Update Rust crate uuid to v1.12.0

2025-01-15 00:30:36 +00:00
30 changed files with 850 additions and 850 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,42 +1,42 @@
 [package]
 name = "basic-oidc"
-version = "0.1.5"
-edition = "2024"
+version = "0.1.4"
+edition = "2021"

 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

 [dependencies]
-actix = "0.13.5"
+actix = "0.13.3"
 actix-identity = "0.8.0"
-actix-web = "4.11.0"
-actix-session = { version = "0.10.1", features = ["cookie-session"] }
+actix-web = "4.5.1"
+actix-session = { version = "0.10.0", features = ["cookie-session"] }
 actix-remote-ip = "0.1.0"
-clap = { version = "4.5.40", features = ["derive", "env"] }
-include_dir = "0.7.4"
-log = "0.4.27"
-serde_json = "1.0.140"
+clap = { version = "4.5.17", features = ["derive", "env"] }
+include_dir = "0.7.3"
+log = "0.4.21"
+serde_json = "1.0.128"
 serde_yaml = "0.9.34"
-env_logger = "0.11.8"
-serde = { version = "1.0.219", features = ["derive"] }
-bcrypt = "0.17.0"
-uuid = { version = "1.17.0", features = ["v4"] }
-mime_guess = "2.0.5"
-askama = "0.14.0"
-futures-util = "0.3.31"
+env_logger = "0.11.3"
+serde = { version = "1.0.210", features = ["derive"] }
+bcrypt = "0.16.0"
+uuid = { version = "1.8.0", features = ["v4"] }
+mime_guess = "2.0.4"
+askama = "0.12.1"
+futures-util = "0.3.30"
 urlencoding = "2.1.3"
-rand = "0.9.1"
+rand = "0.8.5"
 base64 = "0.22.1"
-jwt-simple = { version = "0.12.12", default-features = false, features = ["pure-rust"] }
+jwt-simple = { version = "0.12.10", default-features = false, features = ["pure-rust"] }
 digest = "0.10.7"
-sha2 = "0.10.9"
-lazy-regex = "3.4.1"
-totp_rfc6238 = "0.6.1"
-base32 = "0.5.1"
+sha2 = "0.10.8"
+lazy-regex = "3.3.0"
+totp_rfc6238 = "0.6.0"
+base32 = "0.5.0"
 qrcode-generator = "5.0.0"
-webauthn-rs = { version = "0.5.1", features = ["danger-allow-state-serialisation"] }
-url = "2.5.4"
-light-openid = { version = "1.0.4", features = ["crypto-wrapper"] }
-bincode = "2.0.1"
-chrono = "0.4.41"
-lazy_static = "1.5.0"
-mailchecker = "6.0.17"
+webauthn-rs = { version = "0.5.0", features = ["danger-allow-state-serialisation"] }
+url = "2.5.0"
+light-openid = { version = "1.0.2", features = ["crypto-wrapper"] }
+bincode = "2.0.0-rc.3"
+chrono = "0.4.38"
+lazy_static = "1.4.0"
+mailchecker = "6.0.8"
--- a/renovate.json
+++ b/renovate.json
@ -1,3 +1,9 @@
 {
-  "extends": ["local>renovate/presets"]
-}
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["major", "minor", "patch"],
+      "automerge": true
+    }
+  ]
+}
--- a/src/actors/bruteforce_actor.rs
+++ b/src/actors/bruteforce_actor.rs
@ -1,5 +1,5 @@
-use std::collections::HashMap;
 use std::collections::hash_map::Entry;
+use std::collections::HashMap;
 use std::net::IpAddr;

 use actix::{Actor, AsyncContext, Context, Handler, Message};
--- a/src/actors/providers_states_actor.rs
+++ b/src/actors/providers_states_actor.rs
@ -8,8 +8,8 @@ use crate::constants::{
    OIDC_STATES_CLEANUP_INTERVAL,
 };
 use actix::{Actor, AsyncContext, Context, Handler, Message};
-use std::collections::HashMap;
 use std::collections::hash_map::Entry;
+use std::collections::HashMap;
 use std::net::IpAddr;

