Update Rust crate uuid to 1.17.0

Reviewed-on: #407

Cargo.toml

@@ -1,42 +1,42 @@
 [package]
 name = "basic-oidc"
-version = "0.1.4"
-edition = "2021"
+version = "0.1.5"
+edition = "2024"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-actix = "0.13.3"
+actix = "0.13.5"
 actix-identity = "0.8.0"
-actix-web = "4.5.1"
-actix-session = { version = "0.10.0", features = ["cookie-session"] }
+actix-web = "4.11.0"
+actix-session = { version = "0.10.1", features = ["cookie-session"] }
 actix-remote-ip = "0.1.0"
-clap = { version = "4.5.17", features = ["derive", "env"] }
-include_dir = "0.7.3"
-log = "0.4.21"
-serde_json = "1.0.128"
+clap = { version = "4.5.40", features = ["derive", "env"] }
+include_dir = "0.7.4"
+log = "0.4.27"
+serde_json = "1.0.140"
 serde_yaml = "0.9.34"
-env_logger = "0.11.3"
-serde = { version = "1.0.210", features = ["derive"] }
-bcrypt = "0.16.0"
-uuid = { version = "1.8.0", features = ["v4"] }
-mime_guess = "2.0.4"
-askama = "0.12.1"
-futures-util = "0.3.30"
+env_logger = "0.11.8"
+serde = { version = "1.0.219", features = ["derive"] }
+bcrypt = "0.17.0"
+uuid = { version = "1.17.0", features = ["v4"] }
+mime_guess = "2.0.5"
+askama = "0.14.0"
+futures-util = "0.3.31"
 urlencoding = "2.1.3"
-rand = "0.8.5"
+rand = "0.9.1"
 base64 = "0.22.1"
-jwt-simple = { version = "0.12.10", default-features = false, features = ["pure-rust"] }
+jwt-simple = { version = "0.12.12", default-features = false, features = ["pure-rust"] }
 digest = "0.10.7"
-sha2 = "0.10.8"
-lazy-regex = "3.3.0"
-totp_rfc6238 = "0.6.0"
-base32 = "0.5.0"
+sha2 = "0.10.9"
+lazy-regex = "3.4.1"
+totp_rfc6238 = "0.6.1"
+base32 = "0.5.1"
 qrcode-generator = "5.0.0"
-webauthn-rs = { version = "0.5.0", features = ["danger-allow-state-serialisation"] }
-url = "2.5.0"
-light-openid = { version = "1.0.2", features = ["crypto-wrapper"] }
-bincode = "2.0.0-rc.3"
-chrono = "0.4.38"
-lazy_static = "1.4.0"
-mailchecker = "6.0.8"
+webauthn-rs = { version = "0.5.1", features = ["danger-allow-state-serialisation"] }
+url = "2.5.4"
+light-openid = { version = "1.0.4", features = ["crypto-wrapper"] }
+bincode = "2.0.1"
+chrono = "0.4.41"
+lazy_static = "1.5.0"
+mailchecker = "6.0.17"

renovate.json

@@ -1,9 +1,3 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "packageRules": [
-    {
-      "matchUpdateTypes": ["major", "minor", "patch"],
-      "automerge": true
-    }
-  ]
-}
+  "extends": ["local>renovate/presets"]
+}

src/actors/bruteforce_actor.rs

@@ -1,5 +1,5 @@
-use std::collections::hash_map::Entry;
 use std::collections::HashMap;
+use std::collections::hash_map::Entry;
 use std::net::IpAddr;
 
 use actix::{Actor, AsyncContext, Context, Handler, Message};

src/actors/providers_states_actor.rs

@@ -8,8 +8,8 @@ use crate::constants::{
     OIDC_STATES_CLEANUP_INTERVAL,
 };
 use actix::{Actor, AsyncContext, Context, Handler, Message};
-use std::collections::hash_map::Entry;
 use std::collections::HashMap;
+use std::collections::hash_map::Entry;
 use std::net::IpAddr;
 
 use crate::data::login_redirect::LoginRedirect;

src/controllers/admin_api.rs

@@ -1,6 +1,6 @@
 use crate::actors::users_actor;
 use actix::Addr;
-use actix_web::{web, HttpResponse, Responder};
+use actix_web::{HttpResponse, Responder, web};
 
 use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor};
 use crate::data::action_logger::{Action, ActionLogger};

src/controllers/admin_controller.rs

@@ -2,7 +2,7 @@ use std::ops::Deref;
 use std::sync::Arc;
 
 use actix::Addr;
-use actix_web::{web, HttpResponse, Responder};
+use actix_web::{HttpResponse, Responder, web};
 use askama::Template;
 
 use crate::actors::users_actor;

src/controllers/assets_controller.rs

@@ -1,7 +1,7 @@
 use std::path::Path;
 
