pas-external 0.12.0

Ppoppo Accounts System (PAS) external SDK — OAuth2 PKCE, JWT verification port, Axum middleware, session liveness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

//! `MemoryPasAuth` — in-memory `PasAuthPort` for boundary testing.
//!
//! Scriptable in FIFO order: `expect_refresh` enqueues expectations
//! consumed in order by `PasAuthPort::refresh`. Argument mismatches
//! panic with a diff. Unconsumed expectations panic on `Drop` so
//! silent test skips are caught.

#![allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)]

use std::collections::VecDeque;
use std::sync::Mutex;

use super::port::{PasAuthPort, PasFailure};
use crate::oauth::TokenResponse;

#[derive(Debug)]
struct RefreshExpect {
    rt_in: String,
    returns: Result<TokenResponse, PasFailure>,
}

/// In-memory PAS auth port for tests. See module docs.
#[derive(Debug, Default)]
pub struct MemoryPasAuth {
    refresh_script: Mutex<VecDeque<RefreshExpect>>,
}

impl MemoryPasAuth {
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }

    /// Queue an expected `refresh(rt)` call returning `returns`.
    #[must_use]
    pub fn expect_refresh(
        self,
        rt: impl Into<String>,
        returns: Result<TokenResponse, PasFailure>,
    ) -> Self {
        self.refresh_script
            .lock()
            .unwrap()
            .push_back(RefreshExpect { rt_in: rt.into(), returns });
        self
    }
}

impl PasAuthPort for MemoryPasAuth {
    async fn refresh(&self, rt: &str) -> Result<TokenResponse, PasFailure> {
        let exp = self
            .refresh_script
            .lock()
            .unwrap()
            .pop_front()
            .expect("MemoryPasAuth: refresh called with no expect_refresh queued");
        assert_eq!(
            exp.rt_in, rt,
            "MemoryPasAuth: refresh token mismatch (expected={:?}, actual={:?})",
            exp.rt_in, rt
        );
        exp.returns
    }
}

impl Drop for MemoryPasAuth {
    fn drop(&mut self) {
        // Don't panic-on-panic. If a test already failed, surface the
        // original failure rather than masking it with our assertion.
        if std::thread::panicking() {
            return;
        }
        let r = self.refresh_script.get_mut().unwrap();
        if !r.is_empty() {
            panic!(
                "MemoryPasAuth dropped with {} unconsumed refresh expectation(s)",
                r.len()
            );
        }
    }
}