diff --git a/clippy.toml b/clippy.toml index 41d584369..218811441 100644 --- a/clippy.toml +++ b/clippy.toml @@ -3,7 +3,7 @@ # SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial # Please see LICENSE files in the repository root for full details. -doc-valid-idents = ["OpenID", "OAuth", "..", "PostgreSQL", "SQLite"] +doc-valid-idents = ["OpenID", "OAuth", "UserInfo", "..", "PostgreSQL", "SQLite"] disallowed-methods = [ { path = "rand::thread_rng", reason = "do not create rngs on the fly, pass them as parameters" }, diff --git a/crates/config/src/sections/upstream_oauth2.rs b/crates/config/src/sections/upstream_oauth2.rs index 9b2768423..05f70cc67 100644 --- a/crates/config/src/sections/upstream_oauth2.rs +++ b/crates/config/src/sections/upstream_oauth2.rs @@ -652,7 +652,7 @@ pub struct Provider { /// What to do when receiving an OIDC Backchannel logout request. /// - /// Defaults to "do_nothing". + /// Defaults to `do_nothing`. #[serde(default, skip_serializing_if = "OnBackchannelLogout::is_default")] pub on_backchannel_logout: OnBackchannelLogout, } diff --git a/crates/handlers/src/graphql/tests.rs b/crates/handlers/src/graphql/tests.rs index bc5079924..328b6f152 100644 --- a/crates/handlers/src/graphql/tests.rs +++ b/crates/handlers/src/graphql/tests.rs @@ -348,7 +348,7 @@ async fn test_oauth2_admin(pool: PgPool) { } /// Test that we can query the GraphQL endpoint with a token from a -/// client_credentials grant. +/// `client_credentials` grant. #[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")] async fn test_oauth2_client_credentials(pool: PgPool) { setup(); diff --git a/crates/oauth2-types/src/oidc.rs b/crates/oauth2-types/src/oidc.rs index 7ff1270e6..39e1074b1 100644 --- a/crates/oauth2-types/src/oidc.rs +++ b/crates/oauth2-types/src/oidc.rs @@ -577,7 +577,7 @@ pub struct ProviderMetadata { pub require_request_uri_registration: Option, /// Indicates where authorization request needs to be protected as [Request - /// Object] and provided through either request or request_uri parameter. + /// Object] and provided through either request or `request_uri` parameter. /// /// Defaults to `false`. /// diff --git a/crates/oauth2-types/src/registration/mod.rs b/crates/oauth2-types/src/registration/mod.rs index fd1ab2a64..e6b6aa862 100644 --- a/crates/oauth2-types/src/registration/mod.rs +++ b/crates/oauth2-types/src/registration/mod.rs @@ -911,7 +911,8 @@ pub struct ClientRegistrationResponse { #[serde_as(as = "Option>")] pub client_id_issued_at: Option>, - /// Time at which the client_secret will expire or 0 if it will not expire. + /// Time at which the `client_secret` will expire or 0 if it will not + /// expire. /// /// Required if `client_secret` is issued. #[serde(default)] diff --git a/crates/policy/src/lib.rs b/crates/policy/src/lib.rs index b45da09ac..3a3a23c3f 100644 --- a/crates/policy/src/lib.rs +++ b/crates/policy/src/lib.rs @@ -397,7 +397,7 @@ impl Policy { Ok(res) } - /// Evaluate the 'client_registration' entrypoint. + /// Evaluate the `client_registration` entrypoint. /// /// # Errors /// @@ -419,7 +419,7 @@ impl Policy { Ok(res) } - /// Evaluate the 'authorization_grant' entrypoint. + /// Evaluate the `authorization_grant` entrypoint. /// /// # Errors /// diff --git a/crates/storage-pg/src/user/registration.rs b/crates/storage-pg/src/user/registration.rs index e8c228771..fdbdb7139 100644 --- a/crates/storage-pg/src/user/registration.rs +++ b/crates/storage-pg/src/user/registration.rs @@ -524,7 +524,7 @@ mod tests { &mut rng, &clock, "alice".to_owned(), - Some(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1))), + Some(IpAddr::V4(Ipv4Addr::LOCALHOST)), Some("Mozilla/5.0".to_owned()), Some(serde_json::json!({"action": "continue_compat_sso_login", "id": "01FSHN9AG0MKGTBNZ16RDR3PVY"})), ) @@ -534,7 +534,7 @@ mod tests { assert_eq!(registration.user_agent, Some("Mozilla/5.0".to_owned())); assert_eq!( registration.ip_address, - Some(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1))) + Some(IpAddr::V4(Ipv4Addr::LOCALHOST)) ); assert_eq!