Refactor users management (#6)

* Use asynchronous interface to set authorized clients list

src/data/action_logger.rs

@@ -12,13 +12,14 @@ use crate::actors::users_actor::UsersActor;
 use crate::data::client::Client;
 use crate::data::remote_ip::RemoteIP;
 use crate::data::session_identity::SessionIdentity;
-use crate::data::user::{FactorID, TwoFactor, User, UserID};
+use crate::data::user::{FactorID, GrantedClients, TwoFactor, User, UserID};
 
 pub enum Action<'a> {
     AdminCreateUser(&'a User),
     AdminUpdateUser(&'a User),
     AdminDeleteUser(&'a User),
     AdminResetUserPassword(&'a User),
+    AdminSetNewGrantedClientsList(&'a User, &'a GrantedClients),
     AdminClear2FAHistory(&'a User),
     LoginWebauthnAttempt { success: bool, user_id: UserID },
     Signout,
@@ -57,6 +58,11 @@ impl<'a> Action<'a> {
             Action::AdminClear2FAHistory(user) => {
                 format!("cleared 2FA history of {}", user.quick_identity())
             }
+            Action::AdminSetNewGrantedClientsList(user, clients) => format!(
+                "set new granted clients list ({:?}) for user ({})",
+                clients,
+                user.quick_identity()
+            ),
             Action::LoginWebauthnAttempt { success, user_id } => match success {
                 true => format!(
                     "successfully performed webauthn attempt for user {:?}",

src/data/user.rs

@@ -11,6 +11,23 @@ use crate::utils::time::{fmt_time, time};
 #[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
 pub struct UserID(pub String);
 
+#[derive(Eq, PartialEq, Clone, Debug)]
+pub enum GrantedClients {
+    AllClients,
+    SomeClients(Vec<ClientID>),
+    NoClient,
+}
+
+impl GrantedClients {
+    pub fn to_user(self) -> Option<Vec<ClientID>> {
+        match self {
+            GrantedClients::AllClients => None,
+            GrantedClients::SomeClients(users) => Some(users),
+            GrantedClients::NoClient => Some(vec![]),
+        }
+    }
+}
+
 #[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
 pub struct FactorID(pub String);
 
@@ -124,10 +141,19 @@ impl User {
         )
     }
 
+    pub fn granted_clients(&self) -> GrantedClients {
+        match self.authorized_clients.as_deref() {
+            None => GrantedClients::AllClients,
+            Some(&[]) => GrantedClients::NoClient,
+            Some(clients) => GrantedClients::SomeClients(clients.to_vec()),
+        }
+    }
+
     pub fn can_access_app(&self, id: &ClientID) -> bool {
-        match &self.authorized_clients {
-            None => true,
-            Some(c) => c.contains(id),
+        match self.granted_clients() {
+            GrantedClients::AllClients => true,
+            GrantedClients::SomeClients(c) => c.contains(id),
+            GrantedClients::NoClient => false,
         }
     }
 

src/data/users_file_entity.rs

@@ -1,6 +1,6 @@
 use crate::actors::users_actor::UsersBackend;
 use crate::data::entity_manager::EntityManager;
-use crate::data::user::{FactorID, TwoFactor, User, UserID};
+use crate::data::user::{FactorID, GrantedClients, TwoFactor, User, UserID};
 use crate::utils::err::Res;
 use crate::utils::time::time;
 use std::net::IpAddr;
@@ -138,6 +138,13 @@ impl UsersBackend for EntityManager<User> {
         }
     }
 
+    fn set_granted_2fa_clients(&mut self, id: &UserID, clients: GrantedClients) -> bool {
+        self.update_user(id, |mut user| {
+            user.authorized_clients = clients.to_user();
+            user
+        })
+    }
+
     fn update_or_insert_user(&mut self, user: User) -> Res {
         self.update_or_push(user)
     }