rustauth-scim 0.3.0

SCIM support for RustAuth.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

//! Optional SCIM audit hooks (structured logging + integrator callback).

use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;

use rustauth_core::context::AuthContext;

use crate::options::{ScimAuditEvent, ScimAuditEventKind, ScimAuditSeverity, ScimOptions};

type AuditEventFuture = Pin<Box<dyn Future<Output = ()> + Send>>;

/// Async sink for SCIM audit events.
#[derive(Clone)]
pub struct ScimAuditEventResolver {
    resolver: Arc<dyn Fn(ScimAuditEvent) -> AuditEventFuture + Send + Sync>,
}

impl ScimAuditEventResolver {
    /// Create an audit event sink from an async function.
    pub fn new<F, Fut>(resolver: F) -> Self
    where
        F: Fn(ScimAuditEvent) -> Fut + Send + Sync + 'static,
        Fut: Future<Output = ()> + Send + 'static,
    {
        Self {
            resolver: Arc::new(move |event| Box::pin(resolver(event))),
        }
    }

    /// Emit an audit event.
    pub async fn resolve(&self, event: ScimAuditEvent) {
        (self.resolver)(event).await;
    }
}

impl std::fmt::Debug for ScimAuditEventResolver {
    fn fmt(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        formatter.write_str("ScimAuditEventResolver(..)")
    }
}

impl PartialEq for ScimAuditEventResolver {
    fn eq(&self, _other: &Self) -> bool {
        false
    }
}

pub(crate) async fn emit(context: &AuthContext, options: &ScimOptions, event: ScimAuditEvent) {
    log(context, &event);
    if let Some(resolver) = &options.audit_event {
        resolver.resolve(event).await;
    }
}

fn log(context: &AuthContext, event: &ScimAuditEvent) {
    let message = match event.kind {
        ScimAuditEventKind::TokenGenerated => "scim token generated",
        ScimAuditEventKind::UserProvisioned => "scim user provisioned",
        ScimAuditEventKind::UserDeprovisioned => "scim user deprovisioned",
        ScimAuditEventKind::BulkFailed => "scim bulk operation failed",
        ScimAuditEventKind::BulkRolledBack => "scim atomic bulk rolled back",
    };
    let mut args = Vec::new();
    if let Some(provider_id) = event.provider_id.as_deref() {
        args.push(provider_id);
    }
    if let Some(user_id) = event.user_id.as_deref() {
        args.push(user_id);
    }
    if let Some(organization_id) = event.organization_id.as_deref() {
        args.push(organization_id);
    }
    if let Some(reason) = event.reason.as_deref() {
        args.push(reason);
    }
    match event.severity {
        ScimAuditSeverity::Info => context.logger.info(message, &args),
        ScimAuditSeverity::Warn => context.logger.warn(message, &args),
        ScimAuditSeverity::Error => context.logger.error(message, &args),
    }
}