 use crate::data::login_redirect::LoginRedirect;
--- a/src/controllers/admin_api.rs
+++ b/src/controllers/admin_api.rs
@ -1,6 +1,6 @@
 use crate::actors::users_actor;
 use actix::Addr;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};

 use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor};
 use crate::data::action_logger::{Action, ActionLogger};
--- a/src/controllers/admin_controller.rs
+++ b/src/controllers/admin_controller.rs
@ -2,7 +2,7 @@ use std::ops::Deref;
 use std::sync::Arc;

 use actix::Addr;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 use askama::Template;

 use crate::actors::users_actor;
--- a/src/controllers/assets_controller.rs
+++ b/src/controllers/assets_controller.rs
@ -1,7 +1,7 @@
 use std::path::Path;

-use actix_web::{HttpResponse, web};
-use include_dir::{Dir, include_dir};
+use actix_web::{web, HttpResponse};
+use include_dir::{include_dir, Dir};

 /// Assets directory
 static ASSETS_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/assets");
--- a/src/controllers/login_api.rs
+++ b/src/controllers/login_api.rs
@ -4,7 +4,7 @@ use crate::data::action_logger::{Action, ActionLogger};
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use webauthn_rs::prelude::PublicKeyCredential;

 use crate::data::session_identity::{SessionIdentity, SessionStatus};
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@ -1,7 +1,7 @@
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use askama::Template;
 use std::sync::Arc;

@ -14,7 +14,7 @@ use crate::controllers::base_controller::{
 };
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::force_2fa_auth::Force2FAAuth;
-use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
+use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
 use crate::data::provider::{Provider, ProvidersManager};
 use crate::data::session_identity::{SessionIdentity, SessionStatus};
 use crate::data::user::User;
@ -177,10 +177,7 @@ pub async fn login_route(
            }

            LoginResult::LocalAuthForbidden => {
-                log::warn!(
-                    "Failed login for username {} : attempted to use local auth, but it is forbidden",
-                    &login
-                );
+                log::warn!("Failed login for username {} : attempted to use local auth, but it is forbidden", &login);
                logger.log(Action::TryLocalLoginFromUnauthorizedAccount(&login));
                danger = Some("You cannot login from local auth with your account!".to_string());
            }
--- a/src/controllers/openid_controller.rs
+++ b/src/controllers/openid_controller.rs
@ -4,9 +4,9 @@ use std::sync::Arc;
 use actix::Addr;
 use actix_identity::Identity;
 use actix_web::error::ErrorUnauthorized;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
-use base64::Engine as _;
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use base64::Engine as _;
 use light_openid::primitives::{OpenIDConfig, OpenIDTokenResponse, OpenIDUserInfo};

 use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
@ -16,12 +16,12 @@ use crate::constants::*;
 use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::app_config::AppConfig;
-use crate::data::client::{AdditionalClaims, ClientID, ClientManager};
+use crate::data::client::{AdditionalClaims, AuthenticationFlow, ClientID, ClientManager};
 use crate::data::code_challenge::CodeChallenge;
 use crate::data::current_user::CurrentUser;
 use crate::data::id_token::IdToken;
 use crate::data::jwt_signer::{JWTSigner, JsonWebKey};
-use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
+use crate::data::login_redirect::{get_2fa_url, LoginRedirect};

 use crate::data::session_identity::SessionIdentity;
 use crate::data::user::User;
@ -50,39 +50,37 @@ pub async fn get_configuration(req: HttpRequest) -> impl Responder {
        host
    );

