initial success tests

Cargo.toml

@@ -169,6 +169,7 @@ hickory-resolver = { version = "0.25.0-alpha.4", default-features = false, featu
 http = "1.2.0"
 http-body = "1.0.1"
 http-body-util = "0.1.2"
+http-serde = "2.1.1"
 httpdate = "1.0.3"
 human-size = { version = "0.4.3", features = ["serde"] }
 hyper = "1.5.2"

kitsune/src/http/handler/oauth/authorize.rs

@@ -205,11 +205,14 @@ pub async fn get(
             .await
     })?;
 
-    let mut scopes = authorizer
-        .scope()
-        .iter()
-        .filter_map(|scope| OAuthScope::from_str(scope).ok())
-        .collect::<Vec<OAuthScope>>();
+    let mut scopes = if let Some(scope) = authorizer.scope() {
+        scope
+            .iter()
+            .filter_map(|scope| OAuthScope::from_str(scope).ok())
+            .collect()
+    } else {
+        Vec::new()
+    };
 
     if scopes.is_empty() {
         // default to read scope if no scopes are defined

lib/komainu/Cargo.toml

@@ -21,6 +21,7 @@ http.workspace = true
 http-body.workspace = true
 http-body-util.workspace = true
 indexmap.workspace = true
+insta.workspace = true
 itertools.workspace = true
 memchr.workspace = true
 serde.workspace = true
@@ -38,6 +39,7 @@ url.workspace = true
 divan.workspace = true
 futures-test.workspace = true
 headers.workspace = true
+http-serde.workspace = true
 insta.workspace = true
 rand.workspace = true
 rstest.workspace = true

lib/komainu/src/code_grant.rs

@@ -2,7 +2,7 @@ use crate::{
     error::Error, flow::pkce, params::ParamStorage, scope::Scope, AuthInstruction, Client,
     ClientExtractor,
 };
-use std::{borrow::Cow, future::Future, ops::Deref, str::FromStr};
+use std::{borrow::Cow, future::Future, str::FromStr};
 use strum::{AsRefStr, Display};
 use thiserror::Error;
 
@@ -63,7 +63,7 @@ where
     ) -> Result<Authorizer<'a, I>, GrantError> {
         let client_id = req.query.get("client_id").or_invalid_request()?;
         let response_type = req.query.get("response_type").or_invalid_request()?;
-        let scope = req.query.get("scope").map_or("", Deref::deref);
+        let scope = req.query.get("scope");
         let state = req.query.get("state").map(|state| &**state);
 
         let client = self.client_extractor.extract(client_id, None).await?;
@@ -79,13 +79,27 @@ where
             return Err(GrantError::AccessDenied);
         }
 
-        let request_scopes = scope.parse().unwrap();
+        let request_scopes = if let Some(scope) = scope {
+            let scope = match Scope::from_str(scope) {
+                Ok(val) => val,
+                // Infallible so we have to do this shit to signal to the compiler "hey, this actually can't ever happen".
+                // Thanks for not stabilizing the never type.
+                //
+                // I'm so close to hacking the actual never type in here, I swear.
+                Err(err) => match err {},
+            };
 
-        // Check whether the client can actually perform the grant
-        if !client.scopes.can_perform(&request_scopes) {
-            debug!(?client_id, client_scopes = ?client.scopes, ?request_scopes, "client can't issue the requested scopes");
-            // apparently clients do that. weird smh.
-            //return Err(GrantError::AccessDenied);
+            Some(scope)
+        } else {
+            None
+        };
+
+        if let Some(ref request_scopes) = request_scopes {
+            // Check whether the client can actually perform the grant
+            if !client.scopes.can_perform(request_scopes) {
+                debug!(?client_id, client_scopes = ?client.scopes, ?request_scopes, "client can't issue the requested scopes");
+                return Err(GrantError::AccessDenied);
+            }
         }
 
         let pkce_payload = if let Some(challenge) = req.query.get("code_challenge") {
@@ -144,7 +158,7 @@ pub struct Authorizer<'a, I> {
     issuer: &'a I,
     client: Client<'a>,
     pkce_payload: Option<pkce::Payload<'a>>,
-    scope: Scope,
+    scope: Option<Scope>,
     query: &'a ParamStorage<Cow<'a, str>, Cow<'a, str>>,
     state: Option<&'a str>,
 }
@@ -159,8 +173,8 @@ where
     }
 
