Skip to main content

AllowThem

allowthem_core::handle

Struct AllowThem 

Source 
pub struct AllowThem { /* private fields */ }
Expand description

Configured allowthem handle.

Bundles a Db, SessionConfig, and cookie domain into a single value that is cheaply cloneable and safe to share across Axum handlers via State<AllowThem> or Extension<AllowThem>.

Implementations§

Source§

impl AllowThem

Source

pub fn db(&self) -> &Db

Access the underlying database handle.

Escape hatch for callers who need direct Db access for operations not yet wrapped by AllowThem methods (e.g., user CRUD, role management).

Source

pub fn session_config(&self) -> &SessionConfig

Access the session configuration.

Build a Set-Cookie header value for the given session token.

Uses the stored SessionConfig and cookie domain. Delegates to sessions::session_cookie().

Source

pub fn base_url(&self) -> Result<&str, AuthError>

Returns the base URL (issuer), or Err(BaseUrlNotConfigured) if not set.

Source

pub fn csrf_key(&self) -> Result<&[u8; 32], AuthError>

Source

pub async fn get_decrypted_signing_key( &self, ) -> Result<(SigningKey, String), AuthError>

Fetch the active signing key and decrypt its private key PEM.

Combines the encryption key, active key lookup, and decryption into a single call. Keeps the raw encryption key private to the core crate.

Build a Set-Cookie header value that expires the session cookie.

Returns Max-Age=0 with the same cookie name, path, domain, and flags used by session_cookie(). Pass this as the Set-Cookie header on a logout response to clear the browser’s stored session cookie.

Extract the session token from a Cookie header value.

Uses the stored cookie name. Delegates to sessions::parse_session_cookie().

Source

pub async fn login( &self, identifier: &str, password: &str, ) -> Result<LoginOutcome, AuthError>

Authenticate with credentials and create a session.

Returns Err(AuthError::InvalidCredentials) for any credential failure — unknown identifier, wrong password, no local password hash (SSO-only account), or inactive user — to prevent account enumeration.

Records an AuditEvent::Login on success. IP and user-agent are not available at this layer; callers who need them in the audit log should use the low-level Db methods directly.

Create a session for an already-authenticated user.

Does not verify credentials. Intended for use after OAuth, TOTP, or other non-password authentication flows. The calling flow is responsible for audit logging.

Source§

impl AllowThem

Source

pub async fn get_pending_mfa_secret( &self, user_id: UserId, ) -> Result<Option<String>, AuthError>

Source

pub async fn create_mfa_secret( &self, user_id: UserId, ) -> Result<String, AuthError>

Source

pub async fn enable_mfa( &self, user_id: UserId, code: &str, ) -> Result<Vec<String>, AuthError>

Source

pub async fn verify_totp( &self, user_id: UserId, code: &str, ) -> Result<bool, AuthError>

Source

pub async fn has_mfa_enabled(&self, user_id: UserId) -> Result<bool, AuthError>

Source

pub async fn disable_mfa(&self, user_id: UserId) -> Result<(), AuthError>

Source

pub async fn verify_recovery_code( &self, user_id: UserId, code: &str, ) -> Result<bool, AuthError>

Source

pub async fn remaining_recovery_codes( &self, user_id: UserId, ) -> Result<i64, AuthError>

Source

pub async fn regenerate_recovery_codes( &self, user_id: UserId, ) -> Result<Vec<String>, AuthError>

Trait Implementations§

Source§

impl Clone for AllowThem

Source§

fn clone(&self) -> AllowThem

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more