-    HttpResponse::Ok()
-        .insert_header(("access-control-allow-origin", "*"))
-        .json(OpenIDConfig {
-            issuer: AppConfig::get().website_origin.clone(),
-            authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
-            token_endpoint: curr_origin.clone() + TOKEN_URI,
-            userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
-            jwks_uri: curr_origin + CERT_URI,
-            scopes_supported: Some(vec![
-                "openid".to_string(),
-                "profile".to_string(),
-                "email".to_string(),
-            ]),
-            response_types_supported: vec![
-                "code".to_string(),
-                "id_token".to_string(),
-                "token id_token".to_string(),
-            ],
-            subject_types_supported: vec!["public".to_string()],
-            id_token_signing_alg_values_supported: vec!["RS256".to_string()],
-            token_endpoint_auth_methods_supported: Some(vec![
-                "client_secret_post".to_string(),
-                "client_secret_basic".to_string(),
-            ]),
-            claims_supported: Some(vec![
-                "sub".to_string(),
-                "name".to_string(),
-                "given_name".to_string(),
-                "family_name".to_string(),
-                "email".to_string(),
-            ]),
-            code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
-        })
+    HttpResponse::Ok().json(OpenIDConfig {
+        issuer: AppConfig::get().website_origin.clone(),
+        authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
+        token_endpoint: curr_origin.clone() + TOKEN_URI,
+        userinfo_endpoint: Some(curr_origin.clone() + USERINFO_URI),
+        jwks_uri: curr_origin + CERT_URI,
+        scopes_supported: Some(vec![
+            "openid".to_string(),
+            "profile".to_string(),
+            "email".to_string(),
+        ]),
+        response_types_supported: vec![
+            "code".to_string(),
+            "id_token".to_string(),
+            "token id_token".to_string(),
+        ],
+        subject_types_supported: vec!["public".to_string()],
+        id_token_signing_alg_values_supported: vec!["RS256".to_string()],
+        token_endpoint_auth_methods_supported: Some(vec![
+            "client_secret_post".to_string(),
+            "client_secret_basic".to_string(),
+        ]),
+        claims_supported: Some(vec![
+            "sub".to_string(),
+            "name".to_string(),
+            "given_name".to_string(),
+            "family_name".to_string(),
+            "email".to_string(),
+        ]),
+        code_challenge_methods_supported: Some(vec!["plain".to_string(), "S256".to_string()]),
+    })
 }

 #[derive(serde::Deserialize, Debug)]
@ -220,8 +218,8 @@ pub async fn authorize(
        ));
    }

-    match (client.has_secret(), query.response_type.as_str()) {
-        (_, "code") => {
+    match (client.auth_flow(), query.response_type.as_str()) {
+        (AuthenticationFlow::AuthorizationCode, "code") => {
            // Save all authentication information in memory
            let session = Session {
                session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
@ -263,8 +261,7 @@ pub async fn authorize(
                .finish())
        }

-        // id_token is available only if user has no secret configured
-        (false, "id_token") => {
+        (AuthenticationFlow::Implicit, "id_token") => {
            let id_token = IdToken {
                issuer: AppConfig::get().website_origin.to_string(),
                subject_identifier: user.uid.0.clone(),
@ -296,11 +293,11 @@ pub async fn authorize(
                .finish())
        }

-        (secret, code) => {
+        (flow, code) => {
            log::warn!(
-                "For client {:?}, configured with secret {:?}, made request with code {}",
+                "For client {:?}, configured with flow {:?}, made request with code {}",
                client.id,
-                secret,
+                flow,
                code
            );
            Ok(error_redirect(
@ -369,7 +366,9 @@ pub async fn token(
    let (client_id, client_secret) =
        match (&query.client_id, &query.client_secret, authorization_header) {
            // post authentication
-            (Some(client_id), client_secret, None) => (client_id.clone(), client_secret.clone()),
+            (Some(client_id), Some(client_secret), None) => {
+                (client_id.clone(), client_secret.to_string())
+            }

            // Basic authentication
            (_, None, Some(v)) => {
@ -400,8 +399,8 @@ pub async fn token(
                .to_string();

                match decode.split_once(':') {
-                    None => (ClientID(decode), None),
-                    Some((id, secret)) => (ClientID(id.to_string()), Some(secret.to_string())),
+                    None => (ClientID(decode), "".to_string()),
+                    Some((id, secret)) => (ClientID(id.to_string()), secret.to_string()),
                }
            }

@ -419,7 +418,7 @@ pub async fn token(
        .ok_or_else(|| ErrorUnauthorized("Client not found"))?;

    // Retrieving token requires the client to have a defined secret
-    if client.secret != client_secret {
+    if client.secret != Some(client_secret) {
        return Ok(error_response(
            &query,
            "invalid_request",
@ -609,9 +608,8 @@ pub async fn token(
    };

