diff --git a/crates/data-model/src/tokens.rs b/crates/data-model/src/tokens.rs index 6e1c7658..85c68837 100644 --- a/crates/data-model/src/tokens.rs +++ b/crates/data-model/src/tokens.rs @@ -41,13 +41,6 @@ impl From> for AccessToken<()> { } } -impl AccessToken { - // XXX - pub fn exp(&self) -> DateTime { - self.expires_at - } -} - #[derive(Debug, Clone, PartialEq)] pub struct RefreshToken { pub data: T::RefreshTokenData, diff --git a/crates/handlers/src/oauth2/introspection.rs b/crates/handlers/src/oauth2/introspection.rs index c99ad063..c35b9532 100644 --- a/crates/handlers/src/oauth2/introspection.rs +++ b/crates/handlers/src/oauth2/introspection.rs @@ -193,7 +193,6 @@ pub(crate) async fn post( let reply = match token_type { TokenType::AccessToken => { let (token, session) = lookup_active_access_token(&mut conn, token).await?; - let exp = token.exp(); IntrospectionResponse { active: true, @@ -201,7 +200,7 @@ pub(crate) async fn post( client_id: Some(session.client.client_id), username: Some(session.browser_session.user.username), token_type: Some(OAuthTokenTypeHint::AccessToken), - exp: Some(exp), + exp: Some(token.expires_at), iat: Some(token.created_at), nbf: Some(token.created_at), sub: Some(session.browser_session.user.sub), diff --git a/crates/storage/src/oauth2/access_token.rs b/crates/storage/src/oauth2/access_token.rs index 1e57637c..1d9f8e40 100644 --- a/crates/storage/src/oauth2/access_token.rs +++ b/crates/storage/src/oauth2/access_token.rs @@ -110,26 +110,18 @@ impl AccessTokenLookupError { } } -// TODO: remove that manual async -#[allow(clippy::too_many_lines, clippy::manual_async_fn)] -pub fn lookup_active_access_token<'a, 'c, A>( +#[allow(clippy::too_many_lines)] +pub async fn lookup_active_access_token<'a, 'c, A>( conn: A, token: &'a str, -) -> impl std::future::Future< - Output = Result< - (AccessToken, Session), - AccessTokenLookupError, - >, -> + Send - + 'a +) -> Result<(AccessToken, Session), AccessTokenLookupError> where A: Acquire<'c, Database = Postgres> + Send + 'a, { - async move { - let mut conn = conn.acquire().await?; - let res = sqlx::query_as!( - OAuth2AccessTokenLookup, - r#" + let mut conn = conn.acquire().await?; + let res = sqlx::query_as!( + OAuth2AccessTokenLookup, + r#" SELECT at.oauth2_access_token_id, at.access_token AS "oauth2_access_token", @@ -168,75 +160,75 @@ where ORDER BY usa.created_at DESC LIMIT 1 "#, - token, - ) - .fetch_one(&mut *conn) - .await?; + token, + ) + .fetch_one(&mut *conn) + .await?; - let access_token = AccessToken { - data: res.oauth2_access_token_id.into(), - jti: res.oauth2_access_token_id.to_string(), - access_token: res.oauth2_access_token, - created_at: res.oauth2_access_token_created_at, - expires_at: res.oauth2_access_token_expires_at, - }; + let id = Ulid::from(res.oauth2_access_token_id); + let access_token = AccessToken { + data: id, + jti: id.to_string(), + access_token: res.oauth2_access_token, + created_at: res.oauth2_access_token_created_at, + expires_at: res.oauth2_access_token_expires_at, + }; - let client = lookup_client(&mut *conn, res.oauth2_client_id.into()).await?; + let client = lookup_client(&mut *conn, res.oauth2_client_id.into()).await?; - let primary_email = match ( - res.user_email_id, - res.user_email, - res.user_email_created_at, - res.user_email_confirmed_at, - ) { - (Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail { - data: id.into(), - email, - created_at, - confirmed_at, - }), - (None, None, None, None) => None, - _ => return Err(DatabaseInconsistencyError.into()), - }; + let primary_email = match ( + res.user_email_id, + res.user_email, + res.user_email_created_at, + res.user_email_confirmed_at, + ) { + (Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail { + data: id.into(), + email, + created_at, + confirmed_at, + }), + (None, None, None, None) => None, + _ => return Err(DatabaseInconsistencyError.into()), + }; - let id = Ulid::from(res.user_id); - let user = User { - data: id, - username: res.user_username, - sub: id.to_string(), - primary_email, - }; + let id = Ulid::from(res.user_id); + let user = User { + data: id, + username: res.user_username, + sub: id.to_string(), + primary_email, + }; - let last_authentication = match ( - res.user_session_last_authentication_id, - res.user_session_last_authentication_created_at, - ) { - (None, None) => None, - (Some(id), Some(created_at)) => Some(Authentication { - data: id.into(), - created_at, - }), - _ => return Err(DatabaseInconsistencyError.into()), - }; + let last_authentication = match ( + res.user_session_last_authentication_id, + res.user_session_last_authentication_created_at, + ) { + (None, None) => None, + (Some(id), Some(created_at)) => Some(Authentication { + data: id.into(), + created_at, + }), + _ => return Err(DatabaseInconsistencyError.into()), + }; - let browser_session = BrowserSession { - data: res.user_session_id.into(), - created_at: res.user_session_created_at, - user, - last_authentication, - }; + let browser_session = BrowserSession { + data: res.user_session_id.into(), + created_at: res.user_session_created_at, + user, + last_authentication, + }; - let scope = res.scope.parse().map_err(|_e| DatabaseInconsistencyError)?; + let scope = res.scope.parse().map_err(|_e| DatabaseInconsistencyError)?; - let session = Session { - data: res.oauth2_session_id.into(), - client, - browser_session, - scope, - }; + let session = Session { + data: res.oauth2_session_id.into(), + client, + browser_session, + scope, + }; - Ok((access_token, session)) - } + Ok((access_token, session)) } #[tracing::instrument( diff --git a/crates/storage/src/oauth2/refresh_token.rs b/crates/storage/src/oauth2/refresh_token.rs index 94c2cef7..324879ac 100644 --- a/crates/storage/src/oauth2/refresh_token.rs +++ b/crates/storage/src/oauth2/refresh_token.rs @@ -179,14 +179,16 @@ pub async fn lookup_active_refresh_token( res.oauth2_access_token_expires_at, ) { (None, None, None, None) => None, - (Some(id), Some(access_token), Some(created_at), Some(expires_at)) => Some(AccessToken { - data: id.into(), - // XXX: are we doing that everywhere? - jti: Ulid::from(id).to_string(), - access_token, - created_at, - expires_at, - }), + (Some(id), Some(access_token), Some(created_at), Some(expires_at)) => { + let id = Ulid::from(id); + Some(AccessToken { + data: id, + jti: id.to_string(), + access_token, + created_at, + expires_at, + }) + } _ => return Err(DatabaseInconsistencyError.into()), };