rustfmt pass.

src/cli.rs

@@ -1,9 +1,9 @@
 use crate::{
-    schema::{self, UIDCDatabase},
+    client_management, config, group_management,
+    key::{self, KeyType},
     object::ClapInterface,
-    config,
-    UIDCError,
-    key::{self, KeyType}, user_management, client_management, scope_management, group_management, token_management, server,
+    schema::{self, UIDCDatabase},
+    scope_management, server, token_management, user_management, UIDCError,
 };
 use clap::{Parser, Subcommand};
 use microrm::prelude::*;
@@ -61,14 +61,16 @@ impl RootArgs {
         let db = UIDCDatabase::open_path(&self.db)
             .map_err(|e| UIDCError::AbortString(format!("Error accessing database: {:?}", e)))?;
 
-        let realm =
-            db
+        let realm = db
             .realms
             .unique(&self.realm)
             .get()?
             .ok_or(UIDCError::Abort("no such realm"))?;
 
-        let ra = RunArgs { db: db, realm: realm.wrapped() };
+        let ra = RunArgs {
+            db: db,
+            realm: realm.wrapped(),
+        };
 
         match &self.command {
             Command::Init => unreachable!(),
@@ -95,7 +97,7 @@ impl RootArgs {
 
         if db.realms.unique(&primary_realm).get()?.is_some() {
             log::warn!("Already initialized with primary realm!");
-            return Ok(())
+            return Ok(());
         }
 
         // create primary realm
@@ -108,7 +110,6 @@ impl RootArgs {
     }
 }
 
-
 #[derive(Debug, Subcommand)]
 enum KeyCommand {
     /// Print details of all keys
@@ -133,17 +134,15 @@ impl KeyArgs {
             KeyCommand::List => key::list(&args.realm),
             KeyCommand::Generate { key_type } => {
                 key::generate_in(&args.realm, *key_type)?;
-                return Ok(())
-            },
+                return Ok(());
+            }
             KeyCommand::Types => {
                 for (spec, _kty) in key::KEY_TYPE_NAMES {
                     println!("- {}", spec);
                 }
                 Ok(())
             }
-            KeyCommand::Remove { key_id } => {
-                key::remove(&args.realm, key_id)
-            },
+            KeyCommand::Remove { key_id } => key::remove(&args.realm, key_id),
         }
     }
 }
@@ -154,10 +153,12 @@ enum ClientCommand {
         /// Name for the new client
         name: String,
         /// Signing key type to use for this client. Default is ed25519.
-        key_type: Option<KeyType>
+        key_type: Option<KeyType>,
     },
     List,
-    Inspect { name: String },
+    Inspect {
+        name: String,
+    },
 }
 
 #[derive(Debug, Parser)]
@@ -175,9 +176,7 @@ impl ClientArgs {
             ClientCommand::List => {
                 todo!()
             }
-            ClientCommand::Inspect { name } => {
-                client_management::inspect(&args.realm, name)
-            }
+            ClientCommand::Inspect { name } => client_management::inspect(&args.realm, name),
         }
     }
 }
@@ -205,7 +204,8 @@ impl ConfigArgs {
             ConfigCommand::Set { key, value } => {
                 args.db.persistent_config.unique(key).delete()?;
                 args.db.persistent_config.insert(schema::PersistentConfig {
-                    key: key.clone(), value: value.clone()
+                    key: key.clone(),
+                    value: value.clone(),
                 })?;
             }
             ConfigCommand::Load { toml_path } => {
@@ -272,41 +272,25 @@ impl GroupArgs {
                 group_name,
                 role_name,
             } => {
-                group_management::attach_role(
-                    &args.realm,
-                    group_name,
-                    role_name,
-                )?;
+                group_management::attach_role(&args.realm, group_name, role_name)?;
             }
             GroupCommand::DetachRole {
                 group_name,
                 role_name,
             } => {
-                group_management::detach_role(
-                    &args.realm,
-                    group_name,
-                    role_name,
-                )?;
+                group_management::detach_role(&args.realm, group_name, role_name)?;
             }
             GroupCommand::AttachUser {
                 group_name,
                 username,
             } => {
-                group_management::attach_user(
-                    &args.realm,
-                    group_name,
-                    username,
-                )?;
+                group_management::attach_user(&args.realm, group_name, username)?;
             }
             GroupCommand::DetachUser {
                 group_name,
                 username,
             } => {
-                group_management::detach_user(
-                    &args.realm,
-                    group_name,
-                    username,
-                )?;
+                group_management::detach_user(&args.realm, group_name, username)?;
             }
         }
         Ok(())
@@ -344,22 +328,14 @@ impl ScopeArgs {
             ScopeCommand::AttachRole {
                 scope_name,
                 role_name,
-            } => scope_management::attach_role(
-                &args.realm,
-                scope_name,
-                role_name,
-            ),
+            } => scope_management::attach_role(&args.realm, scope_name, role_name),
             ScopeCommand::Create { scope_name } => {
                 scope_management::create_scope(&args.realm, scope_name)
             }
             ScopeCommand::DetachRole {
                 scope_name,
                 role_name,
-            } => scope_management::detach_role(
-                &args.realm,
-                scope_name,
-                role_name,
-            ),
+            } => scope_management::detach_role(&args.realm, scope_name, role_name),
             ScopeCommand::Inspect { scope_name } => {
                 scope_management::inspect_scope(&args.realm, scope_name)
             }
@@ -444,11 +420,9 @@ impl TokenArgs {
                 println!("{}", token);
                 Ok(())
             }
-            TokenCommand::Inspect { token } => token_management::inspect_token(
-                &config,
-                &args.realm,
-                token.as_ref(),
-            ),
+            TokenCommand::Inspect { token } => {
+                token_management::inspect_token(&config, &args.realm, token.as_ref())
+            }
         }
     }
 }
@@ -497,7 +471,6 @@ struct UserArgs {
     #[clap(subcommand)]
     // command: UserCommand,
     command: ClapInterface<schema::User>,
-
     /*
     #[clap(subcommand)]
     extra_command: UserCommand,
@@ -540,5 +513,3 @@ pub fn invoked() {
         }
     }
 }
-
-

src/client_management.rs

@@ -1,9 +1,9 @@
-use crate::{schema, UIDCError, key::KeyType};
+use crate::{key::KeyType, schema, UIDCError};
 use microrm::prelude::*;
 
 pub fn create(realm: &schema::Realm, name: &String, key_type: KeyType) -> Result<(), UIDCError> {
     let rng = ring::rand::SystemRandom::new();
-    let client_secret : [u8; 32] = ring::rand::generate(&rng).unwrap().expose();
+    let client_secret: [u8; 32] = ring::rand::generate(&rng).unwrap().expose();
 
