Upgrade chrono and replace deprecated methods usage

crates/handlers/src/compat/login.rs

@@ -321,7 +321,7 @@ async fn token_login(
             session_id,
             ..
         } => {
-            if now > fulfilled_at + Duration::seconds(30) {
+            if now > fulfilled_at + Duration::microseconds(30 * 1000 * 1000) {
                 return Err(RouteError::LoginTookTooLong);
             }
 
@@ -332,7 +332,7 @@ async fn token_login(
             session_id,
             ..
         } => {
-            if now > exchanged_at + Duration::seconds(30) {
+            if now > exchanged_at + Duration::microseconds(30 * 1000 * 1000) {
                 // TODO: log that session out
                 tracing::error!(
                     compat_sso_login.id = %login.id,
@@ -706,7 +706,9 @@ mod tests {
         let (_device, token) = get_login_token(&state, &user).await;
 
         // Advance the clock to make the token expire.
-        state.clock.advance(Duration::minutes(1));
+        state
+            .clock
+            .advance(Duration::microseconds(60 * 1000 * 1000));
 
         let request = Request::post("/_matrix/client/v3/login").json(serde_json::json!({
             "type": "m.login.token",

crates/handlers/src/compat/login_sso_complete.rs

@@ -103,7 +103,7 @@ pub async fn get(
         .context("Could not find compat SSO login")?;
 
     // Bail out if that login session is more than 30min old
-    if clock.now() > login.created_at + Duration::minutes(30) {
+    if clock.now() > login.created_at + Duration::microseconds(30 * 60 * 1000 * 1000) {
         let ctx = ErrorContext::new()
             .with_code("compat_sso_login_expired")
             .with_description("This login session expired.".to_owned())
@@ -174,7 +174,7 @@ pub async fn post(
         .context("Could not find compat SSO login")?;
 
     // Bail out if that login session is more than 30min old
-    if clock.now() > login.created_at + Duration::minutes(30) {
+    if clock.now() > login.created_at + Duration::microseconds(30 * 60 * 1000 * 1000) {
         let ctx = ErrorContext::new()
             .with_code("compat_sso_login_expired")
             .with_description("This login session expired.".to_owned())

crates/handlers/src/oauth2/device/authorize.rs

@@ -124,7 +124,7 @@ pub(crate) async fn post(
         // XXX: Is this really how we do empty scopes?
         .unwrap_or(std::iter::empty::<ScopeToken>().collect());
 
-    let expires_in = Duration::minutes(20);
+    let expires_in = Duration::microseconds(20 * 60 * 1000 * 1000);
 
     let user_agent = user_agent.map(|ua| UserAgent::parse(ua.as_str().to_owned()));
     let ip_address = activity_tracker.ip();
@@ -157,7 +157,7 @@ pub(crate) async fn post(
         verification_uri: url_builder.device_code_link(),
         verification_uri_complete: Some(url_builder.device_code_link_full(device_code.user_code)),
         expires_in,
-        interval: Some(Duration::seconds(5)),
+        interval: Some(Duration::microseconds(5 * 1000 * 1000)),
     };
 
     Ok((

crates/handlers/src/oauth2/introspection.rs

@@ -550,7 +550,7 @@ mod tests {
                 &state.clock,
                 &mut repo,
                 &session,
-                Duration::minutes(5),
+                Duration::microseconds(5 * 60 * 1000 * 1000),
             )
             .await
             .unwrap();
@@ -633,7 +633,7 @@ mod tests {
 
         // Advance the clock to invalidate the access token
         let old_now = state.clock.now();
-        state.clock.advance(Duration::hours(1));
+        state.clock.advance(Duration::try_hours(1).unwrap());
 
         let request = Request::post(OAuth2Introspection::PATH)
             .basic_auth(&introspecting_client_id, &introspecting_client_secret)
@@ -808,7 +808,7 @@ mod tests {
         assert!(!response.active); // It shouldn't be active
 
         // Advance the clock to invalidate the access token
-        state.clock.advance(Duration::hours(1));
+        state.clock.advance(Duration::try_hours(1).unwrap());
 
         let request = Request::post(OAuth2Introspection::PATH)
             .basic_auth(&introspecting_client_id, &introspecting_client_secret)

crates/handlers/src/oauth2/mod.rs

@@ -70,7 +70,7 @@ pub(crate) fn generate_id_token(
     claims::SUB.insert(&mut claims, &browser_session.user.sub)?;
     claims::AUD.insert(&mut claims, client.client_id.clone())?;
     claims::IAT.insert(&mut claims, now)?;
-    claims::EXP.insert(&mut claims, now + Duration::hours(1))?;
+    claims::EXP.insert(&mut claims, now + Duration::try_hours(1).unwrap())?;
 
     if let Some(nonce) = grant.and_then(|grant| grant.nonce.as_ref()) {
         claims::NONCE.insert(&mut claims, nonce)?;

crates/handlers/src/oauth2/revoke.rs

@@ -326,7 +326,7 @@ mod tests {
                 &state.clock,
                 &mut repo,
                 &session,
-                Duration::minutes(5),
+                Duration::microseconds(5 * 60 * 1000 * 1000),
             )
             .await
             .unwrap();
@@ -393,7 +393,7 @@ mod tests {
                 &state.clock,
                 &mut repo,
                 &session,
-                Duration::minutes(5),
+                Duration::microseconds(5 * 60 * 1000 * 1000),
             )
             .await
             .unwrap();

crates/handlers/src/oauth2/token.rs

@@ -365,7 +365,7 @@ async fn authorization_code_grant(
             debug!(%exchanged_at, %fulfilled_at, "Authorization code was already exchanged");
 