    Ok(HttpResponse::Ok()
-        .insert_header(("Cache-Control", "no-store"))
-        .insert_header(("Pragma", "no-cache"))
-        .insert_header(("access-control-allow-origin", "*"))
+        .append_header(("Cache-Control", "no-store"))
+        .append_header(("Pragam", "no-cache"))
        .json(token_response))
 }

--- a/src/controllers/providers_controller.rs
+++ b/src/controllers/providers_controller.rs
@ -3,7 +3,7 @@ use std::sync::Arc;
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use askama::Template;

 use crate::actors::bruteforce_actor::BruteForceActor;
--- a/src/controllers/settings_controller.rs
+++ b/src/controllers/settings_controller.rs
@ -1,6 +1,6 @@
 use actix::Addr;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 use askama::Template;

 use crate::actors::bruteforce_actor::BruteForceActor;
--- a/src/controllers/two_factor_api.rs
+++ b/src/controllers/two_factor_api.rs
@ -1,5 +1,5 @@
 use actix::Addr;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 use uuid::Uuid;
 use webauthn_rs::prelude::RegisterPublicKeyCredential;

--- a/src/controllers/two_factors_controller.rs
+++ b/src/controllers/two_factors_controller.rs
@ -2,8 +2,8 @@ use std::ops::Deref;

 use actix_web::{HttpResponse, Responder};
 use askama::Template;
-use base64::Engine as _;
 use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use base64::Engine as _;
 use qrcode_generator::QrCodeEcc;

 use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;
--- a/src/data/action_logger.rs
+++ b/src/data/action_logger.rs
@ -6,7 +6,7 @@ use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
 use actix_web::dev::Payload;
-use actix_web::{Error, FromRequest, HttpRequest, web};
+use actix_web::{web, Error, FromRequest, HttpRequest};