     realm.clients.insert(schema::Client {
         shortname: name.into(),
@@ -29,8 +29,7 @@ pub fn inspect(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
         for scope in client.scopes.get()? {
             println!(" - {}", scope.shortname);
         }
-    }
-    else {
+    } else {
         println!("No such client {name}");
     }
 

src/config.rs

@@ -20,11 +20,16 @@ impl Config {
     pub fn build_from(db: &schema::UIDCDatabase, cfile: Option<&str>) -> Self {
         let mut config_map = std::collections::HashMap::<String, String>::new();
         // load config keys from database
-        let db_pcs = db.persistent_config.get().expect("could't get config keys from database");
-        config_map.extend(db_pcs.into_iter().map(|pc: microrm::schema::Stored<schema::PersistentConfig>| {
-            let pc = pc.wrapped();
-            (pc.key, pc.value)
-        }));
+        let db_pcs = db
+            .persistent_config
+            .get()
+            .expect("could't get config keys from database");
+        config_map.extend(db_pcs.into_iter().map(
+            |pc: microrm::schema::Stored<schema::PersistentConfig>| {
+                let pc = pc.wrapped();
+                (pc.key, pc.value)
+            },
+        ));
 
         if let Some(path) = cfile {
             match std::fs::read(&path) {

src/config/helper.rs

@@ -182,7 +182,13 @@ impl<'r, 's> ConfigSerializer<'r, 's> {
     fn update(&self, key: &str, value: String) {
         // TODO: delete old config value
         // self.db.persistent_config.delete(schema::PersistentConfig { key: key.into(), value }).expect("couldn't update config");
-        self.db.persistent_config.insert(schema::PersistentConfig { key: key.into(), value }).expect("couldn't update config");
+        self.db
+            .persistent_config
+            .insert(schema::PersistentConfig {
+                key: key.into(),
+                value,
+            })
+            .expect("couldn't update config");
     }
 }
 

src/error.rs

@@ -1,5 +1,5 @@
 // use crate::{key::KeyError, token::TokenError, user::UserError};
-use crate::{key::KeyError,user::UserError};
+use crate::{key::KeyError, user::UserError};
 
 #[derive(Debug)]
 pub enum UIDCError {
@@ -19,7 +19,6 @@ pub enum UIDCError {
     /// error with token generation or verification
     TokenError(TokenError),
     */
-
     /// error with user operation
     UserError(UserError),
 }

src/group_management.rs

@@ -1,10 +1,7 @@
 use crate::{schema, UIDCError};
 use microrm::prelude::*;
 
-pub fn create_group(
-    realm: &schema::Realm,
-    name: &String,
-) -> Result<(), UIDCError> {
+pub fn create_group(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
     realm.groups.insert(schema::Group {
         shortname: name.into(),
         roles: Default::default(),
@@ -13,19 +10,14 @@ pub fn create_group(
     Ok(())
 }
 
-pub fn list_groups(
-    realm: &schema::Realm,
-) -> Result<(), UIDCError> {
+pub fn list_groups(realm: &schema::Realm) -> Result<(), UIDCError> {
     for group in realm.groups.get()? {
         println!("{}", group.shortname);
     }
     Ok(())
 }
 
-pub fn list_members(
-    realm: &schema::Realm,
-    name: &String,
-) -> Result<(), UIDCError> {
+pub fn list_members(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
     for member in realm.groups.unique(name).join(schema::Group::Users).get()? {
         println!("- {}", member.username);
     }
@@ -33,10 +25,7 @@ pub fn list_members(
     Ok(())
 }
 
-pub fn list_roles(
-    realm: &schema::Realm,
-    name: &String,
-) -> Result<(), UIDCError> {
+pub fn list_roles(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
     for role in realm.groups.unique(name).join(schema::Group::Roles).get()? {
         println!("- {}", role.shortname);
     }
@@ -83,7 +72,7 @@ pub fn detach_user(
 pub fn attach_role(
     realm: &schema::Realm,
     group_name: &String,
-    role_name: &String
+    role_name: &String,
 ) -> Result<(), UIDCError> {
     let group = realm.groups.unique(group_name).get()?;
     let role = realm.roles.unique(role_name).get()?;
@@ -101,7 +90,7 @@ pub fn attach_role(
 pub fn detach_role(
     realm: &schema::Realm,
     group_name: &String,
-    role_name: &String
+    role_name: &String,
 ) -> Result<(), UIDCError> {
     let group = realm.groups.unique(group_name).get()?;
     let role = realm.roles.unique(role_name).get()?;

src/jwt.rs

@@ -2,8 +2,14 @@ use crate::key::ParsedKey;
 
 fn jwt_algorithm(pk: &ParsedKey) -> &'static str {
     match pk {
-        ParsedKey::Ed25519 { key_id: _, keypair: _ } => "EdDSA",
-        ParsedKey::RSA { key_id: _, keypair: _ } => "RS256",
+        ParsedKey::Ed25519 {
+            key_id: _,
+            keypair: _,
+        } => "EdDSA",
+        ParsedKey::RSA {
+            key_id: _,
+            keypair: _,
+        } => "RS256",
     }
 }
 
@@ -17,7 +23,8 @@ pub struct JWTHeader {
 impl JWTHeader {
     pub fn parse(full_jwt: &str) -> Option<Self> {
         let header_raw = full_jwt.split(".").next()?;
-        let header_decoded = base64::decode_config(header_raw.as_bytes(), base64::URL_SAFE_NO_PAD).ok()?;
+        let header_decoded =
+            base64::decode_config(header_raw.as_bytes(), base64::URL_SAFE_NO_PAD).ok()?;
 
         serde_json::from_slice(header_decoded.as_slice()).ok()
     }
@@ -49,10 +56,7 @@ pub struct JWT {
 }
 
 impl JWT {
-    pub fn verify(
-        with: &ParsedKey,
-        from: &str,
-    ) -> Option<Self> {
+    pub fn verify(with: &ParsedKey, from: &str) -> Option<Self> {
         let header_split = from.find(".")?;
         let header = &from[0..header_split];
         let data_split = header_split + 1 + from[header_split + 1..].find(".")?;
@@ -88,7 +92,10 @@ impl JWT {
             typ: "JWT".into(),
             kid: Some(with.key_id().into()),
         };
-        let header_data = base64::encode_config(serde_json::to_vec(&header).unwrap(), base64::URL_SAFE_NO_PAD);
+        let header_data = base64::encode_config(
+            serde_json::to_vec(&header).unwrap(),
+            base64::URL_SAFE_NO_PAD,
+        );
 
         let unencoded_data = Into::<String>::into(data);
         let data = base64::encode_config(unencoded_data.as_bytes(), base64::URL_SAFE_NO_PAD);
@@ -97,8 +104,11 @@ impl JWT {
         to_sign.extend(header_data.as_bytes());
         to_sign.extend(".".as_bytes());
         to_sign.extend(data.as_bytes());
-        let signature =
-            base64::encode_config(with.generate_signature(&to_sign).expect("couldn't sign data"), base64::URL_SAFE_NO_PAD);
+        let signature = base64::encode_config(
+            with.generate_signature(&to_sign)
+                .expect("couldn't sign data"),
+            base64::URL_SAFE_NO_PAD,
+        );
 
