use std::io;
use std::str::FromStr;
use async_trait::async_trait;
use crate::authenticator::Authenticator;
use crate::methods::AuthenticationMethod;
use crate::msg::{Challenge, Error, Question};
#[derive(Clone, Debug)]
pub struct StaticKeyAuthenticationMethod<T> {
key: T,
}
impl<T> StaticKeyAuthenticationMethod<T> {
pub const ID: &str = "static_key";
#[inline]
pub fn new(key: T) -> Self {
Self { key }
}
}
#[async_trait]
impl<T> AuthenticationMethod for StaticKeyAuthenticationMethod<T>
where
T: FromStr + PartialEq + Send + Sync,
{
fn id(&self) -> &'static str {
Self::ID
}
async fn authenticate(&self, authenticator: &mut dyn Authenticator) -> io::Result<()> {
let response = authenticator
.challenge(Challenge {
questions: vec![Question {
label: "key".to_string(),
text: "Provide a key: ".to_string(),
options: Default::default(),
}],
options: Default::default(),
})
.await?;
if response.answers.is_empty() {
return Err(Error::non_fatal("missing answer").into_io_permission_denied());
}
match response.answers.into_iter().next().unwrap().parse::<T>() {
Ok(key) if key == self.key => Ok(()),
_ => Err(Error::non_fatal("answer does not match key").into_io_permission_denied()),
}
}
}
#[cfg(test)]
mod tests {
use test_log::test;
use super::*;
use crate::authenticator::TestAuthenticator;
use crate::msg::*;
#[test(tokio::test)]
async fn authenticate_should_fail_if_key_challenge_fails() {
let method = StaticKeyAuthenticationMethod::new(String::new());
let mut authenticator = TestAuthenticator {
challenge: Box::new(|_| Err(io::Error::new(io::ErrorKind::InvalidData, "test error"))),
..Default::default()
};
let err = method.authenticate(&mut authenticator).await.unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::InvalidData);
assert_eq!(err.to_string(), "test error");
}
#[test(tokio::test)]
async fn authenticate_should_fail_if_no_answer_included_in_challenge_response() {
let method = StaticKeyAuthenticationMethod::new(String::new());
let mut authenticator = TestAuthenticator {
challenge: Box::new(|_| {
Ok(ChallengeResponse {
answers: Vec::new(),
})
}),
..Default::default()
};
let err = method.authenticate(&mut authenticator).await.unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::PermissionDenied);
assert_eq!(err.to_string(), "Error: missing answer");
}
#[test(tokio::test)]
async fn authenticate_should_fail_if_answer_does_not_match_key() {
let method = StaticKeyAuthenticationMethod::new(String::from("answer"));
let mut authenticator = TestAuthenticator {
challenge: Box::new(|_| {
Ok(ChallengeResponse {
answers: vec![String::from("other")],
})
}),
..Default::default()
};
let err = method.authenticate(&mut authenticator).await.unwrap_err();
assert_eq!(err.kind(), io::ErrorKind::PermissionDenied);
assert_eq!(err.to_string(), "Error: answer does not match key");
}
#[test(tokio::test)]
async fn authenticate_should_succeed_if_answer_matches_key() {
let method = StaticKeyAuthenticationMethod::new(String::from("answer"));
let mut authenticator = TestAuthenticator {
challenge: Box::new(|_| {
Ok(ChallengeResponse {
answers: vec![String::from("answer")],
})
}),
..Default::default()
};
method.authenticate(&mut authenticator).await.unwrap();
}
}