clippy nit pass.

src/cli.rs

@@ -163,7 +163,7 @@ impl KeyArgs {
             KeyCommand::List => key::list(&args.realm),
             KeyCommand::Generate { key_type } => {
                 key::generate_in(&args.realm, *key_type)?;
-                return Ok(());
+                Ok(())
             }
             KeyCommand::Types => {
                 for (spec, _kty) in key::KEY_TYPE_NAMES {
@@ -279,7 +279,7 @@ impl TokenCommand {
                 let (stored_client, stored_user) = get_stored(client.as_str(), username.as_str())?;
                 let realm = RealmHelper::new(config, args.realm);
                 let token =
-                    realm.generate_access_token(&stored_client, &stored_user, scopes.split(" "))?;
+                    realm.generate_access_token(&stored_client, &stored_user, scopes.split(' '))?;
                 println!("{}", token);
                 Ok(())
             }
@@ -293,7 +293,7 @@ impl TokenCommand {
                 let token = realm.generate_refresh_token(
                     &stored_client,
                     &stored_user,
-                    scopes.split(" "),
+                    scopes.split(' '),
                 )?;
                 println!("{}", token);
                 Ok(())

src/cli/user.rs

@@ -64,7 +64,7 @@ impl microrm::cli::EntityInterface for UserInterface {
                         .map_err(|_| UIDCError::Abort("could not display QR code"))?;
                     let new_challenge = schema::AuthChallenge {
                         user_id: user.id(),
-                        challenge_type: schema::AuthChallengeType::TOTP.into(),
+                        challenge_type: schema::AuthChallengeType::Totp.into(),
                         public: vec![],
                         secret: new_secret.clone(),
                         enabled: true,

src/client_management.rs

@@ -15,7 +15,7 @@ pub fn create(
     realm.clients.insert(schema::Client {
         realm: realm.id(),
         shortname: name.into(),
-        secret: base64::encode(&client_secret),
+        secret: base64::encode(client_secret),
         access_key_type: key_type.into(),
         refresh_key_type: KeyType::HMac(HMacType::Sha256).into_serialized(),
         direct_grant_enabled: false,
@@ -35,7 +35,7 @@ pub fn rotate_secret(realm: &microrm::Stored<schema::Realm>, name: &str) -> Resu
         .first()
         .get()?
         .ok_or(UIDCError::Abort("no such client"))?;
-    client.secret = base64::encode(&client_secret);
+    client.secret = base64::encode(client_secret);
 
     client.sync()?;
 

src/config.rs

@@ -46,7 +46,7 @@ impl Config {
         ));
 
         if let Some(path) = cfile {
-            match std::fs::read(&path) {
+            match std::fs::read(path) {
                 Ok(data) => {
                     log::info!("Loading config from {path}...");
                     let toml_table: toml::Table = toml::from_str(
@@ -82,9 +82,9 @@ impl Config {
         config
     }
 
-    pub fn save<'config, 'qi>(&'config self, db: &'config schema::UIDCDatabase) {
+    pub fn save<'config>(&'config self, db: &'config schema::UIDCDatabase) {
         let ser = helper::ConfigSerializer {
-            config: &self,
+            config: self,
             db,
             prefix: String::new(),
         };

src/config/helper.rs

@@ -498,7 +498,7 @@ impl<'de> serde::Deserializer<'de> for &'de mut ConfigDeserializer<'de> {
                 .config_map
                 .iter()
                 .filter(|e| {
-                    e.0.starts_with(&self.prefix) && !e.0[self.prefix.len()..].contains(".")
+                    e.0.starts_with(&self.prefix) && !e.0[self.prefix.len()..].contains('.')
                 })
                 .peekable(),
         };

src/key.rs

@@ -44,7 +44,7 @@ impl std::fmt::Display for KeyType {
     }
 }
 
-pub const KEY_TYPE_NAMES: &'static [(&'static str, KeyType)] = &[
+pub const KEY_TYPE_NAMES: &[(&str, KeyType)] = &[
     ("hmac_sha256", KeyType::HMac(HMacType::Sha256)),
     ("hmac_sha512", KeyType::HMac(HMacType::Sha512)),
     ("rsa2048", KeyType::RSA2048),
@@ -140,21 +140,13 @@ fn generate_rsa(realm: &schema::Realm, kty: KeyType, bits: usize) -> Result<Stri
 
