pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests1 Projects Releases Wiki Activity

Compare commits

..

1 Commits
master ... c58011e358

Author SHA1 Message Date
Renovate Bot
c58011e358 Update Rust crate serde to 1.0.219 2025-04-07 00:30:28 +00:00
18 changed files with 146 additions and 106 deletions

73
Cargo.lock generated

@ -46,9 +46,9 @@ dependencies = [
[[package]] [[package]]
name = "actix-http" name = "actix-http"
version = "3.11.0" version = "3.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "44dfe5c9e0004c623edc65391dfd51daa201e7e30ebd9c9bedf873048ec32bc2" checksum = "0fa882656b67966045e4152c634051e70346939fced7117d5f0b52146a7c74c9"
dependencies = [ dependencies = [
"actix-codec", "actix-codec",
"actix-rt", "actix-rt",
@ -74,7 +74,7 @@ dependencies = [
"mime", "mime",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"rand 0.9.1", "rand 0.9.0",
"sha1", "sha1",
"smallvec", "smallvec",
"tokio", "tokio",
@ -147,9 +147,9 @@ dependencies = [
[[package]] [[package]]
name = "actix-server" name = "actix-server"
version = "2.6.0" version = "2.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a65064ea4a457eaf07f2fba30b4c695bf43b721790e9530d26cb6f9019ff7502" checksum = "6398974fd4284f4768af07965701efbbb5fdc0616bff20cade1bb14b77675e24"
dependencies = [ dependencies = [
"actix-rt", "actix-rt",
"actix-service", "actix-service",
@ -201,9 +201,9 @@ dependencies = [
[[package]] [[package]]
name = "actix-web" name = "actix-web"
version = "4.11.0" version = "4.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a597b77b5c6d6a1e1097fddde329a83665e25c5437c696a3a9a4aa514a614dea" checksum = "f2e3b15b3dc6c6ed996e4032389e9849d4ab002b1e92fbfe85b5f307d1479b4d"
dependencies = [ dependencies = [
"actix-codec", "actix-codec",
"actix-http", "actix-http",
@ -430,9 +430,9 @@ checksum = "71938f30533e4d95a6d17aa530939da3842c2ab6f4f84b9dae68447e4129f74a"
[[package]] [[package]]
name = "askama" name = "askama"
version = "0.14.0" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f75363874b771be265f4ffe307ca705ef6f3baa19011c149da8674a87f1b75c4" checksum = "9a4e46abb203e00ef226442d452769233142bbfdd79c3941e84c8e61c4112543"
dependencies = [ dependencies = [
"askama_derive", "askama_derive",
"itoa", "itoa",
@ -443,9 +443,9 @@ dependencies = [
[[package]] [[package]]
name = "askama_derive" name = "askama_derive"
version = "0.14.0" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "129397200fe83088e8a68407a8e2b1f826cf0086b21ccdb866a722c8bcd3a94f" checksum = "54398906821fd32c728135f7b351f0c7494ab95ae421d41b6f5a020e158f28a6"
dependencies = [ dependencies = [
"askama_parser", "askama_parser",
"basic-toml", "basic-toml",
@ -460,9 +460,9 @@ dependencies = [
[[package]] [[package]]
name = "askama_parser" name = "askama_parser"
version = "0.14.0" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6ab5630b3d5eaf232620167977f95eb51f3432fc76852328774afbd242d4358" checksum = "cf315ce6524c857bb129ff794935cf6d42c82a6cff60526fe2a63593de4d0d4f"
dependencies = [ dependencies = [
"memchr", "memchr",
"serde", "serde",
@ -611,7 +611,7 @@ dependencies = [
"mailchecker", "mailchecker",
"mime_guess", "mime_guess",
"qrcode-generator", "qrcode-generator",
"rand 0.9.1", "rand 0.9.0",
"serde", "serde",
"serde_json", "serde_json",
"serde_yaml", "serde_yaml",
@ -715,9 +715,9 @@ dependencies = [
[[package]] [[package]]
name = "brotli" name = "brotli"
version = "8.0.1" version = "7.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9991eea70ea4f293524138648e41ee89b0b2b12ddef3b255effa43c8056e0e0d" checksum = "cc97b8f16f944bba54f0433f07e30be199b6dc2bd25937444bbad560bcea29bd"
dependencies = [ dependencies = [
"alloc-no-stdlib", "alloc-no-stdlib",
"alloc-stdlib", "alloc-stdlib",
