Update Rust crate uuid to v1.12.0

Cargo.toml

@@ -1,42 +1,42 @@
 [package]
 name = "basic-oidc"
-version = "0.1.5"
+version = "0.1.4"
-edition = "2024"
+edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-actix = "0.13.5"
+actix = "0.13.3"
 actix-identity = "0.8.0"
-actix-web = "4.11.0"
+actix-web = "4.5.1"
-actix-session = { version = "0.10.1", features = ["cookie-session"] }
+actix-session = { version = "0.10.0", features = ["cookie-session"] }
 actix-remote-ip = "0.1.0"
-clap = { version = "4.5.40", features = ["derive", "env"] }
+clap = { version = "4.5.17", features = ["derive", "env"] }
-include_dir = "0.7.4"
+include_dir = "0.7.3"
-log = "0.4.27"
+log = "0.4.21"
-serde_json = "1.0.140"
+serde_json = "1.0.128"
 serde_yaml = "0.9.34"
-env_logger = "0.11.8"
+env_logger = "0.11.3"
-serde = { version = "1.0.219", features = ["derive"] }
+serde = { version = "1.0.210", features = ["derive"] }
-bcrypt = "0.17.0"
+bcrypt = "0.16.0"
-uuid = { version = "1.17.0", features = ["v4"] }
+uuid = { version = "1.8.0", features = ["v4"] }
-mime_guess = "2.0.5"
+mime_guess = "2.0.4"
-askama = "0.14.0"
+askama = "0.12.1"
-futures-util = "0.3.31"
+futures-util = "0.3.30"
 urlencoding = "2.1.3"
-rand = "0.9.1"
+rand = "0.8.5"
 base64 = "0.22.1"
-jwt-simple = { version = "0.12.12", default-features = false, features = ["pure-rust"] }
+jwt-simple = { version = "0.12.10", default-features = false, features = ["pure-rust"] }
 digest = "0.10.7"
-sha2 = "0.10.9"
+sha2 = "0.10.8"
-lazy-regex = "3.4.1"
+lazy-regex = "3.3.0"
-totp_rfc6238 = "0.6.1"
+totp_rfc6238 = "0.6.0"
-base32 = "0.5.1"
+base32 = "0.5.0"
 qrcode-generator = "5.0.0"
-webauthn-rs = { version = "0.5.1", features = ["danger-allow-state-serialisation"] }
+webauthn-rs = { version = "0.5.0", features = ["danger-allow-state-serialisation"] }
-url = "2.5.4"
+url = "2.5.0"
-light-openid = { version = "1.0.4", features = ["crypto-wrapper"] }
+light-openid = { version = "1.0.2", features = ["crypto-wrapper"] }
-bincode = "2.0.1"
+bincode = "2.0.0-rc.3"
-chrono = "0.4.41"
+chrono = "0.4.38"
-lazy_static = "1.5.0"
+lazy_static = "1.4.0"
-mailchecker = "6.0.17"
+mailchecker = "6.0.8"

renovate.json

@@ -1,3 +1,9 @@
 {
-  "extends": ["local>renovate/presets"]
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "packageRules": [
+    {
+      "matchUpdateTypes": ["major", "minor", "patch"],
+      "automerge": true
+    }
+  ]
 }

src/actors/bruteforce_actor.rs

@@ -1,5 +1,5 @@
-use std::collections::HashMap;
 use std::collections::hash_map::Entry;
+use std::collections::HashMap;
 use std::net::IpAddr;
 
 use actix::{Actor, AsyncContext, Context, Handler, Message};

src/actors/providers_states_actor.rs

@@ -8,8 +8,8 @@ use crate::constants::{
     OIDC_STATES_CLEANUP_INTERVAL,
 };
 use actix::{Actor, AsyncContext, Context, Handler, Message};
-use std::collections::HashMap;
 use std::collections::hash_map::Entry;
+use std::collections::HashMap;
 use std::net::IpAddr;
 
 use crate::data::login_redirect::LoginRedirect;

src/controllers/admin_api.rs

@@ -1,6 +1,6 @@
 use crate::actors::users_actor;
 use actix::Addr;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 
 use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersActor};
 use crate::data::action_logger::{Action, ActionLogger};

src/controllers/admin_controller.rs

@@ -2,7 +2,7 @@ use std::ops::Deref;
 use std::sync::Arc;
 
 use actix::Addr;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 use askama::Template;
 
 use crate::actors::users_actor;

src/controllers/assets_controller.rs

@@ -1,7 +1,7 @@
 use std::path::Path;
 