             // Ending the session if the token was already exchanged more than 20s ago
-            if now - exchanged_at > Duration::seconds(20) {
+            if now - exchanged_at > Duration::microseconds(20 * 1000 * 1000) {
                 debug!("Ending potentially compromised session");
                 let session = repo
                     .oauth2_session()
@@ -386,7 +386,7 @@ async fn authorization_code_grant(
             session_id,
             fulfilled_at,
         } => {
-            if now - fulfilled_at > Duration::minutes(10) {
+            if now - fulfilled_at > Duration::microseconds(10 * 60 * 1000 * 1000) {
                 debug!("Code exchange took more than 10 minutes");
                 return Err(RouteError::InvalidGrant);
             }
@@ -928,7 +928,7 @@ mod tests {
         assert!(state.is_access_token_valid(&access_token).await);
 
         // Now wait a bit
-        state.clock.advance(Duration::minutes(1));
+        state.clock.advance(Duration::try_minutes(1).unwrap());
 
         // Exchange it again, this it should fail
         let request =
@@ -994,7 +994,9 @@ mod tests {
         repo.save().await.unwrap();
 
         // Now wait a bit
-        state.clock.advance(Duration::minutes(15));
+        state
+            .clock
+            .advance(Duration::microseconds(15 * 60 * 1000 * 1000));
 
         // Exchange it, it should fail
         let request =
@@ -1075,7 +1077,7 @@ mod tests {
                 &state.clock,
                 &mut repo,
                 &session,
-                Duration::minutes(5),
+                Duration::microseconds(5 * 60 * 1000 * 1000),
             )
             .await
             .unwrap();
@@ -1386,7 +1388,7 @@ mod tests {
         let ClientError { error, .. } = response.json();
         assert_eq!(error, ClientErrorCode::AuthorizationPending);
 
-        state.clock.advance(Duration::hours(1));
+        state.clock.advance(Duration::try_hours(1).unwrap());
 
         // Poll again, it should be expired
         let request =

crates/handlers/src/site_config.rs

@@ -26,8 +26,8 @@ pub struct SiteConfig {
 impl Default for SiteConfig {
     fn default() -> Self {
         Self {
-            access_token_ttl: Duration::minutes(5),
-            compat_token_ttl: Duration::minutes(5),
+            access_token_ttl: Duration::microseconds(5 * 60 * 1000 * 1000),
+            compat_token_ttl: Duration::microseconds(5 * 60 * 1000 * 1000),
             tos_uri: None,
         }
     }

crates/handlers/src/upstream_oauth2/cookie.rs

@@ -14,7 +14,7 @@
 
 // TODO: move that to a standalone cookie manager
 
-use chrono::{DateTime, Duration, NaiveDateTime, TimeZone, Utc};
+use chrono::{DateTime, Duration, Utc};
 use mas_axum_utils::cookies::CookieJar;
 use mas_router::PostAuthAction;
 use mas_storage::Clock;
@@ -26,7 +26,7 @@ use ulid::Ulid;
 static COOKIE_NAME: &str = "upstream-oauth2-sessions";
 
 /// Sessions expire after 10 minutes
-static SESSION_MAX_TIME_SECS: i64 = 60 * 10;
+static SESSION_MAX_TIME: Duration = Duration::microseconds(10 * 60 * 1000 * 1000);
 
 #[derive(Serialize, Deserialize, Debug)]
 pub struct Payload {
@@ -42,12 +42,10 @@ impl Payload {
         let Ok(ts) = self.session.timestamp_ms().try_into() else {
             return true;
         };
-        let Some(when) = NaiveDateTime::from_timestamp_millis(ts) else {
+        let Some(when) = DateTime::from_timestamp_millis(ts) else {
             return true;
         };
-        let when = Utc.from_utc_datetime(&when);
-        let max_age = Duration::seconds(SESSION_MAX_TIME_SECS);
-        now - when > max_age
+        now - when > SESSION_MAX_TIME
     }
 }
 
@@ -184,7 +182,7 @@ mod tests {
         let first_state = "first-state";
         let sessions = sessions.add(first_session, provider_a, first_state.into(), None);
 
-        let now = now + Duration::minutes(5);
+        let now = now + Duration::microseconds(5 * 60 * 1000 * 1000);
 
         let second_session = Ulid::from_datetime_with_source(now.into(), &mut rng);
         let second_state = "second-state";
@@ -203,7 +201,7 @@ mod tests {
         assert!(sessions.find_session(provider_a, second_state).is_err());
 
         // Make the first session expire
-        let now = now + Duration::minutes(6);
+        let now = now + Duration::microseconds(6 * 60 * 1000 * 1000);
         let sessions = sessions.expire(now);
         assert!(sessions.find_session(provider_a, first_state).is_err());
         assert_eq!(