@ -726,9 +726,9 @@ dependencies = [
[[package]] [[package]]
name = "brotli-decompressor" name = "brotli-decompressor"
version = "5.0.0" version = "4.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "874bb8112abecc98cbd6d81ea4fa7e94fb9449648c93cc89aa40c81c24d7de03" checksum = "74fa05ad7d803d413eb8380983b092cbbaf9a85f151b871360e7b00cd7060b37"
dependencies = [ dependencies = [
"alloc-no-stdlib", "alloc-no-stdlib",
"alloc-stdlib", "alloc-stdlib",
@ -792,9 +792,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]] [[package]]
name = "chrono" name = "chrono"
version = "0.4.41" version = "0.4.40"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c469d952047f47f91b68d1cba3f10d63c11d73e4636f24f08daf0278abf01c4d" checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c"
dependencies = [ dependencies = [
"android-tzdata", "android-tzdata",
"iana-time-zone", "iana-time-zone",
@ -816,9 +816,9 @@ dependencies = [
[[package]] [[package]]
name = "clap" name = "clap"
version = "4.5.40" version = "4.5.35"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "40b6887a1d8685cebccf115538db5c0efe625ccac9696ad45c409d96566e910f" checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944"
dependencies = [ dependencies = [
"clap_builder", "clap_builder",
"clap_derive", "clap_derive",
@ -826,9 +826,9 @@ dependencies = [
[[package]] [[package]]
name = "clap_builder" name = "clap_builder"
version = "4.5.40" version = "4.5.35"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e0c66c08ce9f0c698cbce5c0279d0bb6ac936d8674174fe48f736533b964f59e" checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9"
dependencies = [ dependencies = [
"anstream", "anstream",
"anstyle", "anstyle",
@ -838,9 +838,9 @@ dependencies = [
[[package]] [[package]]
name = "clap_derive" name = "clap_derive"
version = "4.5.40" version = "4.5.32"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2c7947ae4cc3d851207c1adb5b5e260ff0cca11446b1d6d1423788e442257ce" checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7"
dependencies = [ dependencies = [
"heck", "heck",
"proc-macro2", "proc-macro2",
@ -2020,7 +2020,7 @@ dependencies = [
"base64 0.22.1", "base64 0.22.1",
"bincode", "bincode",
"log", "log",
"rand 0.9.1", "rand 0.9.0",
"reqwest", "reqwest",
"serde", "serde",
"serde_json", "serde_json",
@ -2521,12 +2521,13 @@ dependencies = [
[[package]] [[package]]
name = "rand" name = "rand"
version = "0.9.1" version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94"
dependencies = [ dependencies = [
"rand_chacha 0.9.0", "rand_chacha 0.9.0",
"rand_core 0.9.3", "rand_core 0.9.3",
"zerocopy",
] ]
[[package]] [[package]]
@ -2917,9 +2918,9 @@ dependencies = [
[[package]] [[package]]
name = "sha2" name = "sha2"
version = "0.10.9" version = "0.10.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"cpufeatures", "cpufeatures",
@ -3177,9 +3178,9 @@ dependencies = [
[[package]] [[package]]
name = "tokio" name = "tokio"
version = "1.45.0" version = "1.44.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2513ca694ef9ede0fb23fe71a4ee4107cb102b9dc1930f6d0fd77aae068ae165" checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
dependencies = [ dependencies = [
"backtrace", "backtrace",
"bytes", "bytes",
@ -3397,14 +3398,12 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
[[package]] [[package]]
name = "uuid" name = "uuid"
version = "1.17.0" version = "1.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3cf4199d1e5d15ddd86a694e4d0dffa9c323ce759fea589f00fef9d81cc1931d" checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
dependencies = [ dependencies = [
"getrandom 0.3.2", "getrandom 0.3.2",
"js-sys",
"serde", "serde",
"wasm-bindgen",
] ]
[[package]] [[package]]