-use actix_web::{HttpResponse, web};
+use actix_web::{web, HttpResponse};
-use include_dir::{Dir, include_dir};
+use include_dir::{include_dir, Dir};
 
 /// Assets directory
 static ASSETS_DIR: Dir = include_dir!("$CARGO_MANIFEST_DIR/assets");

src/controllers/login_api.rs

@@ -4,7 +4,7 @@ use crate::data::action_logger::{Action, ActionLogger};
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use webauthn_rs::prelude::PublicKeyCredential;
 
 use crate::data::session_identity::{SessionIdentity, SessionStatus};

src/controllers/login_controller.rs

@@ -1,7 +1,7 @@
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use askama::Template;
 use std::sync::Arc;
 
@@ -14,7 +14,7 @@ use crate::controllers::base_controller::{
 };
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::force_2fa_auth::Force2FAAuth;
-use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
+use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
 use crate::data::provider::{Provider, ProvidersManager};
 use crate::data::session_identity::{SessionIdentity, SessionStatus};
 use crate::data::user::User;
@@ -177,10 +177,7 @@ pub async fn login_route(
             }
 
             LoginResult::LocalAuthForbidden => {
-                log::warn!(
+                log::warn!("Failed login for username {} : attempted to use local auth, but it is forbidden", &login);
-                    "Failed login for username {} : attempted to use local auth, but it is forbidden",
-                    &login
-                );
                 logger.log(Action::TryLocalLoginFromUnauthorizedAccount(&login));
                 danger = Some("You cannot login from local auth with your account!".to_string());
             }

src/controllers/openid_controller.rs

@@ -4,9 +4,9 @@ use std::sync::Arc;
 use actix::Addr;
 use actix_identity::Identity;
 use actix_web::error::ErrorUnauthorized;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
-use base64::Engine as _;
 use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use base64::Engine as _;
 use light_openid::primitives::{OpenIDConfig, OpenIDTokenResponse, OpenIDUserInfo};
 
 use crate::actors::openid_sessions_actor::{OpenIDSessionsActor, Session, SessionID};
@@ -16,12 +16,12 @@ use crate::constants::*;
 use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::app_config::AppConfig;
-use crate::data::client::{AdditionalClaims, ClientID, ClientManager};
+use crate::data::client::{AdditionalClaims, AuthenticationFlow, ClientID, ClientManager};
 use crate::data::code_challenge::CodeChallenge;
 use crate::data::current_user::CurrentUser;
 use crate::data::id_token::IdToken;
 use crate::data::jwt_signer::{JWTSigner, JsonWebKey};
-use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
+use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
 
 use crate::data::session_identity::SessionIdentity;
 use crate::data::user::User;
@@ -50,9 +50,7 @@ pub async fn get_configuration(req: HttpRequest) -> impl Responder {
         host
     );
 
-    HttpResponse::Ok()
+    HttpResponse::Ok().json(OpenIDConfig {
-        .insert_header(("access-control-allow-origin", "*"))
-        .json(OpenIDConfig {
         issuer: AppConfig::get().website_origin.clone(),
         authorization_endpoint: AppConfig::get().full_url(AUTHORIZE_URI),
         token_endpoint: curr_origin.clone() + TOKEN_URI,
@@ -220,8 +218,8 @@ pub async fn authorize(
         ));
     }
 
