Make more enum types accept unknown values

2025-07-29 22:01:14 +03:00 · 2022-10-17 13:50:33 +02:00
parent 10297d29bb
commit 51515358f7
4 changed files with 40 additions and 24 deletions
--- a/crates/handlers/src/oauth2/authorization/callback.rs
+++ b/crates/handlers/src/oauth2/authorization/callback.rs
@ -41,12 +41,15 @@ pub struct CallbackDestination {
 }

 #[derive(Debug, Error)]
-pub enum InvalidRedirectUriError {
+pub enum IntoCallbackDestinationError {
    #[error("Redirect URI can't have a fragment")]
-    FragmentNotAllowed,
+    RedirectUriFragmentNotAllowed,

    #[error("Existing query parameters are not valid")]
-    InvalidQueryParams(#[from] serde_urlencoded::de::Error),
+    RedirectUriInvalidQueryParams(#[from] serde_urlencoded::de::Error),
+
+    #[error("Requested response_mode is not supported")]
+    UnsupportedResponseMode,
 }

 #[derive(Debug, Error)]
@ -59,11 +62,11 @@ pub enum CallbackDestinationError {
 }

 impl<S: StorageBackend> TryFrom<&AuthorizationGrant<S>> for CallbackDestination {
-    type Error = InvalidRedirectUriError;
+    type Error = IntoCallbackDestinationError;

    fn try_from(value: &AuthorizationGrant<S>) -> Result<Self, Self::Error> {
        Self::try_new(
-            value.response_mode,
+            &value.response_mode,
            value.redirect_uri.clone(),
            value.state.clone(),
        )
@ -72,12 +75,12 @@ impl<S: StorageBackend> TryFrom<&AuthorizationGrant<S>> for CallbackDestination

 impl CallbackDestination {
    pub fn try_new(
-        mode: ResponseMode,
+        mode: &ResponseMode,
        mut redirect_uri: Url,
        state: Option<String>,
-    ) -> Result<Self, InvalidRedirectUriError> {
+    ) -> Result<Self, IntoCallbackDestinationError> {
        if redirect_uri.fragment().is_some() {
-            return Err(InvalidRedirectUriError::FragmentNotAllowed);
+            return Err(IntoCallbackDestinationError::RedirectUriFragmentNotAllowed);
        }

        let mode = match mode {
@ -95,6 +98,7 @@ impl CallbackDestination {
            }
            ResponseMode::Fragment => CallbackDestinationMode::Fragment,
            ResponseMode::FormPost => CallbackDestinationMode::FormPost,
+            _ => return Err(IntoCallbackDestinationError::UnsupportedResponseMode),
        };

        Ok(Self {
--- a/crates/handlers/src/oauth2/authorization/complete.rs
+++ b/crates/handlers/src/oauth2/authorization/complete.rs
@ -39,7 +39,9 @@ use oauth2_types::requests::{AccessTokenResponse, AuthorizationResponse};
 use sqlx::{PgPool, Postgres, Transaction};
 use thiserror::Error;

-use super::callback::{CallbackDestination, CallbackDestinationError, InvalidRedirectUriError};
+use super::callback::{
+    CallbackDestination, CallbackDestinationError, IntoCallbackDestinationError,
+};

 #[derive(Debug, Error)]
 pub enum RouteError {
@ -90,8 +92,8 @@ impl From<ActiveSessionLookupError> for RouteError {
    }
 }

-impl From<InvalidRedirectUriError> for RouteError {
-    fn from(e: InvalidRedirectUriError) -> Self {
+impl From<IntoCallbackDestinationError> for RouteError {
+    fn from(e: IntoCallbackDestinationError) -> Self {
        Self::Internal(Box::new(e))
    }
 }
@ -175,8 +177,8 @@ impl From<sqlx::Error> for GrantCompletionError {
    }
 }