28
Cargo.toml

@ -8,35 +8,35 @@ edition = "2024"
[dependencies] [dependencies]
actix = "0.13.5" actix = "0.13.5"
actix-identity = "0.8.0" actix-identity = "0.8.0"
actix-web = "4.11.0" actix-web = "4.10.2"
actix-session = { version = "0.10.1", features = ["cookie-session"] } actix-session = { version = "0.10.1", features = ["cookie-session"] }
actix-remote-ip = "0.1.0" actix-remote-ip = "0.1.0"
clap = { version = "4.5.40", features = ["derive", "env"] } clap = { version = "4.5.35", features = ["derive", "env"] }
include_dir = "0.7.4" include_dir = "0.7.4"
log = "0.4.27" log = "0.4.27"
serde_json = "1.0.140" serde_json = "1.0.128"
serde_yaml = "0.9.34" serde_yaml = "0.9.34"
env_logger = "0.11.8" env_logger = "0.11.8"
serde = { version = "1.0.219", features = ["derive"] } serde = { version = "1.0.219", features = ["derive"] }
bcrypt = "0.17.0" bcrypt = "0.17.0"
uuid = { version = "1.17.0", features = ["v4"] } uuid = { version = "1.8.0", features = ["v4"] }
mime_guess = "2.0.5" mime_guess = "2.0.4"
askama = "0.14.0" askama = "0.13.0"
futures-util = "0.3.31" futures-util = "0.3.30"
urlencoding = "2.1.3" urlencoding = "2.1.3"
rand = "0.9.1" rand = "0.9.0"
base64 = "0.22.1" base64 = "0.22.1"
jwt-simple = { version = "0.12.12", default-features = false, features = ["pure-rust"] } jwt-simple = { version = "0.12.12", default-features = false, features = ["pure-rust"] }
digest = "0.10.7" digest = "0.10.7"
sha2 = "0.10.9" sha2 = "0.10.8"
lazy-regex = "3.4.1" lazy-regex = "3.4.1"
totp_rfc6238 = "0.6.1" totp_rfc6238 = "0.6.0"
base32 = "0.5.1" base32 = "0.5.1"
qrcode-generator = "5.0.0" qrcode-generator = "5.0.0"
webauthn-rs = { version = "0.5.1", features = ["danger-allow-state-serialisation"] } webauthn-rs = { version = "0.5.0", features = ["danger-allow-state-serialisation"] }
url = "2.5.4" url = "2.5.0"
light-openid = { version = "1.0.4", features = ["crypto-wrapper"] } light-openid = { version = "1.0.4", features = ["crypto-wrapper"] }
bincode = "2.0.1" bincode = "2.0.1"
chrono = "0.4.41" chrono = "0.4.40"
lazy_static = "1.5.0" lazy_static = "1.5.0"
mailchecker = "6.0.17" mailchecker = "6.0.8"