     #[must_use]
-    pub fn scope(&self) -> &Scope {
-        &self.scope
+    pub fn scope(&self) -> Option<&Scope> {
+        self.scope.as_ref()
     }
 
     #[must_use]

lib/komainu/tests/flows.rs

@@ -0,0 +1,76 @@
+use self::fixtures::Fixture;
+use bytes::Bytes;
+use http_body_util::Empty;
+use komainu::scope::Scope;
+use serde::Serialize;
+use std::str::FromStr;
+
+mod fixtures;
+
+#[derive(Serialize)]
+struct SerdeResponse {
+    body: Option<String>,
+    #[serde(with = "http_serde::header_map")]
+    headers: http::HeaderMap,
+    #[serde(with = "http_serde::status_code")]
+    status: http::StatusCode,
+}
+
+impl From<http::Response<()>> for SerdeResponse {
+    #[inline]
+    fn from(value: http::Response<()>) -> Self {
+        let (parts, _body) = value.into_parts();
+
+        Self {
+            body: None,
+            headers: parts.headers,
+            status: parts.status,
+        }
+    }
+}
+
+impl From<http::Response<Bytes>> for SerdeResponse {
+    #[inline]
+    fn from(value: http::Response<Bytes>) -> Self {
+        let (parts, body) = value.into_parts();
+        let body = String::from_utf8(body.to_vec()).unwrap();
+
+        let mut response: Self = http::Response::from_parts(parts, ()).into();
+        response.body = Some(body);
+        response
+    }
+}
+
+#[futures_test::test]
+async fn success() {
+    let fixture = Fixture::generate();
+
+    let uri = http::Uri::builder()
+        .scheme("http")
+        .authority("komainu.example")
+        .path_and_query("/oauth/authorize?response_type=code&client_id=client_1")
+        .build()
+        .unwrap();
+
+    let req = http::Request::builder()
+        .uri(uri)
+        .body(Empty::<Bytes>::new())
+        .unwrap();
+    let req = komainu::Request::read_from(req).await.unwrap();
+
+    let acceptor = {
+        let handle = fixture.code_grant.extract_raw(&req).await.unwrap();
+        handle
+            .accept("user id".into(), &Scope::from_str("read").unwrap())
+            .await
+            .unwrap()
+    };
+
+    let deny = {
+        let handle = fixture.code_grant.extract_raw(&req).await.unwrap();
+        handle.deny()
+    };
+
+    insta::assert_json_snapshot!(SerdeResponse::from(acceptor.into_response()));
+    insta::assert_json_snapshot!(SerdeResponse::from(deny));
+}

lib/komainu/tests/snapshots/flows__success-2.snap

@@ -0,0 +1,11 @@
+---
+source: lib/komainu/tests/flows.rs
+expression: "SerdeResponse::from(deny)"
+---
+{
+  "body": null,
+  "headers": {
+    "location": "http://client_1.example/?error=access_denied"
+  },
+  "status": 302
+}

lib/komainu/tests/snapshots/flows__success.snap

@@ -0,0 +1,11 @@
+---
+source: lib/komainu/tests/flows.rs
+expression: "SerdeResponse::from(acceptor.into_response())"
+---
+{
+  "body": null,
+  "headers": {
+    "location": "http://client_1.example/?code=sn7A6s3FVFsptwK6"
+  },
+  "status": 302
+}