     let keypair = ring::signature::RsaKeyPair::from_der(&secret)
         .map_err(|_| UIDCError::Abort("couldn't parse PKCS#8 output from openssl"))?;
-    let public = keypair.public_key().as_ref();
+    let public = keypair.public_key();
     let key_id = pubkey_id(public.as_ref());
     let expiry = time::OffsetDateTime::now_utc() + time::Duration::days(730);
 
     let public_data = bincode::serialize(&RsaPublicData {
-        modulus: keypair
-            .public_key()
-            .modulus()
-            .big_endian_without_leading_zero()
-            .into(),
-        exponent: keypair
-            .public_key()
-            .exponent()
-            .big_endian_without_leading_zero()
-            .into(),
+        modulus: public.modulus().big_endian_without_leading_zero(),
+        exponent: public.exponent().big_endian_without_leading_zero(),
     })
     .unwrap();
 
@@ -163,7 +155,7 @@ fn generate_rsa(realm: &schema::Realm, kty: KeyType, bits: usize) -> Result<Stri
         key_type: kty.into(),
         key_state: schema::KeyState::Active.into(),
         public_data,
-        secret_data: secret.into(),
+        secret_data: secret,
         expiry,
     })?;
 
@@ -171,7 +163,7 @@ fn generate_rsa(realm: &schema::Realm, kty: KeyType, bits: usize) -> Result<Stri
 }
 
 pub fn generate_in(realm: &schema::Realm, kty: KeyType) -> Result<String, UIDCError> {
-    let mut rng = ring::rand::SystemRandom::new();
+    let rng = ring::rand::SystemRandom::new();
     match kty {
         KeyType::HMac(hmty) => {
             let rng = ring::rand::SystemRandom::new();
@@ -180,8 +172,7 @@ pub fn generate_in(realm: &schema::Realm, kty: KeyType) -> Result<String, UIDCEr
                 .map_err(|_| UIDCError::Abort("couldn't generate random values"))?;
             let key_id = pubkey_id(&key_id);
 
-            let mut keydata = vec![];
-            keydata.resize(hmty.digest_width(), 0u8);
+            let mut keydata = vec![0; hmty.digest_width()];
             rng.fill(keydata.as_mut_slice())
                 .map_err(|_| UIDCError::Abort("couldn't generate random values"))?;
 
@@ -200,7 +191,7 @@ pub fn generate_in(realm: &schema::Realm, kty: KeyType) -> Result<String, UIDCEr
         KeyType::RSA2048 => generate_rsa(realm, KeyType::RSA2048, 2048),
         KeyType::RSA4096 => generate_rsa(realm, KeyType::RSA4096, 4096),
         KeyType::Ed25519 => {
-            let generated_keypair = Ed25519KeyPair::generate_pkcs8(&mut rng)
+            let generated_keypair = Ed25519KeyPair::generate_pkcs8(&rng)
                 .map_err(|_| KeyError::Plain("failed to generate key"))?;
 
             let keydata = generated_keypair.as_ref().to_owned();

src/realm.rs

@@ -95,7 +95,7 @@ impl RealmHelper {
         let mut requested_roles = vec![];
 
         for scope_name in scopes {
-            if scope_name.len() == 0 {
+            if scope_name.is_empty() {
                 continue;
             }
             let Some(scope) = client.scopes.keyed((self.realm.id(), scope_name)).get()? else {
@@ -196,7 +196,7 @@ impl RealmHelper {
         let iat = std::time::SystemTime::now();
         let exp = iat + std::time::Duration::from_secs(self.config.auth_token_expiry);
 
-        let resulting_roles = self.determine_roles(&client, &user, scopes.clone())?;
+        let resulting_roles = self.determine_roles(client, user, scopes.clone())?;
 
         let atclaims = AccessTokenClaims {
             sub: user.username.as_str(),
@@ -285,15 +285,15 @@ impl RealmHelper {
         hdr.kid = Some(ekey.key_id.clone());
 
         self.with_encoding_key(&ekey, |ekey| {
-            jsonwebtoken::encode(&hdr, &atclaims, &ekey)
+            jsonwebtoken::encode(&hdr, &atclaims, ekey)
                 .map_err(|_| UIDCError::Abort("failed to sign token"))
         })
     }
 