-impl From<InvalidRedirectUriError> for GrantCompletionError {
-    fn from(e: InvalidRedirectUriError) -> Self {
+impl From<IntoCallbackDestinationError> for GrantCompletionError {
+    fn from(e: IntoCallbackDestinationError) -> Self {
        Self::Internal(Box::new(e))
    }
 }
--- a/crates/handlers/src/oauth2/authorization/mod.rs
+++ b/crates/handlers/src/oauth2/authorization/mod.rs
@ -58,8 +58,8 @@ pub enum RouteError {
    #[error("could not find client")]
    ClientNotFound,

-    #[error("invalid redirect uri")]
-    InvalidRedirectUri(#[from] self::callback::InvalidRedirectUriError),
+    #[error("invalid parameters")]
+    IntoCallbackDestination(#[from] self::callback::IntoCallbackDestinationError),

    #[error("invalid redirect uri")]
    UnknownRedirectUri(#[from] mas_data_model::InvalidRedirectUriError),
@ -78,11 +78,9 @@ impl IntoResponse for RouteError {
            RouteError::ClientNotFound => {
                (StatusCode::BAD_REQUEST, "could not find client").into_response()
            }
-            RouteError::InvalidRedirectUri(e) => (
-                StatusCode::BAD_REQUEST,
-                format!("Invalid redirect URI ({})", e),
-            )
-                .into_response(),
+            RouteError::IntoCallbackDestination(e) => {
+                (StatusCode::BAD_REQUEST, e.to_string()).into_response()
+            }
            RouteError::UnknownRedirectUri(e) => (
                StatusCode::BAD_REQUEST,
                format!("Invalid redirect URI ({})", e),
@ -175,7 +173,7 @@ pub(crate) async fn get(

    // Now we have a proper callback destination to go to on error
    let callback_destination = CallbackDestination::try_new(
-        response_mode,
+        &response_mode,
        redirect_uri.clone(),
        params.auth.state.clone(),
    )?;
--- a/crates/oauth2-types/src/requests.rs
+++ b/crates/oauth2-types/src/requests.rs
@ -41,13 +41,13 @@ use crate::{response_type::ResponseType, scope::Scope};
    PartialOrd,
    Ord,
    Clone,
-    Copy,
    Display,
    FromStr,
    SerializeDisplay,
    DeserializeFromStr,
 )]
 #[display(style = "snake_case")]
+#[non_exhaustive]
 pub enum ResponseMode {
    /// Authorization Response parameters are encoded in the query string added
    /// to the `redirect_uri`.
@ -65,6 +65,10 @@ pub enum ResponseMode {
    ///
    /// Defined in [OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html).
    FormPost,
+
+    /// An unknown value.
+    #[display("{0}")]
+    Unknown(String),
 }

 /// Value that specifies how the Authorization Server displays the
@ -79,13 +83,13 @@ pub enum ResponseMode {
    PartialOrd,
    Ord,
    Clone,
-    Copy,
    Display,
    FromStr,
    SerializeDisplay,
    DeserializeFromStr,
 )]
 #[display(style = "snake_case")]
+#[non_exhaustive]
 pub enum Display {
    /// The Authorization Server should display the authentication and consent
    /// UI consistent with a full User Agent page view.
@ -104,6 +108,10 @@ pub enum Display {
    /// The Authorization Server should display the authentication and consent
    /// UI consistent with a "feature phone" type display.
    Wap,
+
+    /// An unknown value.
+    #[display("{0}")]
+    Unknown(String),
 }

 impl Default for Display {
@ -124,13 +132,13 @@ impl Default for Display {
    PartialOrd,
    Ord,
    Clone,
-    Copy,
    Display,
    FromStr,
    SerializeDisplay,
    DeserializeFromStr,
 )]
 #[display(style = "snake_case")]
+#[non_exhaustive]
 pub enum Prompt {
    /// The Authorization Server must not display any authentication or consent
    /// user interface pages.
@ -157,6 +165,10 @@ pub enum Prompt {
    ///
    /// Defined in [Initiating User Registration via OpenID Connect](https://openid.net/specs/openid-connect-prompt-create-1_0.html).
    Create,
+
+    /// An unknown value.
+    #[display("{0}")]
+    Unknown(String),
 }

 /// The body of a request to the [Authorization Endpoint].