-    match (client.has_secret(), query.response_type.as_str()) {
+    match (client.auth_flow(), query.response_type.as_str()) {
-        (_, "code") => {
+        (AuthenticationFlow::AuthorizationCode, "code") => {
             // Save all authentication information in memory
             let session = Session {
                 session_id: SessionID(rand_str(OPEN_ID_SESSION_LEN)),
@@ -263,8 +261,7 @@ pub async fn authorize(
                 .finish())
         }
 
-        // id_token is available only if user has no secret configured
+        (AuthenticationFlow::Implicit, "id_token") => {
-        (false, "id_token") => {
             let id_token = IdToken {
                 issuer: AppConfig::get().website_origin.to_string(),
                 subject_identifier: user.uid.0.clone(),
@@ -296,11 +293,11 @@ pub async fn authorize(
                 .finish())
         }
 
-        (secret, code) => {
+        (flow, code) => {
             log::warn!(
-                "For client {:?}, configured with secret {:?}, made request with code {}",
+                "For client {:?}, configured with flow {:?}, made request with code {}",
                 client.id,
-                secret,
+                flow,
                 code
             );
             Ok(error_redirect(
@@ -369,7 +366,9 @@ pub async fn token(
     let (client_id, client_secret) =
         match (&query.client_id, &query.client_secret, authorization_header) {
             // post authentication
-            (Some(client_id), client_secret, None) => (client_id.clone(), client_secret.clone()),
+            (Some(client_id), Some(client_secret), None) => {
+                (client_id.clone(), client_secret.to_string())
+            }
 
             // Basic authentication
             (_, None, Some(v)) => {
@@ -400,8 +399,8 @@ pub async fn token(
                 .to_string();
 
                 match decode.split_once(':') {
-                    None => (ClientID(decode), None),
+                    None => (ClientID(decode), "".to_string()),
-                    Some((id, secret)) => (ClientID(id.to_string()), Some(secret.to_string())),
+                    Some((id, secret)) => (ClientID(id.to_string()), secret.to_string()),
                 }
             }
 
@@ -419,7 +418,7 @@ pub async fn token(
         .ok_or_else(|| ErrorUnauthorized("Client not found"))?;
 
     // Retrieving token requires the client to have a defined secret
-    if client.secret != client_secret {
+    if client.secret != Some(client_secret) {
         return Ok(error_response(
             &query,
             "invalid_request",
@@ -609,9 +608,8 @@ pub async fn token(
     };
 
     Ok(HttpResponse::Ok()
-        .insert_header(("Cache-Control", "no-store"))
+        .append_header(("Cache-Control", "no-store"))
-        .insert_header(("Pragma", "no-cache"))
+        .append_header(("Pragam", "no-cache"))
-        .insert_header(("access-control-allow-origin", "*"))
         .json(token_response))
 }
 

src/controllers/providers_controller.rs

@@ -3,7 +3,7 @@ use std::sync::Arc;
 use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpRequest, HttpResponse, Responder, web};
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
 use askama::Template;
 
 use crate::actors::bruteforce_actor::BruteForceActor;

src/controllers/settings_controller.rs

@@ -1,6 +1,6 @@
 use actix::Addr;
 use actix_remote_ip::RemoteIP;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 use askama::Template;
 
 use crate::actors::bruteforce_actor::BruteForceActor;

src/controllers/two_factor_api.rs

@@ -1,5 +1,5 @@
 use actix::Addr;
-use actix_web::{HttpResponse, Responder, web};
+use actix_web::{web, HttpResponse, Responder};
 use uuid::Uuid;
 use webauthn_rs::prelude::RegisterPublicKeyCredential;
 

src/controllers/two_factors_controller.rs

@@ -2,8 +2,8 @@ use std::ops::Deref;
 
 use actix_web::{HttpResponse, Responder};
 use askama::Template;
-use base64::Engine as _;
 use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
+use base64::Engine as _;
 use qrcode_generator::QrCodeEcc;
 
 use crate::constants::MAX_SECOND_FACTOR_NAME_LEN;

