diff options
Diffstat (limited to 'kittybox-rs/src/indieauth')
-rw-r--r-- | kittybox-rs/src/indieauth/mod.rs | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/kittybox-rs/src/indieauth/mod.rs b/kittybox-rs/src/indieauth/mod.rs index a059211..2c15e72 100644 --- a/kittybox-rs/src/indieauth/mod.rs +++ b/kittybox-rs/src/indieauth/mod.rs @@ -110,37 +110,37 @@ async fn authorization_endpoint_post<A: AuthBackend>( GrantRequest::AuthorizationCode { code, client_id, redirect_uri, code_verifier } => { let request: AuthorizationRequest = match backend.get_code(&code).await { Ok(Some(request)) => request, - Ok(None) => return Json(Error { + Ok(None) => return Error { kind: ErrorKind::InvalidGrant, msg: Some("The provided authorization code is invalid.".to_string()), error_uri: None - }).into_response(), + }.into_response(), Err(err) => { tracing::error!("Error retrieving auth request: {}", err); return StatusCode::INTERNAL_SERVER_ERROR.into_response(); } }; if client_id != request.client_id { - return Json(Error { + return Error { kind: ErrorKind::InvalidGrant, msg: Some("This authorization code isn't yours.".to_string()), error_uri: None - }).into_response() + }.into_response() } if redirect_uri != request.redirect_uri { - return Json(Error { + return Error { kind: ErrorKind::InvalidGrant, msg: Some("This redirect_uri doesn't match the one the code has been sent to.".to_string()), error_uri: None - }).into_response() + }.into_response() } if !request.code_challenge.verify(code_verifier) { - return Json(Error { + return Error { kind: ErrorKind::InvalidGrant, msg: Some("The PKCE challenge failed.".to_string()), // are RFCs considered human-readable? 😝 error_uri: "https://datatracker.ietf.org/doc/html/rfc7636#section-4.6".parse().ok() - }).into_response() + }.into_response() } let profile = if request.scope .map(|s| s.has(&Scope::Profile)) @@ -154,11 +154,11 @@ async fn authorization_endpoint_post<A: AuthBackend>( Json(GrantResponse::ProfileUrl { me, profile }).into_response() }, - _ => Json(Error { + _ => Error { kind: ErrorKind::InvalidGrant, msg: Some("The provided grant_type is unusable on this endpoint.".to_string()), error_uri: "https://indieauth.spec.indieweb.org/#redeeming-the-authorization-code".parse().ok() - }).into_response() + }.into_response() } } } @@ -209,11 +209,11 @@ async fn token_endpoint_post<A: AuthBackend>( // TODO load the information corresponding to the code let request: AuthorizationRequest = match backend.get_code(&code).await { Ok(Some(request)) => request, - Ok(None) => return Json(Error { + Ok(None) => return Error { kind: ErrorKind::InvalidGrant, msg: Some("The provided authorization code is invalid.".to_string()), error_uri: None - }).into_response(), + }.into_response(), Err(err) => { tracing::error!("Error retrieving auth request: {}", err); return StatusCode::INTERNAL_SERVER_ERROR.into_response(); @@ -223,11 +223,11 @@ async fn token_endpoint_post<A: AuthBackend>( let me: url::Url = format!("https://{}/", host).parse().unwrap(); let scope = if let Some(scope) = request.scope { scope } else { - return Json(Error { + return Error { kind: ErrorKind::InvalidScope, msg: Some("Tokens cannot be issued if no scopes are requested.".to_string()), error_uri: "https://indieauth.spec.indieweb.org/#access-token-response".parse().ok() - }).into_response(); + }.into_response(); }; if client_id != request.client_id { return Error { @@ -244,11 +244,11 @@ async fn token_endpoint_post<A: AuthBackend>( }.into_response() } if !request.code_challenge.verify(code_verifier) { - return Json(Error { + return Error { kind: ErrorKind::InvalidGrant, msg: Some("The PKCE challenge failed.".to_string()), error_uri: "https://datatracker.ietf.org/doc/html/rfc7636#section-4.6".parse().ok() - }).into_response(); + }.into_response(); } let profile = if scope.has(&Scope::Profile) { @@ -288,11 +288,11 @@ async fn token_endpoint_post<A: AuthBackend>( GrantRequest::RefreshToken { refresh_token, client_id, scope } => { let data = match backend.get_refresh_token(&refresh_token).await { Ok(Some(token)) => token, - Ok(None) => return Json(Error { + Ok(None) => return Error { kind: ErrorKind::InvalidGrant, msg: Some("This refresh token is not valid.".to_string()), error_uri: None - }).into_response(), + }.into_response(), Err(err) => { tracing::error!("Error retrieving refresh token: {}", err); return StatusCode::INTERNAL_SERVER_ERROR.into_response() @@ -300,20 +300,20 @@ async fn token_endpoint_post<A: AuthBackend>( }; if data.client_id != client_id { - return Json(Error { + return Error { kind: ErrorKind::InvalidGrant, msg: Some("This refresh token is not yours.".to_string()), error_uri: None - }).into_response(); + }.into_response(); } let scope = if let Some(scope) = scope { if !data.scope.has_all(scope.as_ref()) { - return Json(Error { + return Error { kind: ErrorKind::InvalidScope, msg: Some("You can't request additional scopes through the refresh token grant.".to_string()), error_uri: None - }).into_response(); + }.into_response(); } scope |