arcp-runtime 2.0.0

Reference runtime (server side) for the Agent Runtime Control Protocol (ARCP) — ARCPRuntime, job / session machinery, persistent store, auth validators, and the `arcp` CLI.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

//! `none` authentication scheme (RFC §8.2).
//!
//! Only valid when `capabilities.anonymous: true` was negotiated. The
//! runtime MUST refuse otherwise.

use async_trait::async_trait;

use arcp_core::auth::{AuthOutcome, Authenticator};
use arcp_core::error::ARCPError;
use arcp_core::messages::{AuthScheme, Capabilities, CapabilityName, ClientIdentity, Credentials};

/// Authenticator for the `none` scheme.
///
/// Accepts any credentials block but only when `negotiated.anonymous` is
/// `true`. The principal field is `"anonymous"`.
#[derive(Debug, Default)]
pub struct NoneAuthenticator;

impl NoneAuthenticator {
    /// Construct.
    #[must_use]
    pub const fn new() -> Self {
        Self
    }
}

#[async_trait]
impl Authenticator for NoneAuthenticator {
    fn scheme(&self) -> AuthScheme {
        AuthScheme::None
    }

    async fn authenticate(
        &self,
        _creds: &Credentials,
        _client: &ClientIdentity,
        negotiated: &Capabilities,
    ) -> Result<AuthOutcome, ARCPError> {
        if negotiated.has(CapabilityName::Anonymous) {
            Ok(AuthOutcome::Accept {
                principal: "anonymous".into(),
            })
        } else {
            Ok(AuthOutcome::Reject {
                reason: "anonymous auth requires capabilities.anonymous: true".into(),
            })
        }
    }
}