Update Rust crate chrono to 0.4.44

Cargo.lock

@@ -368,22 +368,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "43d5b281e737544384e969a5ccad3f1cdd24b48086a0fc1b2a5262a26b8f4f4a"
 dependencies = [
  "anstyle",
- "anstyle-parse 0.2.7",
- "anstyle-query",
- "anstyle-wincon",
- "colorchoice",
- "is_terminal_polyfill",
- "utf8parse",
-]
-
-[[package]]
-name = "anstream"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d"
-dependencies = [
- "anstyle",
- "anstyle-parse 1.0.0",
+ "anstyle-parse",
  "anstyle-query",
  "anstyle-wincon",
  "colorchoice",
@@ -406,15 +391,6 @@ dependencies = [
  "utf8parse",
 ]
 
-[[package]]
-name = "anstyle-parse"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e"
-dependencies = [
- "utf8parse",
-]
-
 [[package]]
 name = "anstyle-query"
 version = "1.1.5"
@@ -678,13 +654,13 @@ dependencies = [
 
 [[package]]
 name = "bcrypt"
-version = "0.19.0"
+version = "0.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "523ab528ce3a7ada6597f8ccf5bd8d85ebe26d5edf311cad4d1d3cfb2d357ac6"
+checksum = "9a0f5948f30df5f43ac29d310b7476793be97c50787e6ef4a63d960a0d0be827"
 dependencies = [
  "base64 0.22.1",
  "blowfish",
- "getrandom 0.4.1",
+ "getrandom 0.3.4",
  "subtle",
  "zeroize",
 ]
@@ -900,9 +876,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.6.0"
+version = "4.5.60"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b193af5b67834b676abd72466a96c1024e6a6ad978a1f484bd90b85c94041351"
+checksum = "2797f34da339ce31042b27d23607e051786132987f595b02ba4f6a6dffb7030a"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -910,11 +886,11 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.6.0"
+version = "4.5.60"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f"
+checksum = "24a241312cea5059b13574bb9b3861cabf758b879c15190b37b6d6fd63ab6876"
 dependencies = [
- "anstream 1.0.0",
+ "anstream",
  "anstyle",
  "clap_lex",
  "strsim",
@@ -922,9 +898,9 @@ dependencies = [
 
 [[package]]
 name = "clap_derive"
-version = "4.6.0"
+version = "4.5.55"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1110bd8a634a1ab8cb04345d8d878267d57c3cf1b38d91b71af6686408bbca6a"
+checksum = "a92793da1a46a5f2a02a6f4c46c6496b28c43638adea8306fcb0caa1634f24e5"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -1308,7 +1284,7 @@ version = "0.11.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b2daee4ea451f429a58296525ddf28b45a3b64f1acf6587e2067437bb11e218d"
 dependencies = [
- "anstream 0.6.21",
+ "anstream",
  "anstyle",
  "env_filter",
  "jiff",
@@ -2255,9 +2231,9 @@ checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
 
 [[package]]
 name = "mailchecker"
-version = "6.0.20"
+version = "6.0.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e32897aec7dd28fa9a39f02a0a08e434f50e2761214e40cec745eb7c411cdb48"
+checksum = "abad4bc63045f04cfc55aa4c55d4ec0a890c377ce56463bfc2adc2bc059c4b84"
 dependencies = [
  "fast_chemail",
  "once_cell",
@@ -2750,9 +2726,9 @@ checksum = "4339fc7a1021c9c1621d87f5e3505f2805c8c105420ba2f2a4df86814590c142"
 
 [[package]]
 name = "quote"
-version = "1.0.45"
+version = "1.0.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
+checksum = "21b2ebcf727b7760c461f091f9f0f539b77b8e87f2fd88131e7f1b433b3cece4"
 dependencies = [
  "proc-macro2",
 ]
@@ -3414,9 +3390,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.117"
+version = "2.0.116"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
+checksum = "3df424c70518695237746f84cede799c9c58fcb37450d7b23716568cc8bc69cb"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3801,9 +3777,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
 
