data-model: have more structs use a state machine

crates/handlers/src/upstream_oauth2/callback.rs

@@ -153,12 +153,12 @@ pub(crate) async fn get(
         return Err(RouteError::ProviderMismatch);
     }
 
-    if params.state != session.state {
+    if params.state != session.state_str {
         // The state in the session cookie should match the one from the params
         return Err(RouteError::StateMismatch);
     }
 
-    if session.completed() {
+    if !session.is_pending() {
         // The session was already completed
         return Err(RouteError::AlreadyCompleted);
     }
@@ -207,7 +207,7 @@ pub(crate) async fn get(
 
     // TODO: all that should be borrowed
     let validation_data = AuthorizationValidationData {
-        state: session.state.clone(),
+        state: session.state_str.clone(),
         nonce: session.nonce.clone(),
         code_challenge_verifier: session.code_challenge_verifier.clone(),
         redirect_uri,

crates/handlers/src/upstream_oauth2/link.rs

@@ -121,11 +121,11 @@ pub(crate) async fn get(
 
     // This checks that we're in a browser session which is allowed to consume this
     // link: the upstream auth session should have been started in this browser.
-    if upstream_session.link_id != Some(link.id) {
+    if upstream_session.link_id() != Some(link.id) {
         return Err(RouteError::SessionNotFound);
     }
 
-    if upstream_session.consumed() {
+    if upstream_session.is_consumed() {
         return Err(RouteError::SessionConsumed);
     }
 
@@ -243,11 +243,11 @@ pub(crate) async fn post(
 
     // This checks that we're in a browser session which is allowed to consume this
     // link: the upstream auth session should have been started in this browser.
-    if upstream_session.link_id != Some(link.id) {
+    if upstream_session.link_id() != Some(link.id) {
         return Err(RouteError::SessionNotFound);
     }
 
-    if upstream_session.consumed() {
+    if upstream_session.is_consumed() {
         return Err(RouteError::SessionConsumed);
     }