-    pub fn trade_refresh_token<'l>(
+    pub fn trade_refresh_token(
         &self,
         client: &microrm::Stored<schema::Client>,
-        rtoken: &'l str,
+        rtoken: &str,
     ) -> Result<(String, String), UIDCError> {
         let header = jsonwebtoken::decode_header(rtoken)
             .map_err(|e| UIDCError::AbortString(format!("invalid JWT header: {e}")))?;

src/schema.rs

@@ -41,7 +41,7 @@ pub struct SessionAuth {
 pub enum AuthChallengeType {
     Username,
     Password,
-    TOTP,
+    Totp,
     Grid,
     WebAuthn,
 }

src/server.rs

@@ -23,7 +23,7 @@ async fn index(req: tide::Request<ServerStateWrapper>) -> tide::Result<tide::Res
     let session = shelper.get_session(&req);
     let auth = session
         .as_ref()
-        .and_then(|session| shelper.get_auth_for_session(realm.id(), &session));
+        .and_then(|session| shelper.get_auth_for_session(realm.id(), session));
 
     let response = tide::Response::builder(200)
         .content_type(tide::http::mime::HTML)

src/server/oidc.rs

@@ -8,10 +8,10 @@ mod token;
 
 type Request = tide::Request<super::ServerStateWrapper>;
 
-const AUTHORIZE_PATH: &'static str = "oidc/authorize";
-const TOKEN_PATH: &'static str = "oidc/token";
-const JWKS_PATH: &'static str = "oidc/jwks";
-const DISCOVERY_PATH: &'static str = ".well-known/openid-configuration";
+const AUTHORIZE_PATH: &str = "oidc/authorize";
+const TOKEN_PATH: &str = "oidc/token";
+const JWKS_PATH: &str = "oidc/jwks";
+const DISCOVERY_PATH: &str = ".well-known/openid-configuration";
 
 #[derive(serde::Serialize)]
 pub enum OIDCErrorType {
@@ -54,7 +54,7 @@ impl<'a> From<String> for OIDCErrorPayload<'a> {
 pub struct OIDCError<'a>(OIDCErrorType, OIDCErrorPayload<'a>, Option<&'a str>);
 
 impl<'a> OIDCError<'a> {
-    fn to_response(self) -> tide::Response {
+    fn into_response(self) -> tide::Response {
         #[derive(Serialize)]
         struct ErrorOut<'a> {
             error: OIDCErrorType,
@@ -89,18 +89,18 @@ async fn authorize(request: Request) -> tide::Result<tide::Response> {
     struct State {
         state: Option<String>,
     }
-    let state: Option<String> = request.query::<State>().ok().map(|x| x.state).flatten();
+    let state: Option<String> = request.query::<State>().ok().and_then(|x| x.state);
 
-    match authorize::do_authorize(request, state.as_ref().map(|x| x.as_str())) {
+    match authorize::do_authorize(request, state.as_deref()) {
         Ok(r) => Ok(r),
-        Err(e) => Ok(e.to_response()),
+        Err(e) => Ok(e.into_response()),
     }
 }
 
 async fn token(request: Request) -> tide::Result<tide::Response> {
     match token::do_token(request).await {
         Ok(res) => Ok(res),
-        Err(e) => Ok(e.to_response()),
+        Err(e) => Ok(e.into_response()),
     }
 }
 

src/server/oidc/authorize.rs

@@ -77,7 +77,7 @@ pub(super) fn do_authorize(
             .query_pairs_mut()
             .clear()
             .append_pair("redirect", request.url().as_str());
-        return Ok(tide::Redirect::new(login_url).into());
+        Ok(tide::Redirect::new(login_url).into())
     };
 
     let qp: api::AuthorizationRequestQuery = request
@@ -125,12 +125,7 @@ pub(super) fn do_authorize(
             )
         })?;
 