 [[package]]
 name = "uuid"
-version = "1.22.0"
+version = "1.21.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a68d3c8f01c0cfa54a75291d83601161799e4a89a39e0929f4b0354d88757a37"
+checksum = "b672338555252d43fd2240c714dc444b8c6fb0a5c5335e65a07bba7742735ddb"
 dependencies = [
  "getrandom 0.4.1",
  "js-sys",

Cargo.toml

@@ -11,15 +11,15 @@ actix-identity = "0.9.0"
 actix-web = "4.13.0"
 actix-session = { version = "0.11.0", features = ["cookie-session", "redis-session"] }
 actix-remote-ip = "0.1.0"
-clap = { version = "4.6.0", features = ["derive", "env"] }
+clap = { version = "4.5.60", features = ["derive", "env"] }
 include_dir = "0.7.4"
 log = "0.4.29"
 serde_json = "1.0.149"
 serde_yml = "0.0.12"
 env_logger = "0.11.9"
 serde = { version = "1.0.228", features = ["derive"] }
-bcrypt = "0.19.0"
-uuid = { version = "1.22.0", features = ["v4"] }
+bcrypt = "0.18.0"
+uuid = { version = "1.21.0", features = ["v4"] }
 mime_guess = "2.0.5"
 askama = "0.15.4"
 urlencoding = "2.1.3"
@@ -36,7 +36,7 @@ url = "2.5.8"
 light-openid = { version = "1.1.0", features = ["crypto-wrapper"] }
 rkyv = "0.8.15"
 chrono = "0.4.44"
-mailchecker = "6.0.20"
+mailchecker = "6.0.19"
 httpdate = "1.0.3"
 build-time = "0.1.3"
 hex = "0.4.3"

README.md

@@ -31,7 +31,7 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w
   enforce_2fa_auth: true
   # Optional, claims to be added to the ID token payload.
   # The following placeholders can be set, they will the replaced when the token is created:
-  # * {username}: username of the user
+  # * {username}: user name of the user
   # * {mail}: email address of the user
   # * {first_name}: first name of the user
   # * {last_name}: last name of the user
@@ -39,11 +39,6 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w
   claims_id_token:
     groups: ["group_{user}"]
     service: "auth"
-  # Optional, claims to be added to the access token payload
-  # The placeholders of `claims_id_token` can also be used here 
-  claims_access_token:
-    groups: ["group_{user}"]
-    service: "auth"
   # Optional, claims to be added to the user info endpoint response
   # The placeholders of `claims_id_token` can also be used here 
   claims_user_info:

src/actors/openid_sessions_actor.rs

@@ -4,10 +4,10 @@ use actix::{Actor, AsyncContext, Context, Handler};
 use crate::constants::*;
 use crate::data::access_token::AccessToken;
 use crate::data::app_config::AppConfig;
-use crate::data::client::{Client, ClientID};
+use crate::data::client::ClientID;
 use crate::data::code_challenge::CodeChallenge;
 use crate::data::jwt_signer::JWTSigner;
-use crate::data::user::{User, UserID};
+use crate::data::user::UserID;
 use crate::utils::err::Res;
 use crate::utils::string_utils::rand_str;
 use crate::utils::time_utils::time;
@@ -50,13 +50,10 @@ impl Session {
         &mut self,
         app_config: &AppConfig,
         jwt_signer: &JWTSigner,
-        user: &User,
-        client: &Client,
     ) -> Res {
         let access_token = AccessToken {
             issuer: app_config.website_origin.to_string(),
-            user,
-            client,
+            subject_identifier: self.user.clone().0,
             issued_at: time(),
             exp_time: time() + OPEN_ID_ACCESS_TOKEN_TIMEOUT,
             rand_val: rand_str(OPEN_ID_ACCESS_TOKEN_LEN),

src/controllers/openid_controller.rs

@@ -501,7 +501,13 @@ pub async fn token(
                 ));
             }
 
-            // Get user information
+            session.regenerate_access_and_refresh_tokens(AppConfig::get(), &jwt_signer)?;
+
+            sessions
+                .send(openid_sessions_actor::UpdateSession(session.clone()))
+                .await
+                .unwrap();
+
             let user: Option<User> = users
                 .send(users_actor::GetUserRequest(session.user.clone()))
                 .await
@@ -512,18 +518,6 @@ pub async fn token(
                 Some(u) => u,
             };
 