-use actix_web::{web, HttpResponse};
-use include_dir::{include_dir, Dir};
+use actix_web::{HttpResponse, web};
+use include_dir::{Dir, include_dir};
 
 /// Assets directory
 static ASSETS_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/assets");

src/controllers/login_api.rs

@@ -4,7 +4,7 @@ use crate::data::action_logger::{Action, ActionLogger};
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{web, HttpRequest, HttpResponse, Responder};
+use actix_web::{HttpRequest, HttpResponse, Responder, web};
 use webauthn_rs::prelude::PublicKeyCredential;
 
 use crate::data::session_identity::{SessionIdentity, SessionStatus};

src/controllers/login_controller.rs

@@ -1,7 +1,7 @@
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{web, HttpRequest, HttpResponse, Responder};
+use actix_web::{HttpRequest, HttpResponse, Responder, web};
 use askama::Template;
 use std::sync::Arc;
 
@@ -14,7 +14,7 @@ use crate::controllers::base_controller::{
 };
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::force_2fa_auth::Force2FAAuth;
-use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
+use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
 use crate::data::provider::{Provider, ProvidersManager};
 use crate::data::session_identity::{SessionIdentity, SessionStatus};
 use crate::data::user::User;
@@ -177,7 +177,10 @@ pub async fn login_route(
             }
 
             LoginResult::LocalAuthForbidden => {
-                log::warn!("Failed login for username {} : attempted to use local auth, but it is forbidden", &login);
+                log::warn!(
+                    "Failed login for username {} : attempted to use local auth, but it is forbidden",
+                    &login
+                );
                 logger.log(Action::TryLocalLoginFromUnauthorizedAccount(&login));
                 danger = Some("You cannot login from local auth with your account!".to_string());
             }

src/controllers/openid_controller.rs

@@ -4,9 +4,9 @@ use std::sync::Arc;
 use actix::Addr;
 use actix_identity::Identity;
 use actix_web::error::ErrorUnauthorized;
-use actix_web::{web, HttpRequest, HttpResponse, Responder};
-use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use actix_web::{HttpRequest, HttpResponse, Responder, web};
 use base64::Engine as _;
+use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
 use light_openid::primitives::{OpenIDConfig, OpenIDTokenResponse, OpenIDUserInfo};
 
 use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
@@ -16,12 +16,12 @@ use crate::constants::*;
 use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::app_config::AppConfig;
-use crate::data::client::{AdditionalClaims, AuthenticationFlow, ClientID, ClientManager};
+use crate::data::client::{AdditionalClaims, ClientID, ClientManager};
 use crate::data::code_challenge::CodeChallenge;
 use crate::data::current_user::CurrentUser;
 use crate::data::id_token::IdToken;
 use crate::data::jwt_signer::{JWTSigner, JsonWebKey};
-use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
+use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
 
 use crate::data::session_identity::SessionIdentity;
 use crate::data::user::User;
@@ -50,37 +50,39 @@ pub async fn get_configuration(req: HttpRequest) -> impl Responder {
         host
     );
 