 use crate::actors::providers_states_actor::ProviderLoginState;
 use crate::actors::users_actor;
@ -142,56 +142,27 @@ impl Action<'_> {
                false => format!("performed FAILED webauthn attempt for user {user_id:?}"),
            },
            Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
-                "started new authentication attempt through an OpenID provider (prov={} / state={state})",
-                provider_id.0
-            ),
-            Action::ProviderError { message } => {
-                format!("failed provider authentication with message '{message}'")
-            }
-            Action::ProviderCBInvalidState { state } => {
-                format!("provided invalid callback state after provider authentication: '{state}'")
-            }
-            Action::ProviderRateLimited => {
-                "could not complete OpenID login because it has reached failed attempts rate limit!"
-                    .to_string()
-            }
-            Action::ProviderFailedGetToken { state, code } => format!(
-                "could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",
-                state
-            ),
-            Action::ProviderFailedGetUserInfo { provider } => format!(
-                "could not get user information from userinfo endpoint of provider {}!",
-                provider.id.0
-            ),
-            Action::ProviderEmailNotValidated { provider } => format!(
-                "could not login using provider {} because its email was marked as not validated!",
-                provider.id.0
-            ),
-            Action::ProviderMissingEmailInResponse { provider } => format!(
-                "could not login using provider {} because the email was not provided by userinfo endpoint!",
-                provider.id.0
-            ),
-            Action::ProviderAccountNotFound { provider, email } => format!(
-                "could not login using provider {} because the email {email} could not be associated to any account!",
-                &provider.id.0
-            ),
-            Action::ProviderAccountDisabled { provider, email } => format!(
-                "could not login using provider {} because the account associated to the email {email} is disabled!",
-                &provider.id.0
-            ),
-            Action::ProviderAccountNotAllowedToLoginWithProvider { provider, email } => format!(
-                "could not login using provider {} because the account associated to the email {email} is not allowed to authenticate using this provider!",
-                &provider.id.0
-            ),
-            Action::ProviderLoginFailed { provider, email } => format!(
-                "could not login using provider {} with the email {email} for an unknown reason!",
-                &provider.id.0
-            ),
-            Action::ProviderLoginSuccessful { provider, user } => format!(
-                "successfully authenticated using provider {} as {}",
-                provider.id.0,
-                user.quick_identity()
+                "started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
            ),
+            Action::ProviderError { message } =>
+                format!("failed provider authentication with message '{message}'"),
+            Action::ProviderCBInvalidState { state } =>
+                format!("provided invalid callback state after provider authentication: '{state}'"),
+            Action::ProviderRateLimited => "could not complete OpenID login because it has reached failed attempts rate limit!".to_string(),
+            Action::ProviderFailedGetToken {state, code} => format!("could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",state),
+            Action::ProviderFailedGetUserInfo {provider} => format!("could not get user information from userinfo endpoint of provider {}!", provider.id.0),
+            Action::ProviderEmailNotValidated {provider}=>format!("could not login using provider {} because its email was marked as not validated!", provider.id.0),
+            Action::ProviderMissingEmailInResponse {provider}=>format!("could not login using provider {} because the email was not provided by userinfo endpoint!", provider.id.0),
+            Action::ProviderAccountNotFound { provider, email } =>
+                format!("could not login using provider {} because the email {email} could not be associated to any account!", &provider.id.0),
+            Action::ProviderAccountDisabled  { provider, email } =>
+                format!("could not login using provider {} because the account associated to the email {email} is disabled!", &provider.id.0),
+            Action::ProviderAccountNotAllowedToLoginWithProvider { provider, email } =>
+                format!("could not login using provider {} because the account associated to the email {email} is not allowed to authenticate using this provider!", &provider.id.0),
+            Action::ProviderLoginFailed { provider, email } =>
+                format!("could not login using provider {} with the email {email} for an unknown reason!", &provider.id.0),
+            Action::ProviderLoginSuccessful {provider, user} =>
+                format!("successfully authenticated using provider {} as {}", provider.id.0, user.quick_identity()),
            Action::Signout => "signed out".to_string(),
            Action::UserNeed2FAOnLogin(user) => {
                format!(
@ -210,9 +181,7 @@ impl Action<'_> {
                format!("successfully authenticated as {login}, but this is a DISABLED ACCOUNT")
            }
            Action::TryLocalLoginFromUnauthorizedAccount(login) => {
-                format!(
-                    "successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!"
-                )
+                format!("successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!")
            }
            Action::FailedLoginWithBadCredentials(login) => {
                format!("attempted to authenticate as {login} but with a WRONG PASSWORD")
@ -233,10 +202,7 @@ impl Action<'_> {
            Action::NewOpenIDSession { client } => {
                format!("opened a new OpenID session with {:?}", client.id)
            }
-            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!(
-                "finished an implicit flow connection for client {:?}",
-                client.id
-            ),
+            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!("finished an implicit flow connection for client {:?}", client.id),
            Action::ChangedHisPassword => "changed his password".to_string(),
            Action::ClearedHisLoginHistory => "cleared his login history".to_string(),
            Action::AddNewFactor(factor) => format!(
@ -261,7 +227,7 @@ impl ActionLogger {
                None => "Anonymous user".to_string(),
                Some(u) => u.quick_identity(),
            },
-            self.ip,
+            self.ip.to_string(),
            action.as_string()
        )
    }
--- a/src/data/client.rs
+++ b/src/data/client.rs
@ -7,6 +7,12 @@ use std::collections::HashMap;
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
 pub struct ClientID(pub String);

+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub enum AuthenticationFlow {
+    AuthorizationCode,
+    Implicit,
+}
+
 pub type AdditionalClaims = HashMap<String, Value>;

 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
@ -55,9 +61,12 @@ impl PartialEq for Client {
 impl Eq for Client {}

 impl Client {
-    /// Check if the client has a secret defined
-    pub fn has_secret(&self) -> bool {
-        self.secret.is_some()
+    /// Get the client authentication flow
+    pub fn auth_flow(&self) -> AuthenticationFlow {
+        match self.secret {
+            None => AuthenticationFlow::Implicit,
+            Some(_) => AuthenticationFlow::AuthorizationCode,
+        }
    }

    /// Process a single claim value
--- a/src/data/code_challenge.rs
+++ b/src/data/code_challenge.rs
@ -1,5 +1,5 @@
-use base64::Engine as _;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
+use base64::Engine as _;

 use crate::utils::crypt_utils::sha256;