33
src/actors/users_actor.rs

@ -151,7 +151,7 @@ impl Handler<LocalLoginRequest> for UsersActor {
fn handle(&mut self, msg: LocalLoginRequest, _ctx: &mut Self::Context) -> Self::Result { fn handle(&mut self, msg: LocalLoginRequest, _ctx: &mut Self::Context) -> Self::Result {
match self.manager.find_by_username_or_email(&msg.login) { match self.manager.find_by_username_or_email(&msg.login) {
Err(e) => { Err(e) => {
log::error!("Failed to find user! {e}"); log::error!("Failed to find user! {}", e);
MessageResult(LoginResult::Error) MessageResult(LoginResult::Error)
} }
Ok(None) => MessageResult(LoginResult::AccountNotFound), Ok(None) => MessageResult(LoginResult::AccountNotFound),
@ -184,7 +184,7 @@ impl Handler<ProviderLoginRequest> for UsersActor {
fn handle(&mut self, msg: ProviderLoginRequest, _ctx: &mut Self::Context) -> Self::Result { fn handle(&mut self, msg: ProviderLoginRequest, _ctx: &mut Self::Context) -> Self::Result {
match self.manager.find_by_email(&msg.email) { match self.manager.find_by_email(&msg.email) {
Err(e) => { Err(e) => {
log::error!("Failed to find user! {e}"); log::error!("Failed to find user! {}", e);
MessageResult(LoginResult::Error) MessageResult(LoginResult::Error)
} }
Ok(None) => MessageResult(LoginResult::AccountNotFound), Ok(None) => MessageResult(LoginResult::AccountNotFound),
@ -210,7 +210,7 @@ impl Handler<CreateAccount> for UsersActor {
match self.manager.create_user_account(msg.0) { match self.manager.create_user_account(msg.0) {
Ok(id) => Some(id), Ok(id) => Some(id),
Err(e) => { Err(e) => {
log::error!("Failed to create user account! {e}"); log::error!("Failed to create user account! {}", e);
None None
} }
} }
@ -227,7 +227,7 @@ impl Handler<ChangePasswordRequest> for UsersActor {
{ {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to change user password! {e:?}"); log::error!("Failed to change user password! {:?}", e);
false false
} }
} }
@ -241,7 +241,7 @@ impl Handler<Add2FAFactor> for UsersActor {
match self.manager.add_2fa_factor(&msg.0, msg.1) { match self.manager.add_2fa_factor(&msg.0, msg.1) {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to add 2FA factor! {e}"); log::error!("Failed to add 2FA factor! {}", e);
false false
} }
} }
@ -255,7 +255,7 @@ impl Handler<Remove2FAFactor> for UsersActor {
match self.manager.remove_2fa_factor(&msg.0, msg.1) { match self.manager.remove_2fa_factor(&msg.0, msg.1) {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to remove 2FA factor! {e}"); log::error!("Failed to remove 2FA factor! {}", e);
false false
} }
} }
@ -272,7 +272,7 @@ impl Handler<AddSuccessful2FALogin> for UsersActor {
{ {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to save successful 2FA authentication! {e}"); log::error!("Failed to save successful 2FA authentication! {}", e);
false false
} }
} }
@ -309,7 +309,10 @@ impl Handler<SetAuthorizedAuthenticationSources> for UsersActor {
{ {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to set authorized authentication sources for user! {e}"); log::error!(
"Failed to set authorized authentication sources for user! {}",
e
);
false false
} }
} }
@ -322,7 +325,7 @@ impl Handler<SetGrantedClients> for UsersActor {
match self.manager.set_granted_2fa_clients(&msg.0, msg.1) { match self.manager.set_granted_2fa_clients(&msg.0, msg.1) {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to set granted 2FA clients! {e}"); log::error!("Failed to set granted 2FA clients! {}", e);
false false
} }
} }
@ -336,7 +339,7 @@ impl Handler<GetUserRequest> for UsersActor {
MessageResult(GetUserResult(match self.manager.find_by_user_id(&msg.0) { MessageResult(GetUserResult(match self.manager.find_by_user_id(&msg.0) {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
log::error!("Failed to find user by id! {e}"); log::error!("Failed to find user by id! {}", e);
None None
} }
})) }))
@ -350,7 +353,7 @@ impl Handler<VerifyUserPasswordRequest> for UsersActor {
self.manager self.manager
.verify_user_password(&msg.0, &msg.1) .verify_user_password(&msg.0, &msg.1)
.unwrap_or_else(|e| { .unwrap_or_else(|e| {
log::error!("Failed to verify user password! {e}"); log::error!("Failed to verify user password! {}", e);
false false
}) })
} }
@ -364,7 +367,7 @@ impl Handler<FindUserByUsername> for UsersActor {
self.manager self.manager
.find_by_username_or_email(&msg.0) .find_by_username_or_email(&msg.0)
.unwrap_or_else(|e| { .unwrap_or_else(|e| {
log::error!("Failed to find user by username or email! {e}"); log::error!("Failed to find user by username or email! {}", e);
None None
}), }),
)) ))
@ -378,7 +381,7 @@ impl Handler<GetAllUsers> for UsersActor {
match self.manager.get_entire_users_list() { match self.manager.get_entire_users_list() {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
log::error!("Failed to get entire users list! {e}"); log::error!("Failed to get entire users list! {}", e);
vec![] vec![]
} }
} }
@ -392,7 +395,7 @@ impl Handler<UpdateUserSettings> for UsersActor {
match self.manager.set_general_user_settings(msg.0) { match self.manager.set_general_user_settings(msg.0) {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to update general user information! {e:?}"); log::error!("Failed to update general user information! {:?}", e);
false false
} }
} }
@ -406,7 +409,7 @@ impl Handler<DeleteUserRequest> for UsersActor {
match self.manager.delete_account(&msg.0) { match self.manager.delete_account(&msg.0) {
Ok(_) => true, Ok(_) => true,
Err(e) => { Err(e) => {
log::error!("Failed to delete user account! {e}"); log::error!("Failed to delete user account! {}", e);
false false
} }
} }

2
src/controllers/login_api.rs

@ -47,7 +47,7 @@ pub async fn auth_webauthn(
HttpResponse::Ok().body("You are authenticated!") HttpResponse::Ok().body("You are authenticated!")
} }
Err(e) => { Err(e) => {
log::error!("Failed to authenticate user using webauthn! {e:?}"); log::error!("Failed to authenticate user using webauthn! {:?}", e);
logger.log(Action::LoginWebauthnAttempt { logger.log(Action::LoginWebauthnAttempt {
success: false, success: false,
user_id, user_id,