-    HttpResponse::Ok().json(OpenIDConfig {
-        issuer: AppConfig::get().website_origin.clone(),
-        authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
-        token_endpoint: curr_origin.clone() + TOKEN_URI,
-        userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
-        jwks_uri: curr_origin + CERT_URI,
-        scopes_supported: Some(vec![
-            "openid".to_string(),
-            "profile".to_string(),
-            "email".to_string(),
-        ]),
-        response_types_supported: vec![
-            "code".to_string(),
-            "id_token".to_string(),
-            "token id_token".to_string(),
-        ],
-        subject_types_supported: vec!["public".to_string()],
-        id_token_signing_alg_values_supported: vec!["RS256".to_string()],
-        token_endpoint_auth_methods_supported: Some(vec![
-            "client_secret_post".to_string(),
-            "client_secret_basic".to_string(),
-        ]),
-        claims_supported: Some(vec![
-            "sub".to_string(),
-            "name".to_string(),
-            "given_name".to_string(),
-            "family_name".to_string(),
-            "email".to_string(),
-        ]),
-        code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
-    })
+    HttpResponse::Ok()
+        .insert_header(("access-control-allow-origin", "*"))
+        .json(OpenIDConfig {
+            issuer: AppConfig::get().website_origin.clone(),
+            authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
+            token_endpoint: curr_origin.clone() + TOKEN_URI,
+            userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
+            jwks_uri: curr_origin + CERT_URI,
+            scopes_supported: Some(vec![
+                "openid".to_string(),
+                "profile".to_string(),
+                "email".to_string(),
+            ]),
+            response_types_supported: vec![
+                "code".to_string(),
+                "id_token".to_string(),
+                "token id_token".to_string(),
+            ],
+            subject_types_supported: vec!["public".to_string()],
+            id_token_signing_alg_values_supported: vec!["RS256".to_string()],
+            token_endpoint_auth_methods_supported: Some(vec![
+                "client_secret_post".to_string(),
+                "client_secret_basic".to_string(),
+            ]),
+            claims_supported: Some(vec![
+                "sub".to_string(),
+                "name".to_string(),
+                "given_name".to_string(),
+                "family_name".to_string(),
+                "email".to_string(),
+            ]),
+            code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
+        })
 }
 
 #[derive(serde::Deserialize, Debug)]
@@ -218,8 +220,8 @@ pub async fn authorize(
         ));
     }
 
-    match (client.auth_flow(), query.response_type.as_str()) {
-        (AuthenticationFlow::AuthorizationCode, "code") => {
+    match (client.has_secret(), query.response_type.as_str()) {
+        (_, "code") => {
             // Save all authentication information in memory
             let session = Session {
                 session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
@@ -261,7 +263,8 @@ pub async fn authorize(
                 .finish())
         }
 
-        (AuthenticationFlow::Implicit, "id_token") => {
+        // id_token is available only if user has no secret configured
+        (false, "id_token") => {
             let id_token = IdToken {
                 issuer: AppConfig::get().website_origin.to_string(),
                 subject_identifier: user.uid.0.clone(),
@@ -293,11 +296,11 @@ pub async fn authorize(
                 .finish())
         }
 
-        (flow, code) => {
+        (secret, code) => {
             log::warn!(
-                "For client {:?}, configured with flow {:?}, made request with code {}",
+                "For client {:?}, configured with secret {:?}, made request with code {}",
                 client.id,
-                flow,
+                secret,
                 code
             );
             Ok(error_redirect(
@@ -366,9 +369,7 @@ pub async fn token(
     let (client_id, client_secret) =
         match (&query.client_id, &query.client_secret, authorization_header) {
             // post authentication
-            (Some(client_id), Some(client_secret), None) => {
-                (client_id.clone(), client_secret.to_string())
-            }
+            (Some(client_id), client_secret, None) => (client_id.clone(), client_secret.clone()),
 
             // Basic authentication
             (_, None, Some(v)) => {
@@ -399,8 +400,8 @@ pub async fn token(
                 .to_string();
 
                 match decode.split_once(':') {
-                    None => (ClientID(decode), "".to_string()),
-                    Some((id, secret)) => (ClientID(id.to_string()), secret.to_string()),
+                    None => (ClientID(decode), None),
+                    Some((id, secret)) => (ClientID(id.to_string()), Some(secret.to_string())),
                 }
             }
 
@@ -418,7 +419,7 @@ pub async fn token(
         .ok_or_else(|| ErrorUnauthorized("Client not found"))?;
 
     // Retrieving token requires the client to have a defined secret
-    if client.secret != Some(client_secret) {
+    if client.secret != client_secret {
         return Ok(error_response(
             &query,
             "invalid_request",
@@ -608,8 +609,9 @@ pub async fn token(
     };
 