src/data/action_logger.rs

@@ -6,7 +6,7 @@ use actix::Addr;
 use actix_identity::Identity;
 use actix_remote_ip::RemoteIP;
 use actix_web::dev::Payload;
-use actix_web::{Error, FromRequest, HttpRequest, web};
+use actix_web::{web, Error, FromRequest, HttpRequest};
 
 use crate::actors::providers_states_actor::ProviderLoginState;
 use crate::actors::users_actor;
@@ -142,56 +142,27 @@ impl Action<'_> {
                 false => format!("performed FAILED webauthn attempt for user {user_id:?}"),
             },
             Action::StartLoginAttemptWithOpenIDProvider { provider_id, state } => format!(
-                "started new authentication attempt through an OpenID provider (prov={} / state={state})",
+                "started new authentication attempt through an OpenID provider (prov={} / state={state})", provider_id.0
-                provider_id.0
-            ),
-            Action::ProviderError { message } => {
-                format!("failed provider authentication with message '{message}'")
-            }
-            Action::ProviderCBInvalidState { state } => {
-                format!("provided invalid callback state after provider authentication: '{state}'")
-            }
-            Action::ProviderRateLimited => {
-                "could not complete OpenID login because it has reached failed attempts rate limit!"
-                    .to_string()
-            }
-            Action::ProviderFailedGetToken { state, code } => format!(
-                "could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",
-                state
-            ),
-            Action::ProviderFailedGetUserInfo { provider } => format!(
-                "could not get user information from userinfo endpoint of provider {}!",
-                provider.id.0
-            ),
-            Action::ProviderEmailNotValidated { provider } => format!(
-                "could not login using provider {} because its email was marked as not validated!",
-                provider.id.0
-            ),
-            Action::ProviderMissingEmailInResponse { provider } => format!(
-                "could not login using provider {} because the email was not provided by userinfo endpoint!",
-                provider.id.0
-            ),
-            Action::ProviderAccountNotFound { provider, email } => format!(
-                "could not login using provider {} because the email {email} could not be associated to any account!",
-                &provider.id.0
-            ),
-            Action::ProviderAccountDisabled { provider, email } => format!(
-                "could not login using provider {} because the account associated to the email {email} is disabled!",
-                &provider.id.0
-            ),
-            Action::ProviderAccountNotAllowedToLoginWithProvider { provider, email } => format!(
-                "could not login using provider {} because the account associated to the email {email} is not allowed to authenticate using this provider!",
-                &provider.id.0
-            ),
-            Action::ProviderLoginFailed { provider, email } => format!(
-                "could not login using provider {} with the email {email} for an unknown reason!",
-                &provider.id.0
-            ),
-            Action::ProviderLoginSuccessful { provider, user } => format!(
-                "successfully authenticated using provider {} as {}",
-                provider.id.0,
-                user.quick_identity()
             ),
+            Action::ProviderError { message } =>
+                format!("failed provider authentication with message '{message}'"),
+            Action::ProviderCBInvalidState { state } =>
+                format!("provided invalid callback state after provider authentication: '{state}'"),
+            Action::ProviderRateLimited => "could not complete OpenID login because it has reached failed attempts rate limit!".to_string(),
+            Action::ProviderFailedGetToken {state, code} => format!("could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",state),
+            Action::ProviderFailedGetUserInfo {provider} => format!("could not get user information from userinfo endpoint of provider {}!", provider.id.0),
+            Action::ProviderEmailNotValidated {provider}=>format!("could not login using provider {} because its email was marked as not validated!", provider.id.0),
+            Action::ProviderMissingEmailInResponse {provider}=>format!("could not login using provider {} because the email was not provided by userinfo endpoint!", provider.id.0),
+            Action::ProviderAccountNotFound { provider, email } =>
+                format!("could not login using provider {} because the email {email} could not be associated to any account!", &provider.id.0),
+            Action::ProviderAccountDisabled  { provider, email } =>
+                format!("could not login using provider {} because the account associated to the email {email} is disabled!", &provider.id.0),
+            Action::ProviderAccountNotAllowedToLoginWithProvider { provider, email } =>
+                format!("could not login using provider {} because the account associated to the email {email} is not allowed to authenticate using this provider!", &provider.id.0),
+            Action::ProviderLoginFailed { provider, email } =>
+                format!("could not login using provider {} with the email {email} for an unknown reason!", &provider.id.0),
+            Action::ProviderLoginSuccessful {provider, user} =>
+                format!("successfully authenticated using provider {} as {}", provider.id.0, user.quick_identity()),
             Action::Signout => "signed out".to_string(),
             Action::UserNeed2FAOnLogin(user) => {
                 format!(
@@ -210,9 +181,7 @@ impl Action<'_> {
                 format!("successfully authenticated as {login}, but this is a DISABLED ACCOUNT")
             }
             Action::TryLocalLoginFromUnauthorizedAccount(login) => {
-                format!(
+                format!("successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!")
-                    "successfully locally authenticated as {login}, but this is a FORBIDDEN for this account!"
-                )
             }
             Action::FailedLoginWithBadCredentials(login) => {
                 format!("attempted to authenticate as {login} but with a WRONG PASSWORD")
@@ -233,10 +202,7 @@ impl Action<'_> {
             Action::NewOpenIDSession { client } => {
                 format!("opened a new OpenID session with {:?}", client.id)
             }
-            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!(
+            Action::NewOpenIDSuccessfulImplicitAuth { client } => format!("finished an implicit flow connection for client {:?}", client.id),
-                "finished an implicit flow connection for client {:?}",
-                client.id
-            ),
             Action::ChangedHisPassword => "changed his password".to_string(),
             Action::ClearedHisLoginHistory => "cleared his login history".to_string(),
             Action::AddNewFactor(factor) => format!(
@@ -261,7 +227,7 @@ impl ActionLogger {
                 None => "Anonymous user".to_string(),
                 Some(u) => u.quick_identity(),
             },
-            self.ip,
+            self.ip.to_string(),
             action.as_string()
         )
     }

