removing some todos

bruno-ortiz · Jan 19, 2024 · 67ab1e1 · 67ab1e1
1 parent 79e8b1a
commit 67ab1e1
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 14 deletions.
diff --git a/core/src/authorisation_request.rs b/core/src/authorisation_request.rs
@@ -137,7 +137,6 @@ impl AuthorisationRequest {
                 ));
             }
         }
-        //TODO: claims should come from the request or the request_object
         let claims = match parse_claims(configuration, &this) {
             Ok(c) => c,
             Err(err) => return Err((err, this)),

diff --git a/core/src/configuration/provider.rs b/core/src/configuration/provider.rs
@@ -86,7 +86,7 @@ pub struct OpenIDProviderConfiguration {
     interaction_base_url: Box<dyn Fn(&Self) -> &Url + Send + Sync>,
     #[builder(setter(skip))]
     interaction_url_resolver: InteractionUrlResolver,
-    subject_types_supported: Vec<SubjectType>, //TODO: create subject type resolvers
+    subject_types_supported: Vec<SubjectType>, //TODO: check subject type on dynamic client registration
     #[getset(skip)]
     #[get_copy = "pub"]
     auth_max_age: u64,

diff --git a/core/src/configuration/ttl.rs b/core/src/configuration/ttl.rs
@@ -3,8 +3,6 @@ use time::Duration;
 
 use crate::models::client::{AuthenticatedClient, ClientInformation};
 
-//todo: allow generic params to be passed to this function
-// this can allow the duration to be parameterized with a consent duration for example;
 type TTLResolver = Box<dyn Fn(&ClientInformation) -> Duration + Send + Sync>;
 type AsyncTTLResolver = Box<dyn Fn(&AuthenticatedClient) -> BoxFuture<Duration> + Send + Sync>;
 

diff --git a/core/src/grant_type/refresh_token.rs b/core/src/grant_type/refresh_token.rs
@@ -23,15 +23,14 @@ impl GrantTypeResolver for RefreshTokenGrant {
     async fn execute(self, client: AuthenticatedClient) -> Result<TokenResponse, OpenIdError> {
         let configuration = OpenIDProviderConfiguration::instance();
         let clock = configuration.clock_provider();
-        let grant = self;
+        let grant_type = self;
 
         let mut refresh_token = configuration
             .adapters()
             .refresh()
-            .find(&grant.refresh_token)
+            .find(&grant_type.refresh_token)
             .await
-            .ok_or_else(|| OpenIdError::invalid_grant("Refresh token not found"))?
-            .validate()?;
+            .ok_or_else(|| OpenIdError::invalid_grant("Refresh token not found"))?;
 
         let grant = Grant::find(refresh_token.grant_id)
             .await
@@ -42,6 +41,11 @@ impl GrantTypeResolver for RefreshTokenGrant {
                 "Client mismatch for refresh token",
             ));
         }
+        if let Err(err) = refresh_token.validate() {
+            // invalidate entire token chain
+            grant.consume().await?;
+            return Err(err);
+        }
 
         let context = RTContext {
             config: configuration,

diff --git a/core/src/models/refresh_token.rs b/core/src/models/refresh_token.rs
@@ -67,15 +67,14 @@ impl RefreshToken {
             .map_err(OpenIdError::server_error)
     }
 
-    pub fn validate(self) -> Result<Self, OpenIdError> {
+    pub fn validate(&self) -> Result<(), OpenIdError> {
         if self.status == Status::Consumed {
-            //TODO: invalidate entire token chain
             return Err(OpenIdError::invalid_grant("Refresh token already used"));
         }
         if self.is_expired() {
             return Err(OpenIdError::invalid_grant("Refresh token is expired"));
         }
-        Ok(self)
+        Ok(())
     }
 
     pub fn total_lifetime(&self) -> Duration {

diff --git a/core/src/pairwise.rs b/core/src/pairwise.rs
@@ -3,7 +3,7 @@ use thiserror::Error;
 use url::{Host, Url};
 
 use oidc_types::client::ClientID;
-use oidc_types::password_hasher::PasswordHasher;
+use oidc_types::password_hasher::{HashingError, PasswordHasher};
 use oidc_types::subject::Subject;
 
 use crate::configuration::OpenIDProviderConfiguration;
@@ -19,6 +19,8 @@ pub enum PairwiseError {
     InvalidDomain(Url),
     #[error("Host not found for uri: {}", .0)]
     HostNotFound(Url),
+    #[error("Error calculating hash for pairwise sub: {}", .0)]
+    Hashing(#[from] HashingError),
 }
 
 #[derive(Clone)]
@@ -58,7 +60,7 @@ impl PairwiseResolver {
             let hasher = config.secret_hasher();
             let sector_identifier = select_sector_identifier(client)?;
             let sub = [sector_identifier.as_bytes(), subject.as_ref()].concat();
-            let hash = hasher.hash(&sub).expect("Fix later");
+            let hash = hasher.hash(&sub)?;
             Ok(PairwiseSubject(Subject::new(hash)))
         })
     }

diff --git a/types/src/password_hasher.rs b/types/src/password_hasher.rs
@@ -6,7 +6,7 @@ use thiserror::Error;
 
 const SALT_LEN: usize = 16;
 
-#[derive(Debug, Error)]
+#[derive(Debug, Error, Clone)]
 pub enum HashingError {
     #[error("Error decoding hash: {}", .0)]
     DecodeError(#[from] DecodeError),