     Ok(HttpResponse::Ok()
-        .append_header(("Cache-Control", "no-store"))
-        .append_header(("Pragam", "no-cache"))
+        .insert_header(("Cache-Control", "no-store"))
+        .insert_header(("Pragma", "no-cache"))
+        .insert_header(("access-control-allow-origin", "*"))
         .json(token_response))
 }
 

src/controllers/providers_controller.rs

@@ -3,7 +3,7 @@ use std::sync::Arc;
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{web, HttpRequest, HttpResponse, Responder};
+use actix_web::{HttpRequest, HttpResponse, Responder, web};
 use askama::Template;
 
 use crate::actors::bruteforce_actor::BruteForceActor;

src/controllers/settings_controller.rs

@@ -1,6 +1,6 @@
 use actix::Addr;
 use actix_remote_ip::RemoteIP;
-use actix_web::{web, HttpResponse, Responder};
+use actix_web::{HttpResponse, Responder, web};
 use askama::Template;
 
 use crate::actors::bruteforce_actor::BruteForceActor;

src/controllers/two_factor_api.rs

@@ -1,5 +1,5 @@
 use actix::Addr;
-use actix_web::{web, HttpResponse, Responder};
+use actix_web::{HttpResponse, Responder, web};
 use uuid::Uuid;
 use webauthn_rs::prelude::RegisterPublicKeyCredential;
 

src/controllers/two_factors_controller.rs

@@ -2,8 +2,8 @@ use std::ops::Deref;
 
 use actix_web::{HttpResponse, Responder};
 use askama::Template;
-use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
 use base64::Engine as _;
+use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
 use qrcode_generator::QrCodeEcc;
 
 use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;

src/data/action_logger.rs

@@ -6,7 +6,7 @@ use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
 use actix_web::dev::Payload;
-use actix_web::{web, Error, FromRequest, HttpRequest};
+use actix_web::{Error, FromRequest, HttpRequest, web};
 