src/data/client.rs

@@ -7,6 +7,12 @@ use std::collections::HashMap;
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize, Eq, PartialEq)]
 pub struct ClientID(pub String);
 
+#[derive(Debug, Copy, Clone, Eq, PartialEq)]
+pub enum AuthenticationFlow {
+    AuthorizationCode,
+    Implicit,
+}
+
 pub type AdditionalClaims = HashMap<String, Value>;
 
 #[derive(Clone, Debug, serde::Serialize, serde::Deserialize)]
@@ -55,9 +61,12 @@ impl PartialEq for Client {
 impl Eq for Client {}
 
 impl Client {
-    /// Check if the client has a secret defined
+    /// Get the client authentication flow
-    pub fn has_secret(&self) -> bool {
+    pub fn auth_flow(&self) -> AuthenticationFlow {
-        self.secret.is_some()
+        match self.secret {
+            None => AuthenticationFlow::Implicit,
+            Some(_) => AuthenticationFlow::AuthorizationCode,
+        }
     }
 
     /// Process a single claim value

src/data/code_challenge.rs

@@ -1,5 +1,5 @@
-use base64::Engine as _;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
+use base64::Engine as _;
 
 use crate::utils::crypt_utils::sha256;
 

src/data/critical_route.rs

@@ -1,6 +1,6 @@
 use crate::data::current_user::CurrentUser;
 use crate::data::from_request_redirect::FromRequestRedirect;
-use crate::data::login_redirect::{LoginRedirect, get_2fa_url};
+use crate::data::login_redirect::{get_2fa_url, LoginRedirect};
 use actix_web::dev::Payload;
 use actix_web::{FromRequest, HttpRequest};
 use std::future::Future;