         Self {
             header: header_data,

src/key.rs

@@ -1,9 +1,9 @@
 use std::{cell::RefCell, sync::Arc};
 
 use crate::{schema, UIDCError};
+use microrm::prelude::*;
 use ring::signature::{Ed25519KeyPair, KeyPair};
 use sha2::Digest;
-use microrm::prelude::*;
 
 #[derive(Debug)]
 pub enum KeyError {
@@ -24,7 +24,7 @@ impl std::fmt::Display for KeyType {
     }
 }
 
-pub const KEY_TYPE_NAMES : &'static [(&'static str, KeyType)] = &[
+pub const KEY_TYPE_NAMES: &'static [(&'static str, KeyType)] = &[
     ("rsa2048", KeyType::RSA2048),
     ("rsa4096", KeyType::RSA4096),
     ("ed25519", KeyType::Ed25519),
@@ -35,7 +35,7 @@ impl std::str::FromStr for KeyType {
     fn from_str(s: &str) -> Result<Self, Self::Err> {
         for (spec, kty) in KEY_TYPE_NAMES {
             if s == *spec {
-                return Ok(*kty)
+                return Ok(*kty);
             }
         }
         Err(UIDCError::Abort("invalid keytype"))
@@ -43,8 +43,14 @@ impl std::str::FromStr for KeyType {
 }
 
 pub enum ParsedKey {
-    Ed25519 { key_id: String, keypair: ring::signature::Ed25519KeyPair },
-    RSA { key_id: String, keypair: ring::signature::RsaKeyPair }
+    Ed25519 {
+        key_id: String,
+        keypair: ring::signature::Ed25519KeyPair,
+    },
+    RSA {
+        key_id: String,
+        keypair: ring::signature::RsaKeyPair,
+    },
 }
 
 impl ParsedKey {
@@ -57,14 +63,19 @@ impl ParsedKey {
 
     pub fn generate_signature(&self, data: &[u8]) -> Result<Vec<u8>, UIDCError> {
         match self {
-            Self::Ed25519 { key_id, keypair } => {
-                Ok(keypair.sign(data).as_ref().into())
-            },
+            Self::Ed25519 { key_id, keypair } => Ok(keypair.sign(data).as_ref().into()),
             Self::RSA { key_id, keypair } => {
                 let rng = ring::rand::SystemRandom::new();
                 let mut signature = vec![];
                 signature.resize(keypair.public_modulus_len(), 0);
-                keypair.sign(&ring::signature::RSA_PKCS1_SHA256, &rng, data, signature.as_mut_slice()).map_err(|_| KeyError::Plain("failed to generate RSA signature!"))?;
+                keypair
+                    .sign(
+                        &ring::signature::RSA_PKCS1_SHA256,
+                        &rng,
+                        data,
+                        signature.as_mut_slice(),
+                    )
+                    .map_err(|_| KeyError::Plain("failed to generate RSA signature!"))?;
                 Ok(signature)
             }
         }
@@ -73,12 +84,20 @@ impl ParsedKey {
     pub fn verify_signature(&self, data: &[u8], signature: &[u8]) -> Result<bool, UIDCError> {
         use ring::signature::VerificationAlgorithm;
         match self {
-            Self::Ed25519 { keypair, .. } => {
-                Ok(ring::signature::ED25519.verify(keypair.public_key().as_ref().into(), data.into(), signature.into()).is_ok())
-            },
-            Self::RSA { keypair, .. } => {
-                Ok(ring::signature::RSA_PKCS1_2048_8192_SHA256.verify(keypair.public_key().as_ref().into(), data.into(), signature.into()).is_ok())
-            },
+            Self::Ed25519 { keypair, .. } => Ok(ring::signature::ED25519
+                .verify(
+                    keypair.public_key().as_ref().into(),
+                    data.into(),
+                    signature.into(),
+                )
+                .is_ok()),
+            Self::RSA { keypair, .. } => Ok(ring::signature::RSA_PKCS1_2048_8192_SHA256
+                .verify(
+                    keypair.public_key().as_ref().into(),
+                    data.into(),
+                    signature.into(),
+                )
+                .is_ok()),
         }
     }
 }
@@ -91,14 +110,17 @@ pub struct RealmKeys {
 
 impl RealmKeys {
     pub fn new(realm: schema::Realm) -> Self {
-        Self { realm, keys: vec![].into() }
+        Self {
+            realm,
+            keys: vec![].into(),
+        }
     }
 
     pub fn by_key_id(&mut self, id: &String) -> Result<Option<Arc<ParsedKey>>, UIDCError> {
         // check the cache
         for key in self.keys.borrow().iter() {
             if key.1.key_id() == id {
-                return Ok(Some(key.1.clone()))
+                return Ok(Some(key.1.clone()));
             }
         }
 
@@ -107,20 +129,23 @@ impl RealmKeys {
 
         if let Some(key) = key {
             let parsed = Arc::new(match key.key_type.as_ref() {
-                KeyType::RSA2048
-                | KeyType::RSA4096 => {
+                KeyType::RSA2048 | KeyType::RSA4096 => {
                     todo!()
-                },
-                KeyType::Ed25519 => {
-                    ParsedKey::Ed25519 { key_id: key.key_id.clone(), keypair: Ed25519KeyPair::from_pkcs8(&key.secret_data).map_err(|_| UIDCError::Abort("could not load ed25519 key from database"))? }
+                }
+                KeyType::Ed25519 => ParsedKey::Ed25519 {
+                    key_id: key.key_id.clone(),
+                    keypair: Ed25519KeyPair::from_pkcs8(&key.secret_data).map_err(|_| {
+                        UIDCError::Abort("could not load ed25519 key from database")
+                    })?,
                 },
             });
 
-            self.keys.borrow_mut().push((*key.key_type.as_ref(), parsed.clone()));
+            self.keys
+                .borrow_mut()
+                .push((*key.key_type.as_ref(), parsed.clone()));
 