 use crate::actors::providers_states_actor::ProviderLoginState;
 use crate::actors::users_actor;
@@ -142,27 +142,56 @@ impl Action<'_> {
                 false => format!("performed FAILED webauthn attempt for user {user_id:?}"),
             },
             Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
-                "started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
+                "started new authentication attempt through an OpenID provider (prov={} / state={state})",
+                provider_id.0
+            ),
+            Action::ProviderError { message } => {
+                format!("failed provider authentication with message '{message}'")
+            }
+            Action::ProviderCBInvalidState { state } => {
+                format!("provided invalid callback state after provider authentication: '{state}'")
+            }
+            Action::ProviderRateLimited => {
+                "could not complete OpenID login because it has reached failed attempts rate limit!"
+                    .to_string()
+            }
+            Action::ProviderFailedGetToken { state, code } => format!(
+                "could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",
+                state
+            ),
+            Action::ProviderFailedGetUserInfo { provider } => format!(
+                "could not get user information from userinfo endpoint of provider {}!",
+                provider.id.0
+            ),
+            Action::ProviderEmailNotValidated { provider } => format!(
+                "could not login using provider {} because its email was marked as not validated!",
+                provider.id.0
+            ),
+            Action::ProviderMissingEmailInResponse { provider } => format!(
+                "could not login using provider {} because the email was not provided by userinfo endpoint!",
+                provider.id.0
+            ),
+            Action::ProviderAccountNotFound { provider, email } => format!(
+                "could not login using provider {} because the email {email} could not be associated to any account!",
+                &provider.id.0
+            ),
+            Action::ProviderAccountDisabled { provider, email } => format!(
+                "could not login using provider {} because the account associated to the email {email} is disabled!",
+                &provider.id.0
+            ),
+            Action::ProviderAccountNotAllowedToLoginWithProvider { provider, email } => format!(
+                "could not login using provider {} because the account associated to the email {email} is not allowed to authenticate using this provider!",
+                &provider.id.0
+            ),
+            Action::ProviderLoginFailed { provider, email } => format!(
+                "could not login using provider {} with the email {email} for an unknown reason!",
+                &provider.id.0
+            ),
+            Action::ProviderLoginSuccessful { provider, user } => format!(
+                "successfully authenticated using provider {} as {}",
+                provider.id.0,
+                user.quick_identity()
             ),
-            Action::ProviderError { message } =>
-                format!("failed provider authentication with message '{message}'"),
-            Action::ProviderCBInvalidState { state } =>
-                format!("provided invalid callback state after provider authentication: '{state}'"),
-            Action::ProviderRateLimited => "could not complete OpenID login because it has reached failed attempts rate limit!".to_string(),
-            Action::ProviderFailedGetToken {state, code} => format!("could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",state),
-            Action::ProviderFailedGetUserInfo {provider} => format!("could not get user information from userinfo endpoint of provider {}!", provider.id.0),
-            Action::ProviderEmailNotValidated {provider}=>format!("could not login using provider {} because its email was marked as not validated!", provider.id.0),
-            Action::ProviderMissingEmailInResponse {provider}=>format!("could not login using provider {} because the email was not provided by userinfo endpoint!", provider.id.0),
-            Action::ProviderAccountNotFound { provider, email } =>
-                format!("could not login using provider {} because the email {email} could not be associated to any account!", &provider.id.0),
-            Action::ProviderAccountDisabled  { provider, email } =>
-                format!("could not login using provider {} because the account associated to the email {email} is disabled!", &provider.id.0),
-            Action::ProviderAccountNotAllowedToLoginWithProvider { provider, email } =>
-                format!("could not login using provider {} because the account associated to the email {email} is not allowed to authenticate using this provider!", &provider.id.0),
-            Action::ProviderLoginFailed { provider, email } =>
-                format!("could not login using provider {} with the email {email} for an unknown reason!", &provider.id.0),
-            Action::ProviderLoginSuccessful {provider, user} =>
-                format!("successfully authenticated using provider {} as {}", provider.id.0, user.quick_identity()),
             Action::Signout => "signed out".to_string(),
             Action::UserNeed2FAOnLogin(user) => {
                 format!(
@@ -181,7 +210,9 @@ impl Action<'_> {
                 format!("successfully authenticated as {login}, but this is a DISABLED ACCOUNT")
             }
             Action::TryLocalLoginFromUnauthorizedAccount(login) => {
-                format!("successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!")
+                format!(
+                    "successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!"
+                )
             }
             Action::FailedLoginWithBadCredentials(login) => {
                 format!("attempted to authenticate as {login} but with a WRONG PASSWORD")
@@ -202,7 +233,10 @@ impl Action<'_> {
             Action::NewOpenIDSession { client } => {
                 format!("opened a new OpenID session with {:?}", client.id)
             }
-            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!("finished an implicit flow connection for client {:?}", client.id),
+            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!(
+                "finished an implicit flow connection for client {:?}",
+                client.id
+            ),
             Action::ChangedHisPassword => "changed his password".to_string(),
             Action::ClearedHisLoginHistory => "cleared his login history".to_string(),
             Action::AddNewFactor(factor) => format!(
@@ -227,7 +261,7 @@ impl ActionLogger {
                 None => "Anonymous user".to_string(),
                 Some(u) => u.quick_identity(),
             },
-            self.ip.to_string(),
+            self.ip,
             action.as_string()
         )
     }

src/data/client.rs

@@ -7,12 +7,6 @@ use std::collections::HashMap;
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
 pub struct ClientID(pub String);
 
-#[derive(Debug, Copy, Clone, Eq, PartialEq)]
-pub enum AuthenticationFlow {
-    AuthorizationCode,
-    Implicit,
-}
-
 pub type AdditionalClaims = HashMap<String, Value>;
 
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
@@ -61,12 +55,9 @@ impl PartialEq for Client {
 impl Eq for Client {}
 
 impl Client {
-    /// Get the client authentication flow
-    pub fn auth_flow(&self) -> AuthenticationFlow {
-        match self.secret {
-            None => AuthenticationFlow::Implicit,
-            Some(_) => AuthenticationFlow::AuthorizationCode,
-        }
+    /// Check if the client has a secret defined
+    pub fn has_secret(&self) -> bool {
+        self.secret.is_some()
     }
 
