rsasl 2.3.0

The Rust SASL framework, aimed at both middleware-style protocol implementation and application code. Designed to make SASL authentication simple and safe while handing as much control to the user as possible.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

use crate::context::ThisProvider;
use crate::error::{MechanismError, MechanismErrorKind, SessionError};
use crate::mechanism::Authentication;
use crate::property::AuthzId;
use crate::session::{MechanismData, MessageSent, State};
use core::str::Utf8Error;
use crate::io::Write;
use thiserror::Error;

#[derive(Debug, Eq, PartialEq, Copy, Clone, Error)]
#[error("the given external token is invalid UTF-8")]
pub struct ParseError(#[source] Utf8Error);
impl MechanismError for ParseError {
    fn kind(&self) -> MechanismErrorKind {
        MechanismErrorKind::Parse
    }
}

#[derive(Copy, Clone, Debug)]
pub struct External;

impl Authentication for External {
    fn step(
        &mut self,
        session: &mut MechanismData,
        input: Option<&[u8]>,
        _writer: &mut dyn Write,
    ) -> Result<State, SessionError> {
        let input = input.unwrap_or(&[]);
        let authzid = core::str::from_utf8(input).map_err(ParseError)?;
        session.validate(&ThisProvider::<AuthzId>::with(authzid))?;
        Ok(State::Finished(MessageSent::No))
    }
}

#[cfg(test)]
mod tests {
    use crate::callback::{Context, SessionCallback, SessionData};
    use crate::property::AuthzId;
    use crate::test;
    use crate::validate::{Validate, ValidationError};
    use std::io::Cursor;

    #[derive(Default)]
    struct C<'a> {
        authzid: &'a str,
    }
    impl SessionCallback for C<'_> {
        fn validate(
            &self,
            _session_data: &SessionData,
            context: &Context,
            _validate: &mut Validate<'_>,
        ) -> Result<(), ValidationError> {
            let authzid = context.get_ref::<AuthzId>().unwrap();
            println!("expected: {:?} provided: {:?}", self.authzid, authzid);
            assert_eq!(authzid, self.authzid);
            Ok(())
        }
    }

    fn test_token(authzid: &'static str, input: &[u8]) {
        let config = test::server_config(C { authzid });
        let mut session = test::server_session(config, &super::super::mechinfo::EXTERNAL);
        let mut out = Cursor::new(Vec::new());

        let state = session.step(Some(input), &mut out).unwrap();

        assert!(state.is_finished());
        assert!(!state.has_sent_message());
    }

    #[test]
    fn test_successful() {
        let authzids = [
            "", // empty authzid should not error
            "heylookanauthzid",
            "cn=this,ou=authzid,ou=has,o=weirdformatting",
            "«küßî»",
            "“ЌύБЇ”",
        ];
        for authzid in authzids {
            test_token(authzid, authzid.as_bytes());
        }
    }

    #[test]
    #[should_panic(
        expected = "assertion `left == right` failed\n  left: \"\"\n right: \"expectedauthzid\""
    )]
    fn test_reject_invalid_1() {
        test_token("expectedauthzid", b"");
    }

    #[test]
    #[should_panic(expected = "x")]
    fn test_reject_invalid_2() {
        test_token("", b"someunexpectedauthzid");
    }

    #[test]
    // `None` input should read as empty token
    fn test_no_input() {
        let config = test::server_config(C::default());
        let mut session = test::server_session(config, &super::super::mechinfo::EXTERNAL);
        let mut out = Cursor::new(Vec::new());

        let state = session.step(None, &mut out).unwrap();

        assert!(state.is_finished());
        assert!(!state.has_sent_message());
    }
}