             Ok(Some(parsed))
-        }
-        else {
+        } else {
             Ok(None)
         }
     }
@@ -129,29 +154,37 @@ impl RealmKeys {
         // check the cache
         for key in self.keys.borrow().iter() {
             if key.0 == kty {
-                return Ok(Some(key.1.clone()))
+                return Ok(Some(key.1.clone()));
             }
         }
 
         // then check the database
-        let key = self.realm.keys.with(schema::Key::KeyType, &kty.into()).first().get()?;
+        let key = self
+            .realm
+            .keys
+            .with(schema::Key::KeyType, &kty.into())
+            .first()
+            .get()?;
 
         if let Some(key) = key {
             let parsed = Arc::new(match kty {
-                KeyType::RSA2048
-                | KeyType::RSA4096 => {
-                    ParsedKey::RSA { key_id: key.key_id.clone(), keypair: ring::signature::RsaKeyPair::from_pkcs8(&key.secret_data).map_err(|_| UIDCError::Abort("could not load RSA key from database"))? }
+                KeyType::RSA2048 | KeyType::RSA4096 => ParsedKey::RSA {
+                    key_id: key.key_id.clone(),
+                    keypair: ring::signature::RsaKeyPair::from_pkcs8(&key.secret_data)
+                        .map_err(|_| UIDCError::Abort("could not load RSA key from database"))?,
                 },
-                KeyType::Ed25519 => {
-                    ParsedKey::Ed25519 { key_id: key.key_id.clone(), keypair: Ed25519KeyPair::from_pkcs8(&key.secret_data).map_err(|_| UIDCError::Abort("could not load ed25519 key from database"))? }
+                KeyType::Ed25519 => ParsedKey::Ed25519 {
+                    key_id: key.key_id.clone(),
+                    keypair: Ed25519KeyPair::from_pkcs8(&key.secret_data).map_err(|_| {
+                        UIDCError::Abort("could not load ed25519 key from database")
+                    })?,
                 },
             });
 
             self.keys.borrow_mut().push((kty, parsed.clone()));
 
             Ok(Some(parsed))
-        }
-        else {
+        } else {
             Ok(None)
         }
     }
@@ -177,13 +210,15 @@ fn generate_rsa(realm: &schema::Realm, kty: KeyType, bits: usize) -> Result<Pars
              | openssl pkcs8 \
              -topk8 \
              -nocrypt \
-             -outform der"))
+             -outform der"
+        ))
         .output()
         .map_err(|_| UIDCError::Abort("couldn't invoke openssl"))?;
 
     let secret = openssl_output.stdout;
 
-    let keypair = ring::signature::RsaKeyPair::from_pkcs8(&secret).map_err(|_| UIDCError::Abort("couldn't parse PKCS#8 output from openssl"))?;
+    let keypair = ring::signature::RsaKeyPair::from_pkcs8(&secret)
+        .map_err(|_| UIDCError::Abort("couldn't parse PKCS#8 output from openssl"))?;
     let public = keypair.public_key().as_ref();
     let key_id = pubkey_id(public.as_ref());
     let expiry = time::OffsetDateTime::now_utc() + time::Duration::days(730);
@@ -193,7 +228,7 @@ fn generate_rsa(realm: &schema::Realm, kty: KeyType, bits: usize) -> Result<Pars
         key_type: kty.into(),
         public_data: public.into(),
         secret_data: secret.into(),
-        expiry
+        expiry,
     })?;
 
     Ok(ParsedKey::RSA { key_id, keypair })
@@ -202,12 +237,8 @@ fn generate_rsa(realm: &schema::Realm, kty: KeyType, bits: usize) -> Result<Pars
 pub fn generate_in(realm: &schema::Realm, kty: KeyType) -> Result<ParsedKey, UIDCError> {
     let mut rng = ring::rand::SystemRandom::new();
     match kty {
-        KeyType::RSA2048 => {
-            generate_rsa(realm, KeyType::RSA2048, 2048)
-        },
-        KeyType::RSA4096 => {
-            generate_rsa(realm, KeyType::RSA4096, 4096)
-        },
+        KeyType::RSA2048 => generate_rsa(realm, KeyType::RSA2048, 2048),
+        KeyType::RSA4096 => generate_rsa(realm, KeyType::RSA4096, 4096),
         KeyType::Ed25519 => {
             let generated_keypair = Ed25519KeyPair::generate_pkcs8(&mut rng)
                 .map_err(|_| KeyError::Plain("failed to generate key"))?;
@@ -226,11 +257,14 @@ pub fn generate_in(realm: &schema::Realm, kty: KeyType) -> Result<ParsedKey, UID
                 // no separate public data for EdDSA keys
                 public_data: vec![],
                 secret_data: keydata,
-                expiry
+                expiry,
             })?;
 
-            Ok(ParsedKey::Ed25519 { key_id, keypair: loaded_key })
-        },
+            Ok(ParsedKey::Ed25519 {
+                key_id,
+                keypair: loaded_key,
+            })
+        }
     }
 }
 
@@ -238,7 +272,14 @@ pub fn list(realm: &schema::Realm) -> Result<(), UIDCError> {
     let keys = realm.keys.get()?;
 
     for key in keys {
-        println!("- [{}] {:?}, expires {}", key.key_id, key.key_type, key.expiry.format(&time::format_description::well_known::Rfc3339).unwrap());
+        println!(
+            "- [{}] {:?}, expires {}",
+            key.key_id,
+            key.key_type,
+            key.expiry
+                .format(&time::format_description::well_known::Rfc3339)
+                .unwrap()
+        );
     }
     Ok(())
 }

src/object.rs

@@ -1,21 +1,25 @@
 use clap::{FromArgMatches, Subcommand};
 use microrm::prelude::*;
 use microrm::schema::datum::{Datum, DatumDiscriminatorRef};
-use microrm::schema::entity::{Entity, EntityPartList, EntityPartVisitor, EntityID};
+use microrm::schema::entity::{Entity, EntityID, EntityPartList, EntityPartVisitor};
 
-use crate::UIDCError;
 use crate::schema::UIDCDatabase;
+use crate::UIDCError;
 
 mod role;
 mod user;
 
 pub trait Object: Sized + Entity + std::fmt::Debug {
-    type CreateParameters : clap::Parser + std::fmt::Debug;
+    type CreateParameters: clap::Parser + std::fmt::Debug;
     fn create_from_params(_: &Self::CreateParameters) -> Result<Self, UIDCError>;
-    fn extra_commands() -> impl Iterator<Item = clap::Command> { vec![].into_iter() }
+    fn extra_commands() -> impl Iterator<Item = clap::Command> {
+        vec![].into_iter()
+    }
 
