLS connection. Returns `None` if the
|
/// Gather informations about the TLS connection. Returns `None` if the
|
||||||
/// stream is not a TLS stream.
|
/// stream is not a TLS stream.
|
||||||
|
///
|
||||||
|
/// # Panics
|
||||||
|
///
|
||||||
|
/// Panics if the TLS handshake is not done yet, which should never happen
|
||||||
pub fn tls_info(&self) -> Option<TlsStreamInfo> {
|
pub fn tls_info(&self) -> Option<TlsStreamInfo> {
|
||||||
let conn = self.get_tls_connection()?;
|
let conn = self.get_tls_connection()?;
|
||||||
|
|
||||||
|
@ -317,7 +317,7 @@ impl fmt::Debug for AuthorizationRequest {
|
|||||||
.field("request", &self.request)
|
.field("request", &self.request)
|
||||||
.field("request_uri", &self.request_uri)
|
.field("request_uri", &self.request_uri)
|
||||||
.field("registration", &self.registration)
|
.field("registration", &self.registration)
|
||||||
.finish()
|
.finish_non_exhaustive()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -422,7 +422,7 @@ impl fmt::Debug for DeviceAuthorizationResponse {
|
|||||||
.field("verification_uri", &self.verification_uri)
|
.field("verification_uri", &self.verification_uri)
|
||||||
.field("expires_in", &self.expires_in)
|
.field("expires_in", &self.expires_in)
|
||||||
.field("interval", &self.interval)
|
.field("interval", &self.interval)
|
||||||
.finish()
|
.finish_non_exhaustive()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# Set to 1 to run OPA through Docker
|
# Set to 1 to run OPA through Docker
|
||||||
DOCKER := 0
|
DOCKER := 0
|
||||||
OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:0.54.0
|
OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:0.55.0
|
||||||
|
|
||||||
ifeq ($(DOCKER), 0)
|
ifeq ($(DOCKER), 0)
|
||||||
OPA := opa
|
OPA := opa
|
||||||
|
Reference in New Issue
Block a user