-    let scopes = qp
-        .scope
-        .as_ref()
-        .map(|slist| slist.as_str())
-        .unwrap_or("")
-        .split_whitespace();
+    let scopes = qp.scope.as_deref().unwrap_or("").split_whitespace();
 
     // TODO: check that redirect URI matches
 

src/server/oidc/token.rs

@@ -53,7 +53,7 @@ fn do_authorization_code<'l>(
 
     let access_token = rhelper
         .generate_access_token(
-            &client,
+            client,
             &user,
             code.scopes.as_ref().iter().map(String::as_str),
         )
@@ -93,7 +93,7 @@ fn do_refresh_token<'l>(
         ));
     };
 
-    let (access, refresh) = match rhelper.trade_refresh_token(&client, rtoken.as_str()) {
+    let (access, refresh) = match rhelper.trade_refresh_token(client, rtoken.as_str()) {
         Ok((a, r)) => (a, r),
         Err(e) => {
             return Err(OIDCError(
@@ -201,12 +201,7 @@ fn do_direct_grant<'l>(
             None,
         )),
         Ok(true) => {
-            let scopes = treq
-                .scope
-                .as_ref()
-                .map(String::as_str)
-                .unwrap_or("")
-                .split_whitespace();
+            let scopes = treq.scope.as_deref().unwrap_or("").split_whitespace();
             let Ok(access_token) = rhelper.generate_access_token(client, &user, scopes.clone())
             else {
                 return Err(OIDCError(

src/server/session.rs

@@ -11,7 +11,7 @@ pub(super) struct SessionHelper<'l> {
 
 type Request = tide::Request<super::ServerStateWrapper>;
 
-const SESSION_COOKIE_NAME: &'static str = "uidc_session";
+const SESSION_COOKIE_NAME: &str = "uidc_session";
 
 impl<'l> SessionHelper<'l> {
     pub fn new(req: &'l Request) -> Self {
@@ -57,13 +57,7 @@ impl<'l> SessionHelper<'l> {
             .zip(self.get_realm().ok())
             .and_then(|((sid, _cookie), realm)| {
                 self.get_auth_for_session(realm.id(), &sid)
-                    .and_then(|auth| {
-                        if let Some(user) = auth.user {
-                            Some((realm, user))
-                        } else {
-                            None
-                        }
-                    })
+                    .and_then(|auth| auth.user.map(|user| (realm, user)))
             })
     }
 
@@ -83,7 +77,7 @@ impl<'l> SessionHelper<'l> {
         &self,
         req: &Request,
     ) -> tide::Result<(schema::Session, Option<tide::http::Cookie<'static>>)> {
-        match self.get_session(&req) {
+        match self.get_session(req) {
             Some(s) => Ok((s, None)),
             None => self.build_session(),
         }
@@ -129,11 +123,11 @@ impl<'l> SessionHelper<'l> {
             Some(auth) => auth.pending_challenges.as_ref().first().copied(),
         };
 
-        if to_present.is_none() {
+        if let Some(to_present) = to_present {
+            self.render_login_page(response, redirect, to_present, error_msg)
+        } else {
             response.set_status(302);
             tide::Redirect::new(redirect).into()
-        } else {
-            self.render_login_page(response, redirect, to_present.unwrap(), error_msg)
         }
     }
 
@@ -182,7 +176,7 @@ impl<'l> SessionHelper<'l> {
                     r#"<input name="challenge" type="password" autofocus />"#,
                 ));
             }
-            schema::AuthChallengeType::TOTP => {
+            schema::AuthChallengeType::Totp => {
                 response.set_body(do_challenge(
                     "Authenticator code",
                     r#"<input name="challenge" type="text" autofocus />"#,
@@ -203,7 +197,9 @@ async fn v1_login(req: Request) -> tide::Result<tide::Response> {
 
     let realm = shelper.get_realm()?;
     let (session, cookie) = shelper.get_or_build_session(&req)?;
-    cookie.map(|c| response.insert_cookie(c));
+    if let Some(c) = cookie {
+        response.insert_cookie(c)
+    }
 
     let auth = shelper.get_auth_for_session(realm.id(), &session);
 