     /// get the relevant IDMap from the database
-    fn db_object(db: &UIDCDatabase) -> &IDMap<Self> where Self: Sized;
+    fn db_object(db: &UIDCDatabase) -> &IDMap<Self>
+    where
+        Self: Sized;
     fn build_uniques(strings: &Vec<String>) -> <Self::Uniques as EntityPartList>::DatumList;
 
     fn shortname(&self) -> &str;
@@ -27,15 +31,22 @@ pub trait ObjectExt: Sized + Object {
         Ok(())
     }
 
-    fn delete(ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
-               which: <Self::Uniques as EntityPartList>::DatumList)
-        -> Result<(), UIDCError> {
+    fn delete(
+        ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
+        which: <Self::Uniques as EntityPartList>::DatumList,
+    ) -> Result<(), UIDCError> {
         ctx.unique(which).delete()?;
         Ok(())
     }
 
-    fn list_all(ctx: impl microrm::prelude::Queryable<EntityOutput = Self>) -> Result<(), UIDCError> {
-        println!("Listing all {}(s): ({})", Self::entity_name(), ctx.clone().count()?);
+    fn list_all(
+        ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
+    ) -> Result<(), UIDCError> {
+        println!(
+            "Listing all {}(s): ({})",
+            Self::entity_name(),
+            ctx.clone().count()?
+        );
         for obj in ctx.get()?.into_iter() {
             println!(" - {}", obj.shortname());
         }
@@ -43,10 +54,14 @@ pub trait ObjectExt: Sized + Object {
         Ok(())
     }
 
-    fn inspect(ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
-               which: <Self::Uniques as EntityPartList>::DatumList) -> Result<(), UIDCError> {
-
-        let obj = ctx.unique(which).get()?.ok_or(UIDCError::Abort("no such element, cannot inspect"))?;
+    fn inspect(
+        ctx: impl microrm::prelude::Queryable<EntityOutput = Self>,
+        which: <Self::Uniques as EntityPartList>::DatumList,
+    ) -> Result<(), UIDCError> {
+        let obj = ctx
+            .unique(which)
+            .get()?
+            .ok_or(UIDCError::Abort("no such element, cannot inspect"))?;
         println!("{:#?}", obj.as_ref());
 
         fn inspect_ai<AI: AssocInterface>(name: &'static str, ai: &AI) {
@@ -62,16 +77,26 @@ pub trait ObjectExt: Sized + Object {
                 struct Discriminator<'l, D: Datum>(&'l D, &'static str);
 
                 impl<'l, D: Datum> DatumDiscriminatorRef for Discriminator<'l, D> {
-                    fn visit_serialized<T: serde::Serialize + serde::de::DeserializeOwned>(&mut self, _: &T) {}
+                    fn visit_serialized<T: serde::Serialize + serde::de::DeserializeOwned>(
+                        &mut self,
+                        _: &T,
+                    ) {
+                    }
                     fn visit_bare_field<T: Datum>(&mut self, _: &T) {}
                     fn visit_entity_id<E: Entity>(&mut self, _: &E::ID) {}
                     fn visit_assoc_map<E: Entity>(&mut self, amap: &AssocMap<E>) {
                         inspect_ai(self.1, amap);
                     }
-                    fn visit_assoc_domain<R: microrm::schema::Relation>(&mut self, adomain: &microrm::schema::AssocDomain<R>) {
+                    fn visit_assoc_domain<R: microrm::schema::Relation>(
+                        &mut self,
+                        adomain: &microrm::schema::AssocDomain<R>,
+                    ) {
                         inspect_ai(self.1, adomain);
                     }
-                    fn visit_assoc_range<R: microrm::schema::Relation>(&mut self, arange: &microrm::schema::AssocRange<R>) {
+                    fn visit_assoc_range<R: microrm::schema::Relation>(
+                        &mut self,
+                        arange: &microrm::schema::AssocRange<R>,
+                    ) {
                         inspect_ai(self.1, arange);
                     }
                 }
@@ -100,32 +125,42 @@ enum InterfaceVerb<O: ObjectExt> {
 
 impl<O: ObjectExt> InterfaceVerb<O> {
     fn from_matches(matches: &clap::ArgMatches) -> Result<Self, clap::Error> {
-        let (subcommand, matches) =
-            matches.subcommand().ok_or(clap::Error::new(clap::error::ErrorKind::MissingSubcommand)).unwrap();
+        let (subcommand, matches) = matches
+            .subcommand()
+            .ok_or(clap::Error::new(clap::error::ErrorKind::MissingSubcommand))
+            .unwrap();
 
         let parse_uniques = || {
             struct UVisitor<'a>(&'a clap::ArgMatches, &'a mut Vec<String>);
             impl<'a> EntityPartVisitor for UVisitor<'a> {
                 fn visit<EP: microrm::schema::entity::EntityPart>(&mut self) {
-                    self.1.push(self.0.get_one::<std::string::String>(EP::part_name()).unwrap().clone());
+                    self.1.push(
+                        self.0
+                            .get_one::<std::string::String>(EP::part_name())
+                            .unwrap()
+                            .clone(),
+                    );
                 }
             }
 
             let mut unique_values = vec![];
-            <O::Uniques as EntityPartList>::accept_part_visitor(&mut UVisitor(matches, &mut unique_values));
+            <O::Uniques as EntityPartList>::accept_part_visitor(&mut UVisitor(
+                matches,
+                &mut unique_values,
+            ));
             unique_values
         };
 
         Ok(match subcommand {
             "attach" => InterfaceVerb::Attach,
             "create" => InterfaceVerb::Create(
-                <O::CreateParameters as clap::FromArgMatches>::from_arg_matches(matches)?
+                <O::CreateParameters as clap::FromArgMatches>::from_arg_matches(matches)?,
             ),
             "delete" => InterfaceVerb::Delete(parse_uniques()),
             "detach" => InterfaceVerb::Detach,
             "list" => InterfaceVerb::ListAll,
             "inspect" => InterfaceVerb::Inspect(parse_uniques()),
-            _ => unreachable!()
+            _ => unreachable!(),
         })
     }
 }
@@ -138,27 +173,30 @@ pub struct ClapInterface<O: ObjectExt> {
 }
 