11
src/controllers/login_controller.rs

@ -190,7 +190,12 @@ pub async fn login_route(
} }
c => { c => {
log::warn!("Failed login for ip {remote_ip:?} / username {login}: {c:?}"); log::warn!(
"Failed login for ip {:?} / username {}: {:?}",
remote_ip,
login,
c
);
logger.log(Action::FailedLoginWithBadCredentials(&login)); logger.log(Action::FailedLoginWithBadCredentials(&login));
danger = Some("Login failed.".to_string()); danger = Some("Login failed.".to_string());
@ -469,7 +474,7 @@ pub async fn login_with_webauthn(
let challenge = match manager.start_authentication(&user.uid, &pub_keys) { let challenge = match manager.start_authentication(&user.uid, &pub_keys) {
Ok(c) => c, Ok(c) => c,
Err(e) => { Err(e) => {
log::error!("Failed to generate webauthn challenge! {e:?}"); log::error!("Failed to generate webauthn challenge! {:?}", e);
return HttpResponse::InternalServerError().body(build_fatal_error_page( return HttpResponse::InternalServerError().body(build_fatal_error_page(
"Failed to generate webauthn challenge", "Failed to generate webauthn challenge",
)); ));
@ -479,7 +484,7 @@ pub async fn login_with_webauthn(
let challenge_json = match serde_json::to_string(&challenge.login_challenge) { let challenge_json = match serde_json::to_string(&challenge.login_challenge) {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
log::error!("Failed to serialize challenge! {e:?}"); log::error!("Failed to serialize challenge! {:?}", e);
return HttpResponse::InternalServerError().body("Failed to serialize challenge!"); return HttpResponse::InternalServerError().body("Failed to serialize challenge!");
} }
}; };

18
src/controllers/openid_controller.rs

@ -111,7 +111,12 @@ pub struct AuthorizeQuery {
} }
fn error_redirect(query: &AuthorizeQuery, error: &str, description: &str) -> HttpResponse { fn error_redirect(query: &AuthorizeQuery, error: &str, description: &str) -> HttpResponse {
log::warn!("Failed to process sign in request ({error} => {description}): {query:?}"); log::warn!(
"Failed to process sign in request ({} => {}): {:?}",
error,
description,
query
);
HttpResponse::Found() HttpResponse::Found()
.append_header(( .append_header((
"Location", "Location",
@ -238,7 +243,7 @@ pub async fn authorize(
.await .await
.unwrap(); .unwrap();
log::trace!("New OpenID session: {session:#?}"); log::trace!("New OpenID session: {:#?}", session);
logger.log(Action::NewOpenIDSession { client: &client }); logger.log(Action::NewOpenIDSession { client: &client });
Ok(HttpResponse::Found() Ok(HttpResponse::Found()
@ -314,7 +319,12 @@ struct ErrorResponse {
} }
pub fn error_response<D: Debug>(query: &D, error: &str, description: &str) -> HttpResponse { pub fn error_response<D: Debug>(query: &D, error: &str, description: &str) -> HttpResponse {
log::warn!("request failed: {error} - {description} => '{query:#?}'"); log::warn!(
"request failed: {} - {} => '{:#?}'",
error,
description,
query
);
HttpResponse::BadRequest().json(ErrorResponse { HttpResponse::BadRequest().json(ErrorResponse {
error: error.to_string(), error: error.to_string(),
error_description: description.to_string(), error_description: description.to_string(),
@ -379,7 +389,7 @@ pub async fn token(
let decode = String::from_utf8_lossy(&match BASE64_STANDARD.decode(token) { let decode = String::from_utf8_lossy(&match BASE64_STANDARD.decode(token) {
Ok(d) => d, Ok(d) => d,
Err(e) => { Err(e) => {
log::error!("Failed to decode authorization header: {e:?}"); log::error!("Failed to decode authorization header: {:?}", e);
return Ok(error_response( return Ok(error_response(
&query, &query,
"invalid_request", "invalid_request",

