From 792d3c793b4e8e101ae0393a182f0b2fc10d5868 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Wed, 1 Feb 2023 10:15:35 +0100 Subject: [PATCH] Convert many match/if expressions to let-else --- crates/axum-utils/src/client_authorization.rs | 12 +++---- crates/axum-utils/src/session.rs | 4 +-- crates/axum-utils/src/user_authorization.rs | 5 ++- .../handlers/src/compat/login_sso_complete.rs | 8 ++--- .../src/oauth2/authorization/complete.rs | 4 +-- crates/handlers/src/oauth2/consent.rs | 4 +-- crates/handlers/src/oauth2/introspection.rs | 4 +-- .../handlers/src/views/account/emails/add.rs | 8 ++--- .../handlers/src/views/account/emails/mod.rs | 4 +-- .../src/views/account/emails/verify.rs | 8 ++--- crates/handlers/src/views/account/mod.rs | 4 +-- crates/handlers/src/views/account/password.rs | 4 +-- crates/handlers/src/views/reauth.rs | 8 ++--- crates/iana-codegen/src/main.rs | 4 +-- crates/jose/src/jwk/private_parameters.rs | 5 ++- crates/jose/src/jwk/public_parameters.rs | 5 ++- crates/jose/src/jwt/signed.rs | 12 +++---- crates/listener/src/proxy_protocol/v1.rs | 7 ++--- crates/listener/src/server.rs | 2 +- .../src/registration/client_metadata_serde.rs | 5 ++- crates/oidc-client/src/requests/jose.rs | 31 +++++++++---------- crates/oidc-client/src/utils/mod.rs | 10 ++---- 22 files changed, 51 insertions(+), 107 deletions(-) diff --git a/crates/axum-utils/src/client_authorization.rs b/crates/axum-utils/src/client_authorization.rs index d42e5d76..3f1101e6 100644 --- a/crates/axum-utils/src/client_authorization.rs +++ b/crates/axum-utils/src/client_authorization.rs @@ -560,8 +560,7 @@ mod tests { // Signed with client_secret = "client-secret" let jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjbGllbnQtaWQiLCJzdWIiOiJjbGllbnQtaWQiLCJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL29hdXRoMi9pbnRyb3NwZWN0IiwianRpIjoiYWFiYmNjIiwiZXhwIjoxNTE2MjM5MzIyLCJpYXQiOjE1MTYyMzkwMjJ9.XTaACG_Rww0GPecSZvkbem-AczNy9LLNBueCLCiQajU"; let body = Bytes::from(format!( - "client_assertion_type={}&client_assertion={}&foo=bar", - JWT_BEARER_CLIENT_ASSERTION, jwt, + "client_assertion_type={JWT_BEARER_CLIENT_ASSERTION}&client_assertion={jwt}&foo=bar", )); let req = Request::builder() @@ -578,12 +577,9 @@ mod tests { .unwrap(); assert_eq!(authz.form, Some(serde_json::json!({"foo": "bar"}))); - let (client_id, jwt) = - if let Credentials::ClientAssertionJwtBearer { client_id, jwt } = authz.credentials { - (client_id, jwt) - } else { - panic!("expected a JWT client_assertion"); - }; + let Credentials::ClientAssertionJwtBearer { client_id, jwt } = authz.credentials else { + panic!("expected a JWT client_assertion"); + }; assert_eq!(client_id, "client-id"); jwt.verify_with_shared_secret(b"client-secret".to_vec()) diff --git a/crates/axum-utils/src/session.rs b/crates/axum-utils/src/session.rs index c4fece7b..92f06329 100644 --- a/crates/axum-utils/src/session.rs +++ b/crates/axum-utils/src/session.rs @@ -47,9 +47,7 @@ impl SessionInfo { &self, repo: &mut impl RepositoryAccess, ) -> Result, E> { - let session_id = if let Some(id) = self.current { - id - } else { + let Some(session_id) = self.current else { return Ok(None); }; diff --git a/crates/axum-utils/src/user_authorization.rs b/crates/axum-utils/src/user_authorization.rs index c9bc537c..0b2ae8c1 100644 --- a/crates/axum-utils/src/user_authorization.rs +++ b/crates/axum-utils/src/user_authorization.rs @@ -89,9 +89,8 @@ impl UserAuthorization { repo: &mut impl RepositoryAccess, clock: &impl Clock, ) -> Result<(Session, F), AuthorizationVerificationError> { - let form = match self.form { - Some(f) => f, - None => return Err(AuthorizationVerificationError::MissingForm), + let Some(form) = self.form else { + return Err(AuthorizationVerificationError::MissingForm); }; let (token, session) = self.access_token.fetch(repo).await?; diff --git a/crates/handlers/src/compat/login_sso_complete.rs b/crates/handlers/src/compat/login_sso_complete.rs index eb286ec7..da846eda 100644 --- a/crates/handlers/src/compat/login_sso_complete.rs +++ b/crates/handlers/src/compat/login_sso_complete.rs @@ -71,9 +71,7 @@ pub async fn get( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { // If there is no session, redirect to the login or register screen let url = match params.action { Some(CompatLoginSsoAction::Register) => { @@ -140,9 +138,7 @@ pub async fn post( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { // If there is no session, redirect to the login or register screen let url = match params.action { Some(CompatLoginSsoAction::Register) => { diff --git a/crates/handlers/src/oauth2/authorization/complete.rs b/crates/handlers/src/oauth2/authorization/complete.rs index 5529db61..b978a701 100644 --- a/crates/handlers/src/oauth2/authorization/complete.rs +++ b/crates/handlers/src/oauth2/authorization/complete.rs @@ -107,9 +107,7 @@ pub(crate) async fn get( let callback_destination = CallbackDestination::try_from(&grant)?; let continue_grant = PostAuthAction::continue_grant(grant.id); - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { // If there is no session, redirect to the login screen, redirecting here after // logout return Ok((cookie_jar, mas_router::Login::and_then(continue_grant).go()).into_response()); diff --git a/crates/handlers/src/oauth2/consent.rs b/crates/handlers/src/oauth2/consent.rs index 4d7ddb31..e69e4770 100644 --- a/crates/handlers/src/oauth2/consent.rs +++ b/crates/handlers/src/oauth2/consent.rs @@ -166,9 +166,7 @@ pub(crate) async fn post( .ok_or(RouteError::GrantNotFound)?; let next = PostAuthAction::continue_grant(grant_id); - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::and_then(next); return Ok((cookie_jar, login.go()).into_response()); }; diff --git a/crates/handlers/src/oauth2/introspection.rs b/crates/handlers/src/oauth2/introspection.rs index 24b611d2..b977a47b 100644 --- a/crates/handlers/src/oauth2/introspection.rs +++ b/crates/handlers/src/oauth2/introspection.rs @@ -154,9 +154,7 @@ pub(crate) async fn post( .verify(&http_client_factory, &encrypter, method, &client) .await?; - let form = if let Some(form) = client_authorization.form { - form - } else { + let Some(form) = client_authorization.form else { return Err(RouteError::BadRequest); }; diff --git a/crates/handlers/src/views/account/emails/add.rs b/crates/handlers/src/views/account/emails/add.rs index 13a47fac..fe7ec162 100644 --- a/crates/handlers/src/views/account/emails/add.rs +++ b/crates/handlers/src/views/account/emails/add.rs @@ -49,9 +49,7 @@ pub(crate) async fn get( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::default(); return Ok((cookie_jar, login.go()).into_response()); }; @@ -80,9 +78,7 @@ pub(crate) async fn post( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::default(); return Ok((cookie_jar, login.go()).into_response()); }; diff --git a/crates/handlers/src/views/account/emails/mod.rs b/crates/handlers/src/views/account/emails/mod.rs index 276cba63..22082b53 100644 --- a/crates/handlers/src/views/account/emails/mod.rs +++ b/crates/handlers/src/views/account/emails/mod.rs @@ -136,9 +136,7 @@ pub(crate) async fn post( let maybe_session = session_info.load_session(&mut repo).await?; - let mut session = if let Some(session) = maybe_session { - session - } else { + let Some(mut session) = maybe_session else { let login = mas_router::Login::default(); return Ok((cookie_jar, login.go()).into_response()); }; diff --git a/crates/handlers/src/views/account/emails/verify.rs b/crates/handlers/src/views/account/emails/verify.rs index 3173d8ee..5dcb3aa2 100644 --- a/crates/handlers/src/views/account/emails/verify.rs +++ b/crates/handlers/src/views/account/emails/verify.rs @@ -56,9 +56,7 @@ pub(crate) async fn get( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::default(); return Ok((cookie_jar, login.go()).into_response()); }; @@ -104,9 +102,7 @@ pub(crate) async fn post( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::default(); return Ok((cookie_jar, login.go()).into_response()); }; diff --git a/crates/handlers/src/views/account/mod.rs b/crates/handlers/src/views/account/mod.rs index aaffd99e..fde3bc82 100644 --- a/crates/handlers/src/views/account/mod.rs +++ b/crates/handlers/src/views/account/mod.rs @@ -42,9 +42,7 @@ pub(crate) async fn get( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::default(); return Ok((cookie_jar, login.go()).into_response()); }; diff --git a/crates/handlers/src/views/account/password.rs b/crates/handlers/src/views/account/password.rs index 2786e4bb..674e0f94 100644 --- a/crates/handlers/src/views/account/password.rs +++ b/crates/handlers/src/views/account/password.rs @@ -97,9 +97,7 @@ pub(crate) async fn post( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { let login = mas_router::Login::and_then(mas_router::PostAuthAction::ChangePassword); return Ok((cookie_jar, login.go()).into_response()); }; diff --git a/crates/handlers/src/views/reauth.rs b/crates/handlers/src/views/reauth.rs index 0ad81a81..549326bf 100644 --- a/crates/handlers/src/views/reauth.rs +++ b/crates/handlers/src/views/reauth.rs @@ -54,9 +54,7 @@ pub(crate) async fn get( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { // If there is no session, redirect to the login screen, keeping the // PostAuthAction let login = mas_router::Login::from(query.post_auth_action); @@ -93,9 +91,7 @@ pub(crate) async fn post( let maybe_session = session_info.load_session(&mut repo).await?; - let session = if let Some(session) = maybe_session { - session - } else { + let Some(session) = maybe_session else { // If there is no session, redirect to the login screen, keeping the // PostAuthAction let login = mas_router::Login::from(query.post_auth_action); diff --git a/crates/iana-codegen/src/main.rs b/crates/iana-codegen/src/main.rs index 19cb8438..9c5a7d55 100644 --- a/crates/iana-codegen/src/main.rs +++ b/crates/iana-codegen/src/main.rs @@ -111,9 +111,7 @@ use serde_with::{{DeserializeFromStr, SerializeDisplay}};"#, )?; for section in &self.sections { - let list = if let Some(list) = self.items.get(section.key) { - list - } else { + let Some(list) = self.items.get(section.key) else { continue; }; diff --git a/crates/jose/src/jwk/private_parameters.rs b/crates/jose/src/jwk/private_parameters.rs index 7a041f80..15f9c746 100644 --- a/crates/jose/src/jwk/private_parameters.rs +++ b/crates/jose/src/jwk/private_parameters.rs @@ -351,9 +351,8 @@ mod ec_impls { { fn from(key: &SecretKey) -> Self { let point = key.public_key().to_encoded_point(false); - let (x, y) = match point.coordinates() { - Coordinates::Uncompressed { x, y } => (x, y), - _ => unreachable!(), + let Coordinates::Uncompressed { x, y } = point.coordinates() else { + unreachable!() }; let d = key.to_be_bytes(); EcPrivateParameters { diff --git a/crates/jose/src/jwk/public_parameters.rs b/crates/jose/src/jwk/public_parameters.rs index bea1d7d3..a9263075 100644 --- a/crates/jose/src/jwk/public_parameters.rs +++ b/crates/jose/src/jwk/public_parameters.rs @@ -306,9 +306,8 @@ mod ec_impls { { fn from(key: &PublicKey) -> Self { let point = key.to_encoded_point(false); - let (x, y) = match point.coordinates() { - Coordinates::Uncompressed { x, y } => (x, y), - _ => unreachable!(), + let Coordinates::Uncompressed { x, y } = point.coordinates() else { + unreachable!() }; EcPublicParameters { crv: C::CRV, diff --git a/crates/jose/src/jwt/signed.rs b/crates/jose/src/jwt/signed.rs index 4568b80b..76d50aac 100644 --- a/crates/jose/src/jwt/signed.rs +++ b/crates/jose/src/jwt/signed.rs @@ -235,17 +235,13 @@ impl<'a, T> Jwt<'a, T> { let candidates = constraints.filter(&**jwks); for candidate in candidates { - let key = match crate::jwa::AsymmetricVerifyingKey::from_jwk_and_alg( + let Ok(key) = crate::jwa::AsymmetricVerifyingKey::from_jwk_and_alg( candidate.params(), self.header().alg(), - ) { - Ok(v) => v, - Err(_) => continue, - }; + ) else { continue }; - match self.verify(&key) { - Ok(_) => return Ok(()), - Err(_) => continue, + if self.verify(&key).is_ok() { + return Ok(()); } } diff --git a/crates/listener/src/proxy_protocol/v1.rs b/crates/listener/src/proxy_protocol/v1.rs index 20677d9e..391228bf 100644 --- a/crates/listener/src/proxy_protocol/v1.rs +++ b/crates/listener/src/proxy_protocol/v1.rs @@ -74,14 +74,11 @@ impl ProxyProtocolV1Info { } // Let's check in the first 108 bytes if we find a CRLF - let crlf = if let Some(crlf) = buf + let Some(crlf) = buf .as_ref() .windows(2) .take(108) - .position(|needle| needle == [0x0D, 0x0A]) - { - crlf - } else { + .position(|needle| needle == [0x0D, 0x0A]) else { // If not, it might be because we don't have enough bytes return if buf.remaining() < 108 { Err(E::NotEnoughBytes) diff --git a/crates/listener/src/server.rs b/crates/listener/src/server.rs index 2527302f..66323f93 100644 --- a/crates/listener/src/server.rs +++ b/crates/listener/src/server.rs @@ -255,7 +255,7 @@ where // Then look for connections to accept res = accept_all.next(), if !accept_all.is_empty() => { // SAFETY: We shouldn't reach this branch if the unordered future set is empty - let res = if let Some(res) = res { res } else { unreachable!() }; + let Some(res) = res else { unreachable!() }; // Spawn the connection in the set, so we don't have to wait for the handshake to // accept the next connection. This allows us to keep track of active connections diff --git a/crates/oauth2-types/src/registration/client_metadata_serde.rs b/crates/oauth2-types/src/registration/client_metadata_serde.rs index 892c6fd2..faafa2f8 100644 --- a/crates/oauth2-types/src/registration/client_metadata_serde.rs +++ b/crates/oauth2-types/src/registration/client_metadata_serde.rs @@ -59,9 +59,8 @@ impl Localized { where T: DeserializeOwned, { - let map = match map.remove(field_name) { - Some(map) => map, - None => return Ok(None), + let Some(map) = map.remove(field_name) else { + return Ok(None); }; let mut non_localized = None; diff --git a/crates/oidc-client/src/requests/jose.rs b/crates/oidc-client/src/requests/jose.rs index 03a5018d..ee2e4b66 100644 --- a/crates/oidc-client/src/requests/jose.rs +++ b/crates/oidc-client/src/requests/jose.rs @@ -190,26 +190,23 @@ pub fn verify_id_token<'a>( // Subject identifier must be present. let sub = claims::SUB.extract_required(&mut claims)?; - // No more checks if there is no previous ID token. - let auth_id_token = match auth_id_token { - Some(id_token) => id_token, - None => return Ok(id_token), - }; + // More checks if there is a previous ID token. + if let Some(auth_id_token) = auth_id_token { + let mut auth_claims = auth_id_token.payload().clone(); - let mut auth_claims = auth_id_token.payload().clone(); + // Subject identifier must always be the same. + let auth_sub = claims::SUB.extract_required(&mut auth_claims)?; + if sub != auth_sub { + return Err(IdTokenError::WrongSubjectIdentifier); + } - // Subject identifier must always be the same. - let auth_sub = claims::SUB.extract_required(&mut auth_claims)?; - if sub != auth_sub { - return Err(IdTokenError::WrongSubjectIdentifier); - } + // If the authentication time is present, it must be unchanged. + if let Some(auth_time) = claims::AUTH_TIME.extract_optional(&mut claims)? { + let prev_auth_time = claims::AUTH_TIME.extract_required(&mut auth_claims)?; - // If the authentication time is present, it must be unchanged. - if let Some(auth_time) = claims::AUTH_TIME.extract_optional(&mut claims)? { - let prev_auth_time = claims::AUTH_TIME.extract_required(&mut auth_claims)?; - - if prev_auth_time != auth_time { - return Err(IdTokenError::WrongAuthTime); + if prev_auth_time != auth_time { + return Err(IdTokenError::WrongAuthTime); + } } } diff --git a/crates/oidc-client/src/utils/mod.rs b/crates/oidc-client/src/utils/mod.rs index 13280a29..414785f1 100644 --- a/crates/oidc-client/src/utils/mod.rs +++ b/crates/oidc-client/src/utils/mod.rs @@ -28,14 +28,8 @@ where } pub fn http_all_error_status_codes() -> impl RangeBounds { - let client_errors_start_code = match StatusCode::from_u16(400) { - Ok(code) => code, - Err(_) => unreachable!(), - }; - let server_errors_end_code = match StatusCode::from_u16(599) { - Ok(code) => code, - Err(_) => unreachable!(), - }; + let Ok(client_errors_start_code) = StatusCode::from_u16(400) else { unreachable!() }; + let Ok(server_errors_end_code) = StatusCode::from_u16(599) else { unreachable!() }; client_errors_start_code..=server_errors_end_code }