1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
use crate::authentication::Authentication;
use crate::data::ClientCredentialsAuthResult;
use async_trait::async_trait;
use std::collections::HashMap;
use std::convert::TryInto;
use std::time::{Duration, Instant};
use url::Url;
type BoxedError = Box<dyn std::error::Error>;
const AUTH_ENDPOINT: &'static str = "/apiv2/oauth/token";
#[allow(dead_code)]
pub struct ClientCredentialsAuthentication {
pub access_token: Option<String>,
pub valid_to: Option<Instant>,
}
impl ClientCredentialsAuthentication {
#[allow(dead_code)]
pub fn new() -> Self {
ClientCredentialsAuthentication {
access_token: None,
valid_to: None,
}
}
}
#[async_trait]
impl Authentication for ClientCredentialsAuthentication {
async fn authenticate(
&mut self,
client_identity: &str,
client_secret: &str,
base_url: &Url,
reqwest_client: &reqwest::Client,
) -> Result<String, BoxedError> {
if let Some(token) = &self.access_token {
if let Some(validity) = self.valid_to {
if validity > Instant::now() {
return Ok(token.to_string());
}
}
}
let auth_url = base_url.join(AUTH_ENDPOINT)?;
let mut params = HashMap::new();
params.insert("grant_type", "client_credentials");
let response = reqwest_client
.post(auth_url)
.basic_auth(client_identity, Some(client_secret))
.form(¶ms)
.send()
.await?;
if let Err(err) = response.error_for_status_ref() {
return Err(Box::new(err));
}
let result = response.json::<ClientCredentialsAuthResult>().await?;
self.access_token = Some(result.access_token.clone());
self.valid_to =
Some(Instant::now() + Duration::from_secs(result.expires_in.try_into().unwrap()));
Ok(result.access_token)
}
}
#[cfg(test)]
mod tests {
use super::{ClientCredentialsAuthentication, AUTH_ENDPOINT};
use crate::testutil::get_test_data;
use crate::Client;
use mockito;
#[test]
fn client_credentials_authentication() {
let mut rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async {
let mock = mockito::mock("POST", AUTH_ENDPOINT)
.expect(1)
.with_status(200)
.with_header("content-type", "application/json")
.with_body(get_test_data("client_credentials_auth_response"))
.create();
let auth = ClientCredentialsAuthentication::new();
let client = Client::new("client_identity", "client_secret", &mockito::server_url())
.unwrap()
.with_authentication(auth);
let auth_header = client.test_authenticate().await;
assert!(auth_header.is_ok());
let auth_header = client.test_authenticate().await;
assert!(auth_header.is_ok());
mock.assert();
});
}
#[test]
fn expired_token_test() {
let mut rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async {
let mock = mockito::mock("POST", AUTH_ENDPOINT)
.expect(2)
.with_status(200)
.with_header("content-type", "application/json")
.with_body(get_test_data("client_credentials_auth_response_no_expiry"))
.create();
let auth = ClientCredentialsAuthentication::new();
let client = Client::new("client_identity", "client_secret", &mockito::server_url())
.unwrap()
.with_authentication(auth);
let auth_header = client.test_authenticate().await;
assert!(auth_header.is_ok());
let auth_header = client.test_authenticate().await;
assert!(auth_header.is_ok());
mock.assert();
});
}
}