     /// Process a single claim value

src/data/code_challenge.rs

@@ -1,5 +1,5 @@
-use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
 use base64::Engine as _;
+use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
 
 use crate::utils::crypt_utils::sha256;
 

src/data/critical_route.rs

@@ -1,6 +1,6 @@
 use crate::data::current_user::CurrentUser;
 use crate::data::from_request_redirect::FromRequestRedirect;
-use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
+use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
 use actix_web::dev::Payload;
 use actix_web::{FromRequest, HttpRequest};
 use std::future::Future;

src/data/current_user.rs

@@ -6,7 +6,7 @@ use actix::Addr;
 use actix_identity::Identity;
 use actix_web::dev::Payload;
 use actix_web::error::ErrorInternalServerError;
-use actix_web::{web, Error, FromRequest, HttpRequest};
+use actix_web::{Error, FromRequest, HttpRequest, web};
 
 use crate::actors::users_actor;
 use crate::actors::users_actor::UsersActor;

src/data/entity_manager.rs

@@ -20,7 +20,10 @@ where
     /// Open entity
     pub fn open_or_create<A: AsRef<Path>>(path: A) -> Res<Self> {
         if !path.as_ref().is_file() {
-            log::warn!("Entities at {:?} does not point to a file, creating a new empty entity container...", path.as_ref());
+            log::warn!(
+                "Entities at {:?} does not point to a file, creating a new empty entity container...",
+                path.as_ref()
+            );
             return Ok(Self {
                 file_path: path.as_ref().to_path_buf(),
                 list: vec![],

src/data/force_2fa_auth.rs

@@ -2,7 +2,7 @@ use crate::data::current_user::CurrentUser;
 use crate::data::session_identity::SessionIdentity;
 use actix_identity::Identity;
 use actix_web::dev::Payload;
-use actix_web::{web, Error, FromRequest, HttpRequest};
+use actix_web::{Error, FromRequest, HttpRequest, web};
 use std::future::Future;
 use std::pin::Pin;
 

src/data/jwt_signer.rs

@@ -1,12 +1,12 @@
 use jwt_simple::algorithms::RSAKeyPairLike;
 use jwt_simple::claims::JWTClaims;
 use jwt_simple::prelude::RS256KeyPair;
-use serde::de::DeserializeOwned;
 use serde::Serialize;
+use serde::de::DeserializeOwned;
 
+use base64::Engine as _;
 use base64::engine::general_purpose::URL_SAFE as BASE64_URL_URL_SAFE;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
-use base64::Engine as _;
 
 use crate::utils::err::Res;
 use crate::utils::string_utils::rand_str;

src/data/provider_configuration.rs

@@ -26,7 +26,9 @@ impl ProviderConfiguration {
         let state = urlencoding::encode(&state.state_id).to_string();
         let callback_url = AppConfig::get().oidc_provider_redirect_url();
 
-        format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
+        format!(
+            "{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}"
+        )
     }
 
     /// Retrieve the authorization token after a successful authentication, using an authorization code

src/data/totp_key.rs

@@ -1,5 +1,3 @@
-use std::io::ErrorKind;
-
 use base32::Alphabet;
 use rand::Rng;
 use totp_rfc6238::{HashAlgorithm, TotpGenerator};
@@ -21,7 +19,7 @@ pub struct TotpKey {
 impl TotpKey {
     /// Generate a new TOTP key
     pub fn new_random() -> Self {
-        let random_bytes = rand::thread_rng().gen::<[u8; 20]>();
+        let random_bytes = rand::rng().random::<[u8; 20]>();
         Self {
             encoded: base32::encode(BASE32_ALPHABET, &random_bytes),
         }
@@ -80,7 +78,7 @@ impl TotpKey {
 
     /// Get the code at a specific time
     fn get_code_at<F: Fn() -> u64>(&self, get_time: F) -> Res<String> {
-        let gen = TotpGenerator::new()
+        let generator = TotpGenerator::new()
             .set_digit(NUM_DIGITS)
             .unwrap()
             .set_step(PERIOD)
@@ -90,15 +88,14 @@ impl TotpKey {
 
         let key = match base32::decode(BASE32_ALPHABET, &self.encoded) {
             None => {
-                return Err(Box::new(std::io::Error::new(
-                    ErrorKind::Other,
+                return Err(Box::new(std::io::Error::other(
                     "Failed to decode base32 secret!",
                 )));
             }
             Some(k) => k,
         };
 
-        Ok(gen.get_code_with(&key, get_time))
+        Ok(generator.get_code_with(&key, get_time))
     }
 
