arcp_runtime/auth/
none.rs

1//! `none` authentication scheme (RFC §8.2).
2//!
3//! Only valid when `capabilities.anonymous: true` was negotiated. The
4//! runtime MUST refuse otherwise.
5
6use async_trait::async_trait;
7
8use arcp_core::auth::{AuthOutcome, Authenticator};
9use arcp_core::error::ARCPError;
10use arcp_core::messages::{AuthScheme, Capabilities, CapabilityName, ClientIdentity, Credentials};
11
12/// Authenticator for the `none` scheme.
13///
14/// Accepts any credentials block but only when `negotiated.anonymous` is
15/// `true`. The principal field is `"anonymous"`.
16#[derive(Debug, Default)]
17pub struct NoneAuthenticator;
18
19impl NoneAuthenticator {
20    /// Construct.
21    #[must_use]
22    pub const fn new() -> Self {
23        Self
24    }
25}
26
27#[async_trait]
28impl Authenticator for NoneAuthenticator {
29    fn scheme(&self) -> AuthScheme {
30        AuthScheme::None
31    }
32
33    async fn authenticate(
34        &self,
35        _creds: &Credentials,
36        _client: &ClientIdentity,
37        negotiated: &Capabilities,
38    ) -> Result<AuthOutcome, ARCPError> {
39        if negotiated.has(CapabilityName::Anonymous) {
40            Ok(AuthOutcome::Accept {
41                principal: "anonymous".into(),
42            })
43        } else {
44            Ok(AuthOutcome::Reject {
45                reason: "anonymous auth requires capabilities.anonymous: true".into(),
46            })
47        }
48    }
49}
arcp_runtime/auth/none.rs

arcp_runtime/auth/
none.rs