( registration.post_auth_action, diff --git a/crates/storage/src/oauth2/authorization_grant.rs b/crates/storage/src/oauth2/authorization_grant.rs index f61f6b8c0..f87c07df0 100644 --- a/crates/storage/src/oauth2/authorization_grant.rs +++ b/crates/storage/src/oauth2/authorization_grant.rs @@ -38,7 +38,7 @@ pub trait OAuth2AuthorizationGrantRepository: Send + Sync { /// * `response_mode`: The response mode the client requested /// * `response_type_id_token`: Whether the `id_token` `response_type` was /// requested - /// * `login_hint`: The login_hint the client sent, if set + /// * `login_hint`: The `login_hint` the client sent, if set /// * `locale`: The locale the detected when the user asked for the /// authorization grant /// diff --git a/crates/storage/src/oauth2/client.rs b/crates/storage/src/oauth2/client.rs index bf2d10a29..779b754ca 100644 --- a/crates/storage/src/oauth2/client.rs +++ b/crates/storage/src/oauth2/client.rs @@ -24,7 +24,7 @@ pub trait OAuth2ClientRepository: Send + Sync { /// The error type returned by the repository type Error; - /// Lookup an OAuth2 client by its ID + /// Lookup an OAuth client by its ID /// /// Returns `None` if the client does not exist /// @@ -37,7 +37,7 @@ pub trait OAuth2ClientRepository: Send + Sync { /// Returns [`Self::Error`] if the underlying repository fails async fn lookup(&mut self, id: Ulid) -> Result, Self::Error>; - /// Find an OAuth2 client by its client ID + /// Find an OAuth client by its client ID async fn find_by_client_id(&mut self, client_id: &str) -> Result, Self::Error> { let Ok(id) = client_id.parse() else { return Ok(None); @@ -45,7 +45,7 @@ pub trait OAuth2ClientRepository: Send + Sync { self.lookup(id).await } - /// Find an OAuth2 client by its metadata digest + /// Find an OAuth client by its metadata digest /// /// Returns `None` if the client does not exist /// @@ -62,7 +62,7 @@ pub trait OAuth2ClientRepository: Send + Sync { digest: &str, ) -> Result, Self::Error>; - /// Load a batch of OAuth2 clients by their IDs + /// Load a batch of OAuth clients by their IDs /// /// Returns a map of client IDs to clients. If a client does not exist, it /// is not present in the map. @@ -79,7 +79,7 @@ pub trait OAuth2ClientRepository: Send + Sync { ids: BTreeSet, ) -> Result, Self::Error>; - /// Add a new OAuth2 client + /// Add a new OAuth client /// /// Returns the client that was added /// diff --git a/crates/syn2mas/src/synapse_reader/checks.rs b/crates/syn2mas/src/synapse_reader/checks.rs index 655642770..aee91b62a 100644 --- a/crates/syn2mas/src/synapse_reader/checks.rs +++ b/crates/syn2mas/src/synapse_reader/checks.rs @@ -250,7 +250,8 @@ pub async fn synapse_config_check_against_mas_config( /// /// - If there is some database connection error, or the given database is not a /// Synapse database. -/// - If the OAuth2 section of the MAS configuration could not be parsed. +/// - If the Upstream OAuth section of the MAS configuration could not be +/// parsed. #[tracing::instrument(skip_all)] pub async fn synapse_database_check( synapse_connection: &mut PgConnection, diff --git a/crates/tasks/src/matrix.rs b/crates/tasks/src/matrix.rs index d5d6e6e65..87e052d20 100644 --- a/crates/tasks/src/matrix.rs +++ b/crates/tasks/src/matrix.rs @@ -29,7 +29,7 @@ use crate::{ /// Job to provision a user on the Matrix homeserver. /// This works by doing a PUT request to the -/// /_synapse/admin/v2/users/{user_id} endpoint. +/// `/_synapse/admin/v2/users/{user_id}` endpoint. #[async_trait] impl RunnableJob for ProvisionUserJob { #[tracing::instrument( diff --git a/crates/templates/src/context.rs b/crates/templates/src/context.rs index 230dee67f..0a04677eb 100644 --- a/crates/templates/src/context.rs +++ b/crates/templates/src/context.rs @@ -1637,7 +1637,7 @@ impl TemplateContext for DeviceConsentContext { device_code: Alphanumeric.sample_string(rng, 32), created_at: now - Duration::try_minutes(5).unwrap(), expires_at: now + Duration::try_minutes(25).unwrap(), - ip_address: Some(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1))), + ip_address: Some(IpAddr::V4(Ipv4Addr::LOCALHOST)), user_agent: Some("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.0.0 Safari/537.36".to_owned()), }; Self { grant, client }