     /// Check a code's validity

src/data/users_file_entity.rs

@@ -3,7 +3,7 @@ use std::net::IpAddr;
 use crate::actors::users_actor::{AuthorizedAuthenticationSources, UsersSyncBackend};
 use crate::data::entity_manager::EntityManager;
 use crate::data::user::{FactorID, GeneralSettings, GrantedClients, TwoFactor, User, UserID};
-use crate::utils::err::{new_error, Res};
+use crate::utils::err::{Res, new_error};
 use crate::utils::time::time;
 
 impl EntityManager<User> {

src/data/webauthn_manager.rs

@@ -1,4 +1,3 @@
-use std::io::ErrorKind;
 use std::sync::Arc;
 
 use actix_web::web;
@@ -109,15 +108,13 @@ impl WebAuthManager {
     ) -> Res<WebauthnPubKey> {
         let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
         if state.user_id != user.uid {
-            return Err(Box::new(std::io::Error::new(
-                ErrorKind::Other,
+            return Err(Box::new(std::io::Error::other(
                 "Invalid user for pubkey!",
             )));
         }
 
         if state.expire < time() {
-            return Err(Box::new(std::io::Error::new(
-                ErrorKind::Other,
+            return Err(Box::new(std::io::Error::other(
                 "Challenge has expired!",
             )));
         }
@@ -157,15 +154,13 @@ impl WebAuthManager {
     ) -> Res {
         let state: AuthStateOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
         if &state.user_id != user_id {
-            return Err(Box::new(std::io::Error::new(
-                ErrorKind::Other,
+            return Err(Box::new(std::io::Error::other(
                 "Invalid user for pubkey!",
             )));
         }
 
         if state.expire < time() {
-            return Err(Box::new(std::io::Error::new(
-                ErrorKind::Other,
+            return Err(Box::new(std::io::Error::other(
                 "Challenge has expired!",
             )));
         }

src/main.rs

@@ -2,14 +2,14 @@ use core::time::Duration;
 use std::sync::Arc;
 
 use actix::Actor;
-use actix_identity::config::LogoutBehaviour;
 use actix_identity::IdentityMiddleware;
+use actix_identity::config::LogoutBehaviour;
 use actix_remote_ip::RemoteIPConfig;
-use actix_session::storage::CookieSessionStore;
 use actix_session::SessionMiddleware;
+use actix_session::storage::CookieSessionStore;
 use actix_web::cookie::{Key, SameSite};
 use actix_web::middleware::Logger;
-use actix_web::{get, middleware, web, App, HttpResponse, HttpServer};
+use actix_web::{App, HttpResponse, HttpServer, get, middleware, web};
 
 use basic_oidc::actors::bruteforce_actor::BruteForceActor;
 use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;

src/middlewares/auth_middleware.rs

@@ -1,15 +1,15 @@
 //! # Authentication middleware
 
-use std::future::{ready, Future, Ready};
+use std::future::{Future, Ready, ready};
 use std::pin::Pin;
 use std::rc::Rc;
 
 use actix_identity::IdentityExt;
 use actix_web::body::EitherBody;
-use actix_web::http::{header, Method};
+use actix_web::http::{Method, header};
 use actix_web::{
-    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
     Error, HttpResponse,
+    dev::{Service, ServiceRequest, ServiceResponse, Transform, forward_ready},
 };
 
 use crate::constants::{

src/utils/string_utils.rs

@@ -1,14 +1,9 @@
 use lazy_regex::regex_find;
-use rand::distributions::Alphanumeric;
-use rand::Rng;
+use rand::distr::{Alphanumeric, SampleString};
 
 /// Generate a random string of a given size
 pub fn rand_str(len: usize) -> String {
-    rand::thread_rng()
-        .sample_iter(&Alphanumeric)
-        .map(char::from)
-        .take(len)
-        .collect()
+    Alphanumeric.sample_string(&mut rand::rng(), len)
 }
 
 /// Parse environment variables
@@ -49,7 +44,9 @@ mod test {
     const VAR_ONE: &str = "VAR_ONE";
     #[test]
     fn test_apply_env_var() {
-        env::set_var(VAR_ONE, "good");
+        unsafe {
+            env::set_var(VAR_ONE, "good");
+        }
         let src = format!("This is ${{{}}}", VAR_ONE);
         assert_eq!("This is good", apply_env_vars(&src));
     }