10
src/controllers/providers_controller.rs

@ -96,14 +96,14 @@ pub async fn start_login(
let config = match ProviderConfigurationHelper::get_configuration(&provider).await { let config = match ProviderConfigurationHelper::get_configuration(&provider).await {
Ok(c) => c, Ok(c) => c,
Err(e) => { Err(e) => {
log::error!("Failed to load provider configuration! {e}"); log::error!("Failed to load provider configuration! {}", e);
return HttpResponse::InternalServerError().body(build_fatal_error_page( return HttpResponse::InternalServerError().body(build_fatal_error_page(
"Failed to load provider configuration!", "Failed to load provider configuration!",
)); ));
} }
}; };
log::debug!("Provider configuration: {config:?}"); log::debug!("Provider configuration: {:?}", config);
let url = config.auth_url(&provider, &state); let url = config.auth_url(&provider, &state);
log::debug!("Redirect user on {url} for authentication",); log::debug!("Redirect user on {url} for authentication",);
@ -210,7 +210,7 @@ pub async fn finish_login(
let provider_config = match ProviderConfigurationHelper::get_configuration(&provider).await { let provider_config = match ProviderConfigurationHelper::get_configuration(&provider).await {
Ok(c) => c, Ok(c) => c,
Err(e) => { Err(e) => {
log::error!("Failed to load provider configuration! {e}"); log::error!("Failed to load provider configuration! {}", e);
return HttpResponse::InternalServerError().body(build_fatal_error_page( return HttpResponse::InternalServerError().body(build_fatal_error_page(
"Failed to load provider configuration!", "Failed to load provider configuration!",
)); ));
@ -222,7 +222,7 @@ pub async fn finish_login(
let token = match token { let token = match token {
Ok(t) => t, Ok(t) => t,
Err(e) => { Err(e) => {
log::error!("Failed to retrieve login token! {e:?}"); log::error!("Failed to retrieve login token! {:?}", e);
bruteforce bruteforce
.send(bruteforce_actor::RecordFailedAttempt { .send(bruteforce_actor::RecordFailedAttempt {
@ -247,7 +247,7 @@ pub async fn finish_login(
let user_info = match provider_config.get_userinfo(&token).await { let user_info = match provider_config.get_userinfo(&token).await {
Ok(info) => info, Ok(info) => info,
Err(e) => { Err(e) => {
log::error!("Failed to retrieve user information! {e:?}"); log::error!("Failed to retrieve user information! {:?}", e);
logger.log(Action::ProviderFailedGetUserInfo { logger.log(Action::ProviderFailedGetUserInfo {
provider: &provider, provider: &provider,

2
src/controllers/two_factor_api.rs

@ -94,7 +94,7 @@ pub async fn save_webauthn_factor(
let key = match manager.finish_registration(&user, &form.0.opaque_state, form.0.credential) { let key = match manager.finish_registration(&user, &form.0.opaque_state, form.0.credential) {
Ok(k) => k, Ok(k) => k,
Err(e) => { Err(e) => {
log::error!("Failed to register security key! {e:?}"); log::error!("Failed to register security key! {:?}", e);
return HttpResponse::InternalServerError().body("Failed to register key!"); return HttpResponse::InternalServerError().body("Failed to register key!");
} }
}; };

6
src/controllers/two_factors_controller.rs

@ -68,7 +68,7 @@ pub async fn add_totp_factor_route(_critical: CriticalRoute, user: CurrentUser)
let qr_code = match qr_code { let qr_code = match qr_code {
Ok(q) => q, Ok(q) => q,
Err(e) => { Err(e) => {
log::error!("Failed to generate QrCode! {e:?}"); log::error!("Failed to generate QrCode! {:?}", e);
return HttpResponse::InternalServerError().body("Failed to generate QrCode!"); return HttpResponse::InternalServerError().body("Failed to generate QrCode!");
} }
}; };
@ -95,7 +95,7 @@ pub async fn add_webauthn_factor_route(
let registration_request = match manager.start_register(&user) { let registration_request = match manager.start_register(&user) {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
log::error!("Failed to request new key! {e:?}"); log::error!("Failed to request new key! {:?}", e);
return HttpResponse::InternalServerError() return HttpResponse::InternalServerError()
.body("Failed to generate request for registration!"); .body("Failed to generate request for registration!");
} }
@ -104,7 +104,7 @@ pub async fn add_webauthn_factor_route(
let challenge_json = match serde_json::to_string(&registration_request.creation_challenge) { let challenge_json = match serde_json::to_string(&registration_request.creation_challenge) {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
log::error!("Failed to serialize challenge! {e:?}"); log::error!("Failed to serialize challenge! {:?}", e);
return HttpResponse::InternalServerError().body("Failed to serialize challenge!"); return HttpResponse::InternalServerError().body("Failed to serialize challenge!");
} }
}; };

3
src/data/action_logger.rs

@ -156,7 +156,8 @@ impl Action<'_> {
.to_string() .to_string()
} }
Action::ProviderFailedGetToken { state, code } => format!( Action::ProviderFailedGetToken { state, code } => format!(
"could not complete login from provider because the id_token could not be retrieved! (state={state:?} code = {code})" "could not complete login from provider because the id_token could not be retrieved! (state={:?} code = {code})",
state
), ),
Action::ProviderFailedGetUserInfo { provider } => format!( Action::ProviderFailedGetUserInfo { provider } => format!(
"could not get user information from userinfo endpoint of provider {}!", "could not get user information from userinfo endpoint of provider {}!",