 impl<O: ObjectExt> ClapInterface<O> {
-    pub fn perform(&self, query_ctx: impl microrm::prelude::Queryable::<EntityOutput = O>, insert_ctx: &impl microrm::prelude::Insertable<O>) 
-        -> Result<(), UIDCError> {
+    pub fn perform(
+        &self,
+        query_ctx: impl microrm::prelude::Queryable<EntityOutput = O>,
+        insert_ctx: &impl microrm::prelude::Insertable<O>,
+    ) -> Result<(), UIDCError> {
         match &self.verb {
             InterfaceVerb::Attach => {
                 todo!()
-            },
+            }
             InterfaceVerb::Create(params) => {
                 O::create(insert_ctx, &params)?;
-            },
+            }
             InterfaceVerb::Delete(uniques) => {
                 O::delete(query_ctx, O::build_uniques(uniques))?;
-            },
+            }
             InterfaceVerb::Detach => {
                 todo!()
-            },
+            }
             InterfaceVerb::ListAll => {
                 O::list_all(query_ctx)?;
-            },
+            }
             InterfaceVerb::Inspect(uniques) => {
                 O::inspect(query_ctx, O::build_uniques(uniques))?;
-            },
+            }
         }
         Ok(())
     }
@@ -202,8 +240,7 @@ impl<O: ObjectExt> Subcommand for ClapInterface<O> {
     }
 
     fn augment_subcommands(cmd: clap::Command) -> clap::Command {
-        cmd
-            .subcommand(<O::CreateParameters as clap::CommandFactory>::command().name("create"))
+        cmd.subcommand(<O::CreateParameters as clap::CommandFactory>::command().name("create"))
             .subcommand(Self::add_uniques(clap::Command::new("delete")))
             .subcommand(Self::add_uniques(clap::Command::new("inspect")))
             .subcommand(clap::Command::new("list"))

src/object/role.rs

@@ -1,7 +1,7 @@
 use microrm::schema::entity::EntityPartList;
 
-use crate::{schema, UIDCError};
 use super::Object;
+use crate::{schema, UIDCError};
 
 #[derive(clap::Parser, Debug)]
 pub struct CreateParameters {
@@ -18,7 +18,10 @@ impl Object for schema::Role {
         })
     }
 
-    fn db_object(db: &schema::UIDCDatabase) -> &microrm::prelude::IDMap<Self> where Self: Sized {
+    fn db_object(db: &schema::UIDCDatabase) -> &microrm::prelude::IDMap<Self>
+    where
+        Self: Sized,
+    {
         todo!()
     }
 

src/object/user.rs

@@ -1,7 +1,7 @@
 use microrm::schema::entity::EntityPartList;
 
-use crate::{schema, UIDCError};
 use super::Object;
+use crate::{schema, UIDCError};
 
 #[derive(clap::Parser, Debug)]
 pub struct CreateParameters {
@@ -19,7 +19,10 @@ impl Object for schema::User {
         })
     }
 
-    fn db_object(db: &schema::UIDCDatabase) -> &microrm::prelude::IDMap<Self> where Self: Sized {
+    fn db_object(db: &schema::UIDCDatabase) -> &microrm::prelude::IDMap<Self>
+    where
+        Self: Sized,
+    {
         todo!()
     }
 

src/schema.rs

@@ -1,5 +1,5 @@
-pub use microrm::prelude::{Entity, Database};
-use microrm::schema::{IDMap, AssocMap, Serialized, Relation, AssocDomain, AssocRange};
+pub use microrm::prelude::{Database, Entity};
+use microrm::schema::{AssocDomain, AssocMap, AssocRange, IDMap, Relation, Serialized};
 use serde::{Deserialize, Serialize};
 
 use crate::key::KeyType;

src/scope_management.rs

@@ -1,10 +1,7 @@
 use crate::{schema, UIDCError};
 use microrm::prelude::*;
 
-pub fn create_scope(
-    realm: &schema::Realm,
-    name: &String,
-) -> Result<(), UIDCError> {
+pub fn create_scope(realm: &schema::Realm, name: &String) -> Result<(), UIDCError> {
     realm.scopes.insert(schema::Scope {
         shortname: name.into(),
         roles: Default::default(),
@@ -12,20 +9,19 @@ pub fn create_scope(
     Ok(())
 }
 
-pub fn list_scopes(
-    realm: &schema::Realm,
-) -> Result<(), UIDCError> {
+pub fn list_scopes(realm: &schema::Realm) -> Result<(), UIDCError> {
     for scope in realm.scopes.get()? {
         println!("{}", scope.shortname);
     }
     Ok(())
 }
 
-pub fn inspect_scope(
-    realm: &schema::Realm,
-    scope_name: &String,
-) -> Result<(), UIDCError> {
-    let scope = realm.scopes.unique(scope_name).get()?.ok_or(UIDCError::Abort("no such scope"))?;
+pub fn inspect_scope(realm: &schema::Realm, scope_name: &String) -> Result<(), UIDCError> {
+    let scope = realm
+        .scopes
+        .unique(scope_name)
+        .get()?
+        .ok_or(UIDCError::Abort("no such scope"))?;
 
     println!("scope name: {}", scope.shortname);
 

src/server.rs

@@ -1,4 +1,4 @@
-use crate::{config, UIDCError, schema};
+use crate::{config, schema, UIDCError};
 
 // mod oidc;
 mod session;
@@ -20,7 +20,9 @@ async fn index(req: tide::Request<ServerStateWrapper>) -> tide::Result<tide::Res
 
     let realm = shelper.get_realm()?;
     let session = shelper.get_session(&req);
-    let auth = session.as_ref().and_then(|session| shelper.get_auth_for_session(realm.id(), &session));
+    let auth = session
+        .as_ref()
+        .and_then(|session| shelper.get_auth_for_session(realm.id(), &session));
 
     let response = tide::Response::builder(200)
         .content_type(tide::http::mime::PLAIN)

src/server/session.rs

@@ -23,7 +23,11 @@ impl<'l> SessionHelper<'l> {
     }
 
     pub fn get_realm(&self) -> tide::Result<Stored<schema::Realm>> {
-        self.db.realms.unique(self.realm_str).get()?.ok_or(tide::Error::from_str(404, "No such realm"))
+        self.db
+            .realms
+            .unique(self.realm_str)
+            .get()?
+            .ok_or(tide::Error::from_str(404, "No such realm"))
     }
 
     fn build_session(
@@ -39,15 +43,12 @@ impl<'l> SessionHelper<'l> {
         let session = self.db.sessions.insert_and_return(schema::Session {
             session_id: session_id.clone(),
             auth: Default::default(),
-            expiry: time::OffsetDateTime::now_utc() + time::Duration::minutes(10)
+            expiry: time::OffsetDateTime::now_utc() + time::Duration::minutes(10),
         })?;
         let session_cookie = Cookie::build(SESSION_COOKIE_NAME, session_id)
             .path("/")
             .finish();
-        Ok((
-            session.wrapped(),
-            Some(session_cookie),
-        ))
+        Ok((session.wrapped(), Some(session_cookie)))
     }
 