src/data/current_user.rs

@@ -6,7 +6,7 @@ use actix::Addr;
 use actix_identity::Identity;
 use actix_web::dev::Payload;
 use actix_web::error::ErrorInternalServerError;
-use actix_web::{Error, FromRequest, HttpRequest, web};
+use actix_web::{web, Error, FromRequest, HttpRequest};
 
 use crate::actors::users_actor;
 use crate::actors::users_actor::UsersActor;

src/data/entity_manager.rs

@@ -20,10 +20,7 @@ where
     /// Open entity
     pub fn open_or_create<A: AsRef<Path>>(path: A) -> Res<Self> {
         if !path.as_ref().is_file() {
-            log::warn!(
+            log::warn!("Entities at {:?} does not point to a file, creating a new empty entity container...", path.as_ref());
-                "Entities at {:?} does not point to a file, creating a new empty entity container...",
-                path.as_ref()
-            );
             return Ok(Self {
                 file_path: path.as_ref().to_path_buf(),
                 list: vec![],

src/data/force_2fa_auth.rs

@@ -2,7 +2,7 @@ use crate::data::current_user::CurrentUser;
 use crate::data::session_identity::SessionIdentity;
 use actix_identity::Identity;
 use actix_web::dev::Payload;
-use actix_web::{Error, FromRequest, HttpRequest, web};
+use actix_web::{web, Error, FromRequest, HttpRequest};
 use std::future::Future;
 use std::pin::Pin;
 

src/data/jwt_signer.rs

@@ -1,12 +1,12 @@
 use jwt_simple::algorithms::RSAKeyPairLike;
 use jwt_simple::claims::JWTClaims;
 use jwt_simple::prelude::RS256KeyPair;
-use serde::Serialize;
 use serde::de::DeserializeOwned;
+use serde::Serialize;
 
-use base64::Engine as _;
 use base64::engine::general_purpose::URL_SAFE as BASE64_URL_URL_SAFE;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD as BASE64_URL_SAFE_NO_PAD;
+use base64::Engine as _;
 
 use crate::utils::err::Res;
 use crate::utils::string_utils::rand_str;

src/data/provider_configuration.rs

@@ -26,9 +26,7 @@ impl ProviderConfiguration {
         let state = urlencoding::encode(&state.state_id).to_string();
         let callback_url = AppConfig::get().oidc_provider_redirect_url();
 
-        format!(
+        format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
-            "{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}"
-        )
     }
 
     /// Retrieve the authorization token after a successful authentication, using an authorization code

src/data/totp_key.rs

@@ -1,3 +1,5 @@
+use std::io::ErrorKind;
+
 use base32::Alphabet;
 use rand::Rng;
 use totp_rfc6238::{HashAlgorithm, TotpGenerator};
@@ -19,7 +21,7 @@ pub struct TotpKey {
 impl TotpKey {
     /// Generate a new TOTP key
     pub fn new_random() -> Self {
-        let random_bytes = rand::rng().random::<[u8; 20]>();
+        let random_bytes = rand::thread_rng().gen::<[u8; 20]>();
         Self {
             encoded: base32::encode(BASE32_ALPHABET, &random_bytes),
         }
@@ -78,7 +80,7 @@ impl TotpKey {
 
     /// Get the code at a specific time
     fn get_code_at<F: Fn() -> u64>(&self, get_time: F) -> Res<String> {
-        let generator = TotpGenerator::new()
+        let gen = TotpGenerator::new()
             .set_digit(NUM_DIGITS)
             .unwrap()
             .set_step(PERIOD)
@@ -88,14 +90,15 @@ impl TotpKey {
 
         let key = match base32::decode(BASE32_ALPHABET, &self.encoded) {
             None => {
-                return Err(Box::new(std::io::Error::other(
+                return Err(Box::new(std::io::Error::new(
+                    ErrorKind::Other,
                     "Failed to decode base32 secret!",
                 )));
             }
             Some(k) => k,
         };
 
-        Ok(generator.get_code_with(&key, get_time))
+        Ok(gen.get_code_with(&key, get_time))
     }
 