-            // Refresh access and refresh tokens
-            session.regenerate_access_and_refresh_tokens(
-                AppConfig::get(),
-                &jwt_signer,
-                &user,
-                &client,
-            )?;
-            sessions
-                .send(openid_sessions_actor::UpdateSession(session.clone()))
-                .await
-                .unwrap();
-
             // Generate id token
             let id_token = IdToken {
                 issuer: AppConfig::get().website_origin.to_string(),
@@ -580,24 +574,8 @@ pub async fn token(
                 ));
             }
 
-            // Get user information
-            let user: Option<User> = users
-                .send(users_actor::GetUserRequest(session.user.clone()))
-                .await
-                .unwrap()
-                .0;
-            let user = match user {
-                None => return Ok(error_response(&query, "invalid_request", "User not found!")),
-                Some(u) => u,
-            };
+            session.regenerate_access_and_refresh_tokens(AppConfig::get(), &jwt_signer)?;
 
-            // Regenerate user session
-            session.regenerate_access_and_refresh_tokens(
-                AppConfig::get(),
-                &jwt_signer,
-                &user,
-                &client,
-            )?;
             sessions
                 .send(openid_sessions_actor::UpdateSession(session.clone()))
                 .await

src/data/access_token.rs

@@ -1,12 +1,9 @@
-use crate::data::client::{AdditionalClaims, Client};
-use crate::data::user::User;
 use jwt_simple::claims::JWTClaims;
 use jwt_simple::prelude::Duration;
 
-pub struct AccessToken<'a> {
+pub struct AccessToken {
     pub issuer: String,
-    pub user: &'a User,
-    pub client: &'a Client,
+    pub subject_identifier: String,
     pub issued_at: u64,
     pub exp_time: u64,
     pub rand_val: String,
@@ -16,26 +13,21 @@ pub struct AccessToken<'a> {
 #[derive(serde::Serialize, serde::Deserialize)]
 pub struct CustomAccessTokenClaims {
     rand_val: String,
-    /// Additional claims
-    #[serde(skip_serializing_if = "Option::is_none")]
-    #[serde(flatten)]
-    pub additional_claims: Option<AdditionalClaims>,
 }
 
-impl<'a> AccessToken<'a> {
+impl AccessToken {
     pub fn to_jwt_claims(self) -> JWTClaims<CustomAccessTokenClaims> {
         JWTClaims {
             issued_at: Some(Duration::from_secs(self.issued_at)),
             expires_at: Some(Duration::from_secs(self.exp_time)),
             invalid_before: None,
             issuer: Some(self.issuer),
-            subject: Some(self.user.uid.0.to_string()),
+            subject: Some(self.subject_identifier),
             audiences: None,
             jwt_id: None,
             nonce: self.nonce,
             custom: CustomAccessTokenClaims {
                 rand_val: self.rand_val,
-                additional_claims: self.client.claims_access_token(self.user),
             },
         }
     }

src/data/client.rs

@@ -42,9 +42,6 @@ pub struct Client {
     /// Additional claims to return with the id token
     claims_id_token: Option<AdditionalClaims>,
 
-    /// Additional claims to return with the access token
-    claims_access_token: Option<AdditionalClaims>,
-
     /// Additional claims to return through the user info endpoint
     claims_user_info: Option<AdditionalClaims>,
 }
@@ -120,11 +117,6 @@ impl Client {
         self.process_additional_claims(user, &self.claims_id_token)
     }
 
-    /// Get additional claims for access_token for a successful authentication
-    pub fn claims_access_token(&self, user: &User) -> Option<AdditionalClaims> {
-        self.process_additional_claims(user, &self.claims_access_token)
-    }
-
     /// Get additional claims for user info for a successful authentication
     pub fn claims_user_info(&self, user: &User) -> Option<AdditionalClaims> {
         self.process_additional_claims(user, &self.claims_user_info)