     pub fn verify_session(&self, req: &Request) -> Option<(Stored<schema::Realm>, schema::UserID)> {
@@ -55,21 +56,27 @@ impl<'l> SessionHelper<'l> {
             .ok()
             .zip(self.get_realm().ok())
             .and_then(|((sid, _cookie), realm)| {
-                self.get_auth_for_session(realm.id(), &sid).and_then(|auth| {
-                    if let Some(user) = auth.user {
-                        Some((realm, user))
-                    } else {
-                        None
-                    }
-                })
+                self.get_auth_for_session(realm.id(), &sid)
+                    .and_then(|auth| {
+                        if let Some(user) = auth.user {
+                            Some((realm, user))
+                        } else {
+                            None
+                        }
+                    })
             })
     }
 
     pub fn get_session(&self, req: &Request) -> Option<schema::Session> {
-        req.cookie(SESSION_COOKIE_NAME)
-            .and_then(|sid| {
-                self.db.sessions.unique(sid.value()).get().ok().flatten().map(|v| v.wrapped())
-            })
+        req.cookie(SESSION_COOKIE_NAME).and_then(|sid| {
+            self.db
+                .sessions
+                .unique(sid.value())
+                .get()
+                .ok()
+                .flatten()
+                .map(|v| v.wrapped())
+        })
     }
 
     pub fn get_or_build_session(
@@ -87,11 +94,24 @@ impl<'l> SessionHelper<'l> {
         realm: schema::RealmID,
         session: &schema::Session,
     ) -> Option<Stored<schema::SessionAuth>> {
-        session.auth.with(schema::SessionAuth::Realm, realm).first().get().ok()?
+        session
+            .auth
+            .with(schema::SessionAuth::Realm, realm)
+            .first()
+            .get()
+            .ok()?
     }
 
-    pub fn destroy_auth(&self, realm: schema::RealmID, session: &schema::Session) -> Result<(), UIDCError> {
-        session.auth.with(schema::SessionAuth::Realm, realm).first().delete()?;
+    pub fn destroy_auth(
+        &self,
+        realm: schema::RealmID,
+        session: &schema::Session,
+    ) -> Result<(), UIDCError> {
+        session
+            .auth
+            .with(schema::SessionAuth::Realm, realm)
+            .first()
+            .delete()?;
         Ok(())
     }
 }
@@ -197,7 +217,7 @@ async fn v1_login(req: Request) -> tide::Result<tide::Response> {
         response,
         query.redirect.unwrap_or_else(|| "../..".to_string()),
         auth.map(Stored::wrapped),
-        None
+        None,
     ))
 }
 
@@ -260,11 +280,18 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
             } else {
                 let user = user.unwrap();
 
-                let has_totp = user.auth.with(schema::AuthChallenge::ChallengeType, microrm::schema::Serialized::from(schema::AuthChallengeType::TOTP)).count()? > 0;
+                let has_totp = user
+                    .auth
+                    .with(
+                        schema::AuthChallenge::ChallengeType,
+                        microrm::schema::Serialized::from(schema::AuthChallengeType::TOTP),
+                    )
+                    .count()?
+                    > 0;
 
                 // TODO: support more flows than just username,password[,totp]
-                auth = Some(session.auth.insert_and_return(
-                    schema::SessionAuth {
+                auth = Some(
+                    session.auth.insert_and_return(schema::SessionAuth {
                         realm: realm.id(),
                         user: None,
                         pending_user: Some(user.id()),
@@ -275,9 +302,10 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
                             ]
                         } else {
                             vec![schema::AuthChallengeType::Password]
-                        }.into(),
-                    }
-                )?);
+                        }
+                        .into(),
+                    })?,
+                );
                 // auth = Some(session.auth.with(id, id).first().get()?.expect("can't re-get just-added entity"));
             }
         }
@@ -288,7 +316,12 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
                 // let user = qi.get().by_id(&auth.user).one().expect("couldn't query db");
 
                 if let Some(user_id) = auth.pending_user {
-                    let user = realm.users.with(user_id, user_id).first().get()?.ok_or(UIDCError::Abort("session auth refers to nonexistent user"))?;
+                    let user = realm
+                        .users
+                        .with(user_id, user_id)
+                        .first()
+                        .get()?
+                        .ok_or(UIDCError::Abort("session auth refers to nonexistent user"))?;
 
                     let user = user::User::from_schema(&realm, user);
 

src/token.rs

@@ -1,4 +1,4 @@
-use crate::{config, jwt, schema, UIDCError, key};
+use crate::{config, jwt, key, schema, UIDCError};
 use microrm::prelude::*;
 
 #[derive(Debug)]
@@ -70,7 +70,9 @@ pub fn generate_auth_token<'a>(
 
     let mut realmkeys = key::RealmKeys::new(realm.clone());
 
-    let key = realmkeys.by_type(*client.key_type.as_ref())?.ok_or(UIDCError::Abort("no matching signing key for realm"))?;
+    let key = realmkeys
+        .by_type(*client.key_type.as_ref())?
+        .ok_or(UIDCError::Abort("no matching signing key for realm"))?;
 
     Ok(jwt::JWT::sign(&key, token).into_string())
 }

src/token_management.rs

@@ -1,4 +1,4 @@
-use crate::{config::Config, schema, token, UIDCError, jwt, key};
+use crate::{config::Config, jwt, key, schema, token, UIDCError};
 use microrm::prelude::*;
 
 pub fn create_auth_token(
@@ -11,10 +11,18 @@ pub fn create_auth_token(
     token::generate_auth_token(
         config,
         realm,
-        &realm.clients.unique(client).get()?
-            .ok_or(UIDCError::Abort("no such client"))?.wrapped(),
-        &realm.users.unique(username).get()?
-            .ok_or(UIDCError::Abort("no such user"))?.wrapped(),
+        &realm
+            .clients
+            .unique(client)
+            .get()?
+            .ok_or(UIDCError::Abort("no such client"))?
+            .wrapped(),
+        &realm
+            .users
+            .unique(username)
+            .get()?
+            .ok_or(UIDCError::Abort("no such user"))?
+            .wrapped(),
         scopes.split_whitespace(),
     )
 }
@@ -29,10 +37,18 @@ pub fn create_refresh_token(
     token::generate_refresh_token(
         config,
         realm,
-        &realm.clients.unique(client).get()?
-            .ok_or(UIDCError::Abort("no such client"))?.wrapped(),
-        &realm.users.unique(username).get()?
-            .ok_or(UIDCError::Abort("no such user"))?.wrapped(),
+        &realm
+            .clients
+            .unique(client)
+            .get()?
+            .ok_or(UIDCError::Abort("no such client"))?
+            .wrapped(),
+        &realm
+            .users
+            .unique(username)
+            .get()?
+            .ok_or(UIDCError::Abort("no such user"))?
+            .wrapped(),
         scopes.split_whitespace(),
     )
 }
@@ -47,7 +63,8 @@ pub fn inspect_token(
         None => rpassword::prompt_password("Enter token: ").unwrap(),
     };
 