@@ -239,7 +235,9 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
 
     let realm = shelper.get_realm()?;
     let (session, cookie) = shelper.get_or_build_session(&req)?;
-    cookie.map(|c| response.insert_cookie(c));
+    if let Some(c) = cookie {
+        response.insert_cookie(c)
+    }
 
     let mut auth = shelper.get_auth_for_session(realm.id(), &session);
 
@@ -255,7 +253,7 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
     let challenge: schema::AuthChallengeType = match body.challenge_type.as_str() {
         "Username" => ChallengeType::Username,
         "Password" => ChallengeType::Password,
-        "TOTP" => ChallengeType::TOTP,
+        "TOTP" => ChallengeType::Totp,
         _ => Err(tide::Error::from_str(400, "Unknown challenge type"))?,
     };
 
@@ -290,7 +288,7 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
                     .auth
                     .with(
                         schema::AuthChallenge::ChallengeType,
-                        microrm::schema::Serialized::from(schema::AuthChallengeType::TOTP),
+                        microrm::schema::Serialized::from(schema::AuthChallengeType::Totp),
                     )
                     .count()?
                     > 0;
@@ -304,7 +302,7 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
                         pending_challenges: if has_totp {
                             vec![
                                 schema::AuthChallengeType::Password,
-                                schema::AuthChallengeType::TOTP,
+                                schema::AuthChallengeType::Totp,
                             ]
                         } else {
                             vec![schema::AuthChallengeType::Password]
@@ -346,10 +344,10 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
                         }
                     }
                 } else {
-                    error = Some(format!("User is not configured correctly: either it was deleted or it lacks a required authentication challenge type. Please contact an administrator."));
+                    error = Some("User is not configured correctly: either it was deleted or it lacks a required authentication challenge type. Please contact an administrator.".into());
                 }
             } else {
-                error = Some(format!("Please restart login process."));
+                error = Some("Please restart login process.".into());
             }
         }
     };

src/server/um.rs

@@ -13,7 +13,7 @@ fn generate_template_data(
         .auth
         .with(
             schema::AuthChallenge::ChallengeType,
-            schema::AuthChallengeType::TOTP.into_serialized(),
+            schema::AuthChallengeType::Totp.into_serialized(),
         )
         .count()?
         > 0;
@@ -114,7 +114,7 @@ async fn um_update(mut req: Request) -> tide::Result<tide::Response> {
             if new_pass != new_pass_repeated {
                 Err(UIDCError::Abort("entered passwords do not match"))?
             }
-            if new_pass.len() > 0 {
+            if !new_pass.is_empty() {
                 user.set_new_password(new_pass.as_bytes())?;
                 info_msgs.push("Updated password!".into());
             }

src/user.rs

@@ -67,7 +67,7 @@ pub trait UserExt {
 
         match challenge_type {
             schema::AuthChallengeType::Password => challenge.verify_password_challenge(response),
-            schema::AuthChallengeType::TOTP => challenge.verify_totp_challenge(response),
+            schema::AuthChallengeType::Totp => challenge.verify_totp_challenge(response),
             _ => todo!(),
         }
     }
@@ -130,7 +130,7 @@ pub trait UserExt {
         self.clear_totp()?;
         self.stored_user().auth.insert(schema::AuthChallenge {
             user_id: self.stored_user().id(),
-            challenge_type: schema::AuthChallengeType::TOTP.into(),
+            challenge_type: schema::AuthChallengeType::Totp.into(),
             public: vec![],
             secret: secret.into(),
             enabled: true,
@@ -144,7 +144,7 @@ pub trait UserExt {
             .auth
             .with(
                 schema::AuthChallenge::ChallengeType,
-                &schema::AuthChallengeType::TOTP.into(),
+                &schema::AuthChallengeType::Totp.into(),
             )
             .delete()?;
         Ok(())
@@ -183,7 +183,7 @@ impl schema::AuthChallenge {
             .parse::<u32>()
             .map_err(|_| UserError::InvalidInput)?;
 
-        if *self.challenge_type.as_ref() != schema::AuthChallengeType::TOTP {
+        if *self.challenge_type.as_ref() != schema::AuthChallengeType::Totp {
             return Err(UIDCError::Abort(
                 "verifying TOTP challenge on non-TOTP challenge",
             ));