17
src/data/code_challenge.rs

@ -22,7 +22,7 @@ impl CodeChallenge {
encoded.eq(&self.code_challenge) encoded.eq(&self.code_challenge)
} }
s => { s => {
log::error!("Unknown code challenge method: {s}"); log::error!("Unknown code challenge method: {}", s);
false false
} }
} }
@ -40,8 +40,8 @@ mod test {
code_challenge: "text1".to_string(), code_challenge: "text1".to_string(),
}; };
assert!(chal.verify_code("text1")); assert_eq!(true, chal.verify_code("text1"));
assert!(!chal.verify_code("text2")); assert_eq!(false, chal.verify_code("text2"));
} }
#[test] #[test]
@ -51,8 +51,8 @@ mod test {
code_challenge: "uSOvC48D8TMh6RgW-36XppMlMgys-6KAE_wEIev9W2g".to_string(), code_challenge: "uSOvC48D8TMh6RgW-36XppMlMgys-6KAE_wEIev9W2g".to_string(),
}; };
assert!(chal.verify_code("HIwht3lCHfnsruA+7Sq8NP2mPj5cBZe0Ewf23eK9UQhK4TdCIt3SK7Fr/giCdnfjxYQILOPG2D562emggAa2lA==")); assert_eq!(true, chal.verify_code("HIwht3lCHfnsruA+7Sq8NP2mPj5cBZe0Ewf23eK9UQhK4TdCIt3SK7Fr/giCdnfjxYQILOPG2D562emggAa2lA=="));
assert!(!chal.verify_code("text1")); assert_eq!(false, chal.verify_code("text1"));
} }
#[test] #[test]
@ -62,7 +62,10 @@ mod test {
code_challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM".to_string(), code_challenge: "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM".to_string(),
}; };
assert!(chal.verify_code("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")); assert_eq!(
assert!(!chal.verify_code("text1")); true,
chal.verify_code("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")
);
assert_eq!(false, chal.verify_code("text1"));
} }
} }

4
src/data/session_identity.rs

@ -46,7 +46,7 @@ impl SessionIdentity<'_> {
.map(|f| match f { .map(|f| match f {
Ok(d) => Some(d), Ok(d) => Some(d),
Err(e) => { Err(e) => {
log::warn!("Failed to deserialize session data! {e:?}"); log::warn!("Failed to deserialize session data! {:?}", e);
None None
} }
}) })
@ -65,7 +65,7 @@ impl SessionIdentity<'_> {
log::debug!("Will set user session data."); log::debug!("Will set user session data.");
if let Err(e) = Identity::login(&req.extensions(), s) { if let Err(e) = Identity::login(&req.extensions(), s) {
log::error!("Failed to set session data! {e}"); log::error!("Failed to set session data! {}", e);
} }
log::debug!("Did set user session data."); log::debug!("Did set user session data.");
} }

5
src/data/totp_key.rs

@ -1,3 +1,5 @@
use std::io::ErrorKind;
use base32::Alphabet; use base32::Alphabet;
use rand::Rng; use rand::Rng;
use totp_rfc6238::{HashAlgorithm, TotpGenerator}; use totp_rfc6238::{HashAlgorithm, TotpGenerator};
@ -88,7 +90,8 @@ impl TotpKey {
let key = match base32::decode(BASE32_ALPHABET, &self.encoded) { let key = match base32::decode(BASE32_ALPHABET, &self.encoded) {
None => { None => {
return Err(Box::new(std::io::Error::other( return Err(Box::new(std::io::Error::new(
ErrorKind::Other,
"Failed to decode base32 secret!", "Failed to decode base32 secret!",
))); )));
} }

4
src/data/users_file_entity.rs

@ -18,7 +18,7 @@ impl EntityManager<User> {
}; };
if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) { if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
log::error!("Failed to update user information! {e:?}"); log::error!("Failed to update user information! {:?}", e);
return Err(e); return Err(e);
} }
@ -34,7 +34,7 @@ fn verify_password<P: AsRef<[u8]>>(pwd: P, hash: &str) -> bool {
match bcrypt::verify(pwd, hash) { match bcrypt::verify(pwd, hash) {
Ok(r) => r, Ok(r) => r,
Err(e) => { Err(e) => {
log::warn!("Failed to verify password! {e:?}"); log::warn!("Failed to verify password! {:?}", e);
false false
} }
} }