--- a/src/data/critical_route.rs
+++ b/src/data/critical_route.rs
@ -1,6 +1,6 @@
 use crate::data::current_user::CurrentUser;
 use crate::data::from_request_redirect::FromRequestRedirect;
-use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
+use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
 use actix_web::dev::Payload;
 use actix_web::{FromRequest, HttpRequest};
 use std::future::Future;
--- a/src/data/current_user.rs
+++ b/src/data/current_user.rs
@ -6,7 +6,7 @@ use actix::Addr;
 use actix_identity::Identity;
 use actix_web::dev::Payload;
 use actix_web::error::ErrorInternalServerError;
-use actix_web::{Error, FromRequest, HttpRequest, web};
+use actix_web::{web, Error, FromRequest, HttpRequest};

 use crate::actors::users_actor;
 use crate::actors::users_actor::UsersActor;
--- a/src/data/entity_manager.rs
+++ b/src/data/entity_manager.rs
@ -20,10 +20,7 @@ where
    /// Open entity
    pub fn open_or_create<A: AsRef<Path>>(path: A) -> Res<Self> {
        if !path.as_ref().is_file() {
-            log::warn!(
-                "Entities at {:?} does not point to a file, creating a new empty entity container...",
-                path.as_ref()
-            );
+            log::warn!("Entities at {:?} does not point to a file, creating a new empty entity container...", path.as_ref());
            return Ok(Self {
                file_path: path.as_ref().to_path_buf(),
                list: vec![],
--- a/src/data/force_2fa_auth.rs
+++ b/src/data/force_2fa_auth.rs
@ -2,7 +2,7 @@ use crate::data::current_user::CurrentUser;
 use crate::data::session_identity::SessionIdentity;
 use actix_identity::Identity;
 use actix_web::dev::Payload;
-use actix_web::{Error, FromRequest, HttpRequest, web};
+use actix_web::{web, Error, FromRequest, HttpRequest};
 use std::future::Future;
 use std::pin::Pin;

--- a/src/data/jwt_signer.rs
+++ b/src/data/jwt_signer.rs
@ -1,12 +1,12 @@
 use jwt_simple::algorithms::RSAKeyPairLike;
 use jwt_simple::claims::JWTClaims;
 use jwt_simple::prelude::RS256KeyPair;
-use serde::Serialize;
 use serde::de::DeserializeOwned;
+use serde::Serialize;

-use base64::Engine as _;
 use base64::engine::general_purpose::URL_SAFE as BASE64_URL_URL_SAFE;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
+use base64::Engine as _;

 use crate::utils::err::Res;
 use crate::utils::string_utils::rand_str;
--- a/src/data/provider_configuration.rs
+++ b/src/data/provider_configuration.rs
@ -26,9 +26,7 @@ impl ProviderConfiguration {
        let state = urlencoding::encode(&state.state_id).to_string();
        let callback_url = AppConfig::get().oidc_provider_redirect_url();

-        format!(
-            "{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}"
-        )
+        format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
    }

    /// Retrieve the authorization token after a successful authentication, using an authorization code
--- a/src/data/totp_key.rs
+++ b/src/data/totp_key.rs
@ -1,3 +1,5 @@
+use std::io::ErrorKind;
+
 use base32::Alphabet;
 use rand::Rng;
 use totp_rfc6238::{HashAlgorithm, TotpGenerator};
@ -19,7 +21,7 @@ pub struct TotpKey {
 impl TotpKey {
    /// Generate a new TOTP key
    pub fn new_random() -> Self {
-        let random_bytes = rand::rng().random::<[u8; 20]>();
+        let random_bytes = rand::thread_rng().gen::<[u8; 20]>();
        Self {
            encoded: base32::encode(BASE32_ALPHABET, &random_bytes),
        }
@ -78,7 +80,7 @@ impl TotpKey {

    /// Get the code at a specific time
    fn get_code_at<F: Fn() -> u64>(&self, get_time: F) -> Res<String> {
-        let generator = TotpGenerator::new()
+        let gen = TotpGenerator::new()
            .set_digit(NUM_DIGITS)
            .unwrap()
            .set_step(PERIOD)
@ -88,14 +90,15 @@ impl TotpKey {

        let key = match base32::decode(BASE32_ALPHABET, &self.encoded) {
            None => {
-                return Err(Box::new(std::io::Error::other(
+                return Err(Box::new(std::io::Error::new(
+                    ErrorKind::Other,
                    "Failed to decode base32 secret!",
                )));
            }
            Some(k) => k,
        };