     /// Check a code's validity

src/data/users_file_entity.rs

@@ -3,7 +3,7 @@ use std::net::IpAddr;
 use crate::actors::users_actor::{AuthorizedAuthenticationSources, UsersSyncBackend};
 use crate::data::entity_manager::EntityManager;
 use crate::data::user::{FactorID, GeneralSettings, GrantedClients, TwoFactor, User, UserID};
-use crate::utils::err::{Res, new_error};
+use crate::utils::err::{new_error, Res};
 use crate::utils::time::time;
 
 impl EntityManager<User> {

src/data/webauthn_manager.rs

@@ -1,3 +1,4 @@
+use std::io::ErrorKind;
 use std::sync::Arc;
 
 use actix_web::web;
@@ -108,13 +109,15 @@ impl WebAuthManager {
     ) -> Res<WebauthnPubKey> {
         let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
         if state.user_id != user.uid {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                 "Invalid user for pubkey!",
             )));
         }
 
         if state.expire < time() {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                 "Challenge has expired!",
             )));
         }
@@ -154,13 +157,15 @@ impl WebAuthManager {
     ) -> Res {
         let state: AuthStateOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
         if &state.user_id != user_id {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                 "Invalid user for pubkey!",
             )));
         }
 
         if state.expire < time() {
-            return Err(Box::new(std::io::Error::other(
+            return Err(Box::new(std::io::Error::new(
+                ErrorKind::Other,
                 "Challenge has expired!",
             )));
         }

src/main.rs

@@ -2,14 +2,14 @@ use core::time::Duration;
 use std::sync::Arc;
 
 use actix::Actor;
-use actix_identity::IdentityMiddleware;
 use actix_identity::config::LogoutBehaviour;
+use actix_identity::IdentityMiddleware;
 use actix_remote_ip::RemoteIPConfig;
-use actix_session::SessionMiddleware;
 use actix_session::storage::CookieSessionStore;
+use actix_session::SessionMiddleware;
 use actix_web::cookie::{Key, SameSite};
 use actix_web::middleware::Logger;
-use actix_web::{App, HttpResponse, HttpServer, get, middleware, web};
+use actix_web::{get, middleware, web, App, HttpResponse, HttpServer};
 
 use basic_oidc::actors::bruteforce_actor::BruteForceActor;
 use basic_oidc::actors::openid_sessions_actor::OpenIDSessionsActor;

src/middlewares/auth_middleware.rs

@@ -1,15 +1,15 @@
 //! # Authentication middleware
 
-use std::future::{Future, Ready, ready};
+use std::future::{ready, Future, Ready};
 use std::pin::Pin;
 use std::rc::Rc;
 
 use actix_identity::IdentityExt;
 use actix_web::body::EitherBody;
-use actix_web::http::{Method, header};
+use actix_web::http::{header, Method};
 use actix_web::{
+    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
     Error, HttpResponse,
-    dev::{Service, ServiceRequest, ServiceResponse, Transform, forward_ready},
 };
 
 use crate::constants::{

src/utils/string_utils.rs

@@ -1,9 +1,14 @@
 use lazy_regex::regex_find;
-use rand::distr::{Alphanumeric, SampleString};
+use rand::distributions::Alphanumeric;
+use rand::Rng;
 
 /// Generate a random string of a given size
 pub fn rand_str(len: usize) -> String {
-    Alphanumeric.sample_string(&mut rand::rng(), len)
+    rand::thread_rng()
+        .sample_iter(&Alphanumeric)
+        .map(char::from)
+        .take(len)
+        .collect()
 }
 
 /// Parse environment variables
@@ -44,9 +49,7 @@ mod test {
     const VAR_ONE: &str = "VAR_ONE";
     #[test]
     fn test_apply_env_var() {
-        unsafe {
         env::set_var(VAR_ONE, "good");
-        }
         let src = format!("This is ${{{}}}", VAR_ONE);
         assert_eq!("This is good", apply_env_vars(&src));
     }