Cleanups

crates/data-model/src/tokens.rs

@@ -41,13 +41,6 @@ impl<S: StorageBackendMarker> From<AccessToken<S>> for AccessToken<()> {
     }
 }
 
-impl<T: StorageBackend> AccessToken<T> {
-    // XXX
-    pub fn exp(&self) -> DateTime<Utc> {
-        self.expires_at
-    }
-}
-
 #[derive(Debug, Clone, PartialEq)]
 pub struct RefreshToken<T: StorageBackend> {
     pub data: T::RefreshTokenData,

crates/handlers/src/oauth2/introspection.rs

@@ -193,7 +193,6 @@ pub(crate) async fn post(
     let reply = match token_type {
         TokenType::AccessToken => {
             let (token, session) = lookup_active_access_token(&mut conn, token).await?;
-            let exp = token.exp();
 
             IntrospectionResponse {
                 active: true,
@@ -201,7 +200,7 @@ pub(crate) async fn post(
                 client_id: Some(session.client.client_id),
                 username: Some(session.browser_session.user.username),
                 token_type: Some(OAuthTokenTypeHint::AccessToken),
-                exp: Some(exp),
+                exp: Some(token.expires_at),
                 iat: Some(token.created_at),
                 nbf: Some(token.created_at),
                 sub: Some(session.browser_session.user.sub),

crates/storage/src/oauth2/access_token.rs

@@ -110,26 +110,18 @@ impl AccessTokenLookupError {
     }
 }
 
-// TODO: remove that manual async
+#[allow(clippy::too_many_lines)]
-#[allow(clippy::too_many_lines, clippy::manual_async_fn)]
+pub async fn lookup_active_access_token<'a, 'c, A>(
-pub fn lookup_active_access_token<'a, 'c, A>(
     conn: A,
     token: &'a str,
-) -> impl std::future::Future<
+) -> Result<(AccessToken<PostgresqlBackend>, Session<PostgresqlBackend>), AccessTokenLookupError>
-    Output = Result<
-        (AccessToken<PostgresqlBackend>, Session<PostgresqlBackend>),
-        AccessTokenLookupError,
-    >,
-> + Send
-       + 'a
 where
     A: Acquire<'c, Database = Postgres> + Send + 'a,
 {
-    async move {
+    let mut conn = conn.acquire().await?;
-        let mut conn = conn.acquire().await?;
+    let res = sqlx::query_as!(
-        let res = sqlx::query_as!(
+        OAuth2AccessTokenLookup,
-            OAuth2AccessTokenLookup,
+        r#"
-            r#"
             SELECT
                 at.oauth2_access_token_id,
                 at.access_token    AS "oauth2_access_token",
@@ -168,75 +160,75 @@ where
             ORDER BY usa.created_at DESC
             LIMIT 1
         "#,
-            token,
+        token,
-        )
+    )
-        .fetch_one(&mut *conn)
+    .fetch_one(&mut *conn)
-        .await?;
+    .await?;
 
-        let access_token = AccessToken {
+    let id = Ulid::from(res.oauth2_access_token_id);
-            data: res.oauth2_access_token_id.into(),
+    let access_token = AccessToken {
-            jti: res.oauth2_access_token_id.to_string(),
+        data: id,
-            access_token: res.oauth2_access_token,
+        jti: id.to_string(),
-            created_at: res.oauth2_access_token_created_at,
+        access_token: res.oauth2_access_token,
-            expires_at: res.oauth2_access_token_expires_at,
+        created_at: res.oauth2_access_token_created_at,
-        };
+        expires_at: res.oauth2_access_token_expires_at,
+    };
 
-        let client = lookup_client(&mut *conn, res.oauth2_client_id.into()).await?;
+    let client = lookup_client(&mut *conn, res.oauth2_client_id.into()).await?;
 
-        let primary_email = match (
+    let primary_email = match (
-            res.user_email_id,
+        res.user_email_id,
-            res.user_email,
+        res.user_email,
-            res.user_email_created_at,
+        res.user_email_created_at,
-            res.user_email_confirmed_at,
+        res.user_email_confirmed_at,
-        ) {
+    ) {
-            (Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
+        (Some(id), Some(email), Some(created_at), confirmed_at) => Some(UserEmail {
-                data: id.into(),
+            data: id.into(),
-                email,
+            email,
-                created_at,
+            created_at,
-                confirmed_at,
+            confirmed_at,
-            }),
+        }),
-            (None, None, None, None) => None,
+        (None, None, None, None) => None,
-            _ => return Err(DatabaseInconsistencyError.into()),
+        _ => return Err(DatabaseInconsistencyError.into()),
-        };
+    };
 
-        let id = Ulid::from(res.user_id);
+    let id = Ulid::from(res.user_id);
-        let user = User {
+    let user = User {
-            data: id,
+        data: id,
-            username: res.user_username,
+        username: res.user_username,
-            sub: id.to_string(),
+        sub: id.to_string(),
-            primary_email,
+        primary_email,
-        };
+    };
 
-        let last_authentication = match (
+    let last_authentication = match (
-            res.user_session_last_authentication_id,
+        res.user_session_last_authentication_id,
-            res.user_session_last_authentication_created_at,
+        res.user_session_last_authentication_created_at,
-        ) {
+    ) {
-            (None, None) => None,
+        (None, None) => None,
-            (Some(id), Some(created_at)) => Some(Authentication {
+        (Some(id), Some(created_at)) => Some(Authentication {
-                data: id.into(),
+            data: id.into(),
-                created_at,
+            created_at,
-            }),
+        }),
-            _ => return Err(DatabaseInconsistencyError.into()),
+        _ => return Err(DatabaseInconsistencyError.into()),
-        };
+    };
 
-        let browser_session = BrowserSession {
+    let browser_session = BrowserSession {
-            data: res.user_session_id.into(),
+        data: res.user_session_id.into(),
-            created_at: res.user_session_created_at,
+        created_at: res.user_session_created_at,
-            user,
+        user,
-            last_authentication,
+        last_authentication,
-        };
+    };
 
-        let scope = res.scope.parse().map_err(|_e| DatabaseInconsistencyError)?;
+    let scope = res.scope.parse().map_err(|_e| DatabaseInconsistencyError)?;
 
-        let session = Session {
+    let session = Session {
-            data: res.oauth2_session_id.into(),
+        data: res.oauth2_session_id.into(),
-            client,
+        client,
-            browser_session,
+        browser_session,
-            scope,
+        scope,
-        };
+    };
 
-        Ok((access_token, session))
+    Ok((access_token, session))
-    }
 }
 
 #[tracing::instrument(

crates/storage/src/oauth2/refresh_token.rs

@@ -179,14 +179,16 @@ pub async fn lookup_active_refresh_token(
         res.oauth2_access_token_expires_at,
     ) {
         (None, None, None, None) => None,
-        (Some(id), Some(access_token), Some(created_at), Some(expires_at)) => Some(AccessToken {
+        (Some(id), Some(access_token), Some(created_at), Some(expires_at)) => {
-            data: id.into(),
+            let id = Ulid::from(id);
-            // XXX: are we doing that everywhere?
+            Some(AccessToken {
-            jti: Ulid::from(id).to_string(),
+                data: id,
-            access_token,
+                jti: id.to_string(),
-            created_at,
+                access_token,
-            expires_at,
+                created_at,
-        }),
+                expires_at,
+            })
+        }
         _ => return Err(DatabaseInconsistencyError.into()),
     };