-    let header = jwt::JWTHeader::parse(token.as_str()).ok_or(UIDCError::Abort("failed to parse JWT header"))?;
+    let header = jwt::JWTHeader::parse(token.as_str())
+        .ok_or(UIDCError::Abort("failed to parse JWT header"))?;
 
     let mut realmkeys = key::RealmKeys::new(realm.clone());
 
@@ -65,8 +82,7 @@ pub fn inspect_token(
 
     let jwt = if let Some(key) = pk {
         jwt::JWT::verify(&key, token.as_str())
-    }
-    else {
+    } else {
         println!("No matching realm key found!");
         return Ok(());
     };

src/user.rs

@@ -1,6 +1,6 @@
 use crate::{schema, UIDCError};
-use microrm::schema::Stored;
 use microrm::prelude::*;
+use microrm::schema::Stored;
 
 #[derive(Debug)]
 pub enum UserError {
@@ -44,10 +44,7 @@ impl<'a> User<'a> {
         Self { realm, user }
     }
 
-    pub fn change_username(
-        &mut self,
-        new_name: &String,
-    ) -> Result<(), UIDCError> {
+    pub fn change_username(&mut self, new_name: &String) -> Result<(), UIDCError> {
         // check to ensure the new username isn't already in use
         if self.realm.users.unique(new_name).get()?.is_some() {
             Err(UIDCError::Abort("username already in use"))
@@ -66,7 +63,13 @@ impl<'a> User<'a> {
         response: &[u8],
     ) -> Result<bool, UIDCError> {
         let ct = challenge_type.into();
-        let challenge = self.user.auth.with(schema::AuthChallenge::ChallengeType, &ct).first().get()?.ok_or(UserError::NoSuchChallenge)?;
+        let challenge = self
+            .user
+            .auth
+            .with(schema::AuthChallenge::ChallengeType, &ct)
+            .first()
+            .get()?
+            .ok_or(UserError::NoSuchChallenge)?;
 
         match challenge_type {
             schema::AuthChallengeType::Password => challenge.verify_password_challenge(response),
@@ -75,11 +78,14 @@ impl<'a> User<'a> {
         }
     }
 
-    pub fn set_new_password(
-        &self,
-        password: &[u8],
-    ) -> Result<(), UIDCError> {
-        self.user.auth.with(schema::AuthChallenge::ChallengeType, &schema::AuthChallengeType::Password.into()).delete()?;
+    pub fn set_new_password(&self, password: &[u8]) -> Result<(), UIDCError> {
+        self.user
+            .auth
+            .with(
+                schema::AuthChallenge::ChallengeType,
+                &schema::AuthChallengeType::Password.into(),
+            )
+            .delete()?;
 
         let rng = ring::rand::SystemRandom::new();
         let salt: [u8; 16] = ring::rand::generate(&rng)
@@ -106,9 +112,7 @@ impl<'a> User<'a> {
         Ok(())
     }
 
-    pub fn generate_totp_with_uri(
-        &self,
-    ) -> Result<(Vec<u8>, String), UIDCError> {
+    pub fn generate_totp_with_uri(&self) -> Result<(Vec<u8>, String), UIDCError> {
         let rng = ring::rand::SystemRandom::new();
         let secret: [u8; 16] = ring::rand::generate(&rng)
             .expect("Couldn't generate random secret?")
@@ -119,15 +123,15 @@ impl<'a> User<'a> {
             secret.as_slice(),
         );
 
-        let uri = format!("otpauth://totp/uidc:{username}@uidc?secret={uri_secret}&issuer=uidc", username = self.user.username);
+        let uri = format!(
+            "otpauth://totp/uidc:{username}@uidc?secret={uri_secret}&issuer=uidc",
+            username = self.user.username
+        );
 
         Ok((secret.into(), uri))
     }
 
-    pub fn set_new_totp(
-        &self,
-        secret: &[u8],
-    ) -> Result<(), UIDCError> {
+    pub fn set_new_totp(&self, secret: &[u8]) -> Result<(), UIDCError> {
         self.clear_totp()?;
         self.user.auth.insert(schema::AuthChallenge {
             challenge_type: schema::AuthChallengeType::TOTP.into(),
@@ -140,7 +144,13 @@ impl<'a> User<'a> {
     }
 
     pub fn clear_totp(&self) -> Result<(), UIDCError> {
-        self.user.auth.with(schema::AuthChallenge::ChallengeType, &schema::AuthChallengeType::TOTP.into()).delete()?;
+        self.user
+            .auth
+            .with(
+                schema::AuthChallenge::ChallengeType,
+                &schema::AuthChallengeType::TOTP.into(),
+            )
+            .delete()?;
         Ok(())
     }
 }

src/user_management.rs

@@ -17,10 +17,7 @@ pub fn list(realm: &schema::Realm) -> Result<(), UIDCError> {
     Ok(())
 }
 
-pub fn create(
-    realm: &schema::Realm,
-    username: &str,
-) -> Result<(), UIDCError> {
+pub fn create(realm: &schema::Realm, username: &str) -> Result<(), UIDCError> {
     // check that the user doesn't exist already
     let existing_user = realm.users.unique(username).get()?;
 
@@ -48,7 +45,11 @@ pub fn change_auth(
     change_totp: bool,
 ) -> Result<(), UIDCError> {
     // check that the user exists
-    let user = realm.users.unique(username).get()?.ok_or(UIDCError::Abort("no such user"))?;
+    let user = realm
+        .users
+        .unique(username)
+        .get()?
+        .ok_or(UIDCError::Abort("no such user"))?;
 
     let user = crate::user::User::from_schema(realm, user);
 
@@ -79,10 +80,7 @@ pub fn change_auth(
     Ok(())
 }
 
-pub fn inspect(
-    realm: &schema::Realm,
-    username: &String,
-) -> Result<(), UIDCError> {
+pub fn inspect(realm: &schema::Realm, username: &String) -> Result<(), UIDCError> {
     let user = realm.users.unique(username).get()?;
 
     if let Some(user) = user {