21
src/data/webauthn_manager.rs

@ -1,3 +1,4 @@
use std::io::ErrorKind;
use std::sync::Arc; use std::sync::Arc;
use actix_web::web; use actix_web::web;
@ -108,11 +109,17 @@ impl WebAuthManager {
) -> Res<WebauthnPubKey> { ) -> Res<WebauthnPubKey> {
let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?; let state: RegisterKeyOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
if state.user_id != user.uid { if state.user_id != user.uid {
return Err(Box::new(std::io::Error::other("Invalid user for pubkey!"))); return Err(Box::new(std::io::Error::new(
ErrorKind::Other,
"Invalid user for pubkey!",
)));
} }
if state.expire < time() { if state.expire < time() {
return Err(Box::new(std::io::Error::other("Challenge has expired!"))); return Err(Box::new(std::io::Error::new(
ErrorKind::Other,
"Challenge has expired!",
)));
} }
let res = self.core.finish_passkey_registration( let res = self.core.finish_passkey_registration(
@ -150,11 +157,17 @@ impl WebAuthManager {
) -> Res { ) -> Res {
let state: AuthStateOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?; let state: AuthStateOpaqueData = self.crypto_wrapper.decrypt(opaque_state)?;
if &state.user_id != user_id { if &state.user_id != user_id {
return Err(Box::new(std::io::Error::other("Invalid user for pubkey!"))); return Err(Box::new(std::io::Error::new(
ErrorKind::Other,
"Invalid user for pubkey!",
)));
} }
if state.expire < time() { if state.expire < time() {
return Err(Box::new(std::io::Error::other("Challenge has expired!"))); return Err(Box::new(std::io::Error::new(
ErrorKind::Other,
"Challenge has expired!",
)));
} }
self.core.finish_passkey_authentication( self.core.finish_passkey_authentication(

2
src/main.rs

@ -51,7 +51,7 @@ async fn main() -> std::io::Result<()> {
// Create initial user if required // Create initial user if required
if users.is_empty() { if users.is_empty() {
log::info!("Create default {DEFAULT_ADMIN_USERNAME} user"); log::info!("Create default {} user", DEFAULT_ADMIN_USERNAME);
let default_admin = User { let default_admin = User {
username: DEFAULT_ADMIN_USERNAME.to_string(), username: DEFAULT_ADMIN_USERNAME.to_string(),
authorized_clients: None, authorized_clients: None,

9
src/middlewares/auth_middleware.rs

@ -97,7 +97,10 @@ where
.unwrap_or("bad") .unwrap_or("bad")
.eq(&AppConfig::get().website_origin) .eq(&AppConfig::get().website_origin)
{ {
log::warn!("Blocked POST request from invalid origin! Origin given {o:?}"); log::warn!(
"Blocked POST request from invalid origin! Origin given {:?}",
o
);
return Ok(req.into_response( return Ok(req.into_response(
HttpResponse::Unauthorized() HttpResponse::Unauthorized()
.body("POST request from invalid origin!") .body("POST request from invalid origin!")
@ -130,8 +133,8 @@ where
_ => ConnStatus::SignedOut, _ => ConnStatus::SignedOut,
}; };
log::trace!("Connection data: {session_data:#?}"); log::trace!("Connection data: {:#?}", session_data);
log::debug!("Connection status: {session:?}"); log::debug!("Connection status: {:?}", session);
// Redirect user to login page // Redirect user to login page
if !session.is_auth() if !session.is_auth()

4
src/utils/string_utils.rs

@ -47,7 +47,7 @@ mod test {
unsafe { unsafe {
env::set_var(VAR_ONE, "good"); env::set_var(VAR_ONE, "good");
} }
let src = format!("This is ${{{VAR_ONE}}}"); let src = format!("This is ${{{}}}", VAR_ONE);
assert_eq!("This is good", apply_env_vars(&src)); assert_eq!("This is good", apply_env_vars(&src));
} }
@ -55,7 +55,7 @@ mod test {
#[test] #[test]
fn test_invalid_var_syntax() { fn test_invalid_var_syntax() {
let src = format!("This is ${{{VAR_INVALID}}}"); let src = format!("This is ${{{}}}", VAR_INVALID);
assert_eq!(src, apply_env_vars(&src)); assert_eq!(src, apply_env_vars(&src));
} }