-        Ok(generator.get_code_with(&key, get_time))
+        Ok(gen.get_code_with(&key, get_time))
    }

    /// Check a code's validity
--- a/src/data/users_file_entity.rs
+++ b/src/data/users_file_entity.rs
@ -3,7 +3,7 @@ use std::net::IpAddr;
 use crate::actors::users_actor::{AuthorizedAuthenticationSources, UsersSyncBackend};
 use crate::data::entity_manager::EntityManager;
 use crate::data::user::{FactorID, GeneralSettings, GrantedClients, TwoFactor, User, UserID};
-use crate::utils::err::{Res, new_error};
+use crate::utils::err::{new_error, Res};
 use crate::utils::time::time;

 impl EntityManager<User> {
--- a/src/data/webauthn_manager.rs
+++ b/src/data/webauthn_manager.rs
@ -1,3 +1,4 @@
+use std::io::ErrorKind;
 use std::sync::Arc;

 use actix_web::web;
@ -108,13 +109,15 @@ impl WebAuthManager {
    ) -> Res<WebauthnPubKey> {
        let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
        if state.user_id != user.uid {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                "Invalid user for pubkey!",
            )));
        }

        if state.expire < time() {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                "Challenge has expired!",
            )));
        }
@ -154,13 +157,15 @@ impl WebAuthManager {
    ) -> Res {
        let state: AuthStateOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
        if &state.user_id != user_id {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                "Invalid user for pubkey!",
            )));
        }

        if state.expire < time() {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                "Challenge has expired!",
            )));
        }
--- a/src/main.rs
+++ b/src/main.rs
@ -2,14 +2,14 @@ use core::time::Duration;
 use std::sync::Arc;

 use actix::Actor;
-use actix_identity::IdentityMiddleware;
 use actix_identity::config::LogoutBehaviour;
+use actix_identity::IdentityMiddleware;
 use actix_remote_ip::RemoteIPConfig;
-use actix_session::SessionMiddleware;
 use actix_session::storage::CookieSessionStore;
+use actix_session::SessionMiddleware;
 use actix_web::cookie::{Key, SameSite};
 use actix_web::middleware::Logger;
-use actix_web::{App, HttpResponse, HttpServer, get, middleware, web};
+use actix_web::{get, middleware, web, App, HttpResponse, HttpServer};

 use basic_oidc::actors::bruteforce_actor::BruteForceActor;
 use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;
--- a/src/middlewares/auth_middleware.rs
+++ b/src/middlewares/auth_middleware.rs
@ -1,15 +1,15 @@
 //! # Authentication middleware

-use std::future::{Future, Ready, ready};
+use std::future::{ready, Future, Ready};
 use std::pin::Pin;
 use std::rc::Rc;

 use actix_identity::IdentityExt;
 use actix_web::body::EitherBody;
-use actix_web::http::{Method, header};
+use actix_web::http::{header, Method};
 use actix_web::{
+    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
    Error, HttpResponse,
-    dev::{Service, ServiceRequest, ServiceResponse, Transform, forward_ready},
 };

 use crate::constants::{
--- a/src/utils/string_utils.rs
+++ b/src/utils/string_utils.rs
@ -1,9 +1,14 @@
 use lazy_regex::regex_find;
-use rand::distr::{Alphanumeric, SampleString};
+use rand::distributions::Alphanumeric;
+use rand::Rng;

 /// Generate a random string of a given size
 pub fn rand_str(len: usize) -> String {
-    Alphanumeric.sample_string(&mut rand::rng(), len)
+    rand::thread_rng()
+        .sample_iter(&Alphanumeric)
+        .map(char::from)
+        .take(len)
+        .collect()
 }

 /// Parse environment variables
@ -44,9 +49,7 @@ mod test {
    const VAR_ONE: &str = "VAR_ONE";
    #[test]
    fn test_apply_env_var() {
-        unsafe {
-            env::set_var(VAR_ONE, "good");
-        }
+        env::set_var(VAR_ONE, "good");
        let src = format!("This is ${{{}}}", VAR_ONE);
        assert_eq!("This is good", apply_env_vars(&src));
    }