reinhardt-auth 0.1.2

Authentication and authorization system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

//! Social authentication error types

use thiserror::Error;

/// Social authentication errors
#[non_exhaustive]
#[derive(Debug, Clone, PartialEq, Eq, Error)]
pub enum SocialAuthError {
	/// Network error during HTTP requests
	#[error("Network error: {0}")]
	Network(String),

	/// Invalid response from provider
	#[error("Invalid response: {0}")]
	InvalidResponse(String),

	/// Token validation failed
	#[error("Token validation failed: {0}")]
	TokenValidation(String),

	/// JWKS (JSON Web Key Set) error
	#[error("JWKS error: {0}")]
	Jwks(String),

	/// OIDC Discovery error
	#[error("Discovery error: {0}")]
	Discovery(String),

	/// State parameter validation failed (CSRF protection)
	#[error("State validation failed: {0}")]
	StateValidation(String),

	/// PKCE validation failed
	#[error("PKCE validation failed: {0}")]
	PkceValidation(String),

	/// Provider-specific error
	#[error("Provider error: {0}")]
	Provider(String),

	/// Configuration error
	#[error("Configuration error: {0}")]
	Configuration(String),

	/// User mapping error
	#[error("User mapping error: {0}")]
	UserMapping(String),

	/// Storage error
	#[error("Storage error: {0}")]
	Storage(String),

	/// Feature not supported
	#[error("Not supported: {0}")]
	NotSupported(String),

	/// Invalid OAuth2 state parameter
	#[error("Invalid state")]
	InvalidState,

	/// Token exchange error
	#[error("Token exchange error: {0}")]
	TokenExchangeError(String),

	/// Token refresh error
	#[error("Token refresh error: {0}")]
	TokenRefreshError(String),

	/// Invalid JWK (JSON Web Key)
	#[error("Invalid JWK: {0}")]
	InvalidJwk(String),

	/// Invalid ID token
	#[error("Invalid ID token: {0}")]
	InvalidIdToken(String),

	/// UserInfo endpoint error
	#[error("UserInfo error: {0}")]
	UserInfoError(String),

	/// Invalid configuration
	#[error("Invalid configuration: {0}")]
	InvalidConfiguration(String),

	/// Unknown error
	#[error("Unknown error: {0}")]
	Unknown(String),

	/// Insecure endpoint URL (non-HTTPS)
	#[error("Insecure endpoint: {0}")]
	InsecureEndpoint(String),
}

/// Conversion from reqwest::Error
impl From<reqwest::Error> for SocialAuthError {
	fn from(error: reqwest::Error) -> Self {
		SocialAuthError::Network(error.to_string())
	}
}

/// Conversion from serde_json::Error
impl From<serde_json::Error> for SocialAuthError {
	fn from(error: serde_json::Error) -> Self {
		SocialAuthError::InvalidResponse(error.to_string())
	}
}

/// Conversion from jsonwebtoken::errors::Error
impl From<jsonwebtoken::errors::Error> for SocialAuthError {
	fn from(error: jsonwebtoken::errors::Error) -> Self {
		SocialAuthError::TokenValidation(error.to_string())
	}
}

/// Conversion to reinhardt_exception::Error
impl From<SocialAuthError> for crate::AuthenticationError {
	fn from(error: SocialAuthError) -> Self {
		match error {
			SocialAuthError::Network(msg) => crate::AuthenticationError::Unknown(msg),
			SocialAuthError::InvalidResponse(msg) => crate::AuthenticationError::Unknown(msg),
			SocialAuthError::TokenValidation(_) => crate::AuthenticationError::InvalidToken,
			SocialAuthError::StateValidation(_) => crate::AuthenticationError::InvalidToken,
			_ => crate::AuthenticationError::Unknown(error.to_string()),
		}
	}
}

#[cfg(test)]
mod tests {
	use super::*;

	#[test]
	fn test_error_display() {
		let error = SocialAuthError::Network("Connection timeout".to_string());
		assert_eq!(error.to_string(), "Network error: Connection timeout");

		let error = SocialAuthError::TokenValidation("Invalid signature".to_string());
		assert_eq!(
			error.to_string(),
			"Token validation failed: Invalid signature"
		);

		let error = SocialAuthError::Configuration("Missing client_id".to_string());
		assert_eq!(error.to_string(), "Configuration error: Missing client_id");
	}

	// Note: Testing reqwest::Error conversion is difficult because reqwest::Error
	// cannot be easily constructed in tests. The conversion implementation itself
	// is trivial (a direct wrapper), so we skip this test.

	#[test]
	fn test_error_from_serde_json() {
		// Simulate a serde_json error
		let json_error = serde_json::from_str::<serde_json::Value>("{invalid json}").unwrap_err();
		let social_error: SocialAuthError = json_error.into();

		assert!(matches!(social_error, SocialAuthError::InvalidResponse(_)));
	}

	#[test]
	fn test_error_to_authentication_error() {
		let social_error = SocialAuthError::TokenValidation("Bad token".to_string());
		let auth_error: crate::AuthenticationError = social_error.into();

		assert!(matches!(
			auth_error,
			crate::AuthenticationError::InvalidToken
		));
	}
}