From b1d162fb73e80f45d842372cea80d4478c9498cc Mon Sep 17 00:00:00 2001 From: augustuswm Date: Thu, 4 Jun 2026 16:47:35 -0500 Subject: [PATCH 1/4] Fix scope checking to use the generic permission type instead of V type --- Cargo.lock | 14 +++++++------- Cargo.toml | 2 +- v-api/src/endpoints/login/magic_link/mod.rs | 2 +- v-api/src/endpoints/login/oauth/flow/code.rs | 2 +- .../src/endpoints/login/oauth/flow/device_token.rs | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index dd1f9a5..6c17de3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -755,7 +755,7 @@ dependencies = [ [[package]] name = "dropshot-authorization-header" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "async-trait", "base64", @@ -3574,7 +3574,7 @@ dependencies = [ [[package]] name = "v-api" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "anyhow", "async-trait", @@ -3622,7 +3622,7 @@ dependencies = [ [[package]] name = "v-api-param" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "secrecy", "serde", @@ -3633,7 +3633,7 @@ dependencies = [ [[package]] name = "v-api-permission-derive" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "heck", "newtype-uuid", @@ -3650,7 +3650,7 @@ dependencies = [ [[package]] name = "v-cli-sdk" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "anyhow", "clap", @@ -3672,7 +3672,7 @@ dependencies = [ [[package]] name = "v-model" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "async-bb8-diesel", "async-trait", @@ -4266,7 +4266,7 @@ checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4" [[package]] name = "xtask" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" dependencies = [ "clap", "regex", diff --git a/Cargo.toml b/Cargo.toml index 06e45da..3e8e4bd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,7 +12,7 @@ resolver = "2" [workspace.package] publish = true edition = "2024" -version = "0.4.0-alpha.4" +version = "0.4.0-alpha.5" [workspace.dependencies] anyhow = "1.0" diff --git a/v-api/src/endpoints/login/magic_link/mod.rs b/v-api/src/endpoints/login/magic_link/mod.rs index b2050e8..6e58f3d 100644 --- a/v-api/src/endpoints/login/magic_link/mod.rs +++ b/v-api/src/endpoints/login/magic_link/mod.rs @@ -101,7 +101,7 @@ where // Validate scope. An empty scope means no permissions. // Use the special scope "full" to request all permissions. - if let Err(err) = VPermission::from_scope_arg(&scope) { + if let Err(err) = T::from_scope_arg(&scope) { tracing::warn!(?err, ?scope, "Client submitted an invalid scope"); return Err(bad_request(format!("Invalid scope: {}", scope))); } diff --git a/v-api/src/endpoints/login/oauth/flow/code.rs b/v-api/src/endpoints/login/oauth/flow/code.rs index 99393ae..7dc605f 100644 --- a/v-api/src/endpoints/login/oauth/flow/code.rs +++ b/v-api/src/endpoints/login/oauth/flow/code.rs @@ -277,7 +277,7 @@ where // Check that the passed in scopes are valid. A None scope means no permissions. // Use the special scope "full" to request all permissions. if let Some(ref scope) = query.scope - && let Err(err) = VPermission::from_scope_arg(scope) + && let Err(err) = T::from_scope_arg(scope) { tracing::warn!(?err, ?scope, "Client submitted an invalid scope"); Err(OAuthError::new( diff --git a/v-api/src/endpoints/login/oauth/flow/device_token.rs b/v-api/src/endpoints/login/oauth/flow/device_token.rs index 659db7b..fbc558d 100644 --- a/v-api/src/endpoints/login/oauth/flow/device_token.rs +++ b/v-api/src/endpoints/login/oauth/flow/device_token.rs @@ -135,7 +135,7 @@ where // An omitted scope means no permissions let scope = body.scope.unwrap_or_default(); - if let Err(err) = VPermission::from_scope_arg(&scope) { + if let Err(err) = T::from_scope_arg(&scope) { tracing::warn!(?err, ?scope, "Client submitted an invalid scope"); return Ok(error_response( StatusCode::BAD_REQUEST, From c92c4d85a246bf1659c26d4d41c6cdde8caa2abc Mon Sep 17 00:00:00 2001 From: augustuswm Date: Thu, 4 Jun 2026 17:00:51 -0500 Subject: [PATCH 2/4] Lint fixes --- v-api/src/endpoints/login/magic_link/mod.rs | 2 +- v-api/src/endpoints/login/oauth/flow/code.rs | 2 +- v-api/src/endpoints/login/oauth/flow/device_token.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/v-api/src/endpoints/login/magic_link/mod.rs b/v-api/src/endpoints/login/magic_link/mod.rs index 6e58f3d..82bcd27 100644 --- a/v-api/src/endpoints/login/magic_link/mod.rs +++ b/v-api/src/endpoints/login/magic_link/mod.rs @@ -25,7 +25,7 @@ use crate::{ authn::{Verify, key::RawKey}, context::magic_link::{MagicLinkSendError, MagicLinkTransitionError}, endpoints::login::{ExternalUserId, UserInfo}, - permissions::{VAppPermission, VPermission}, + permissions::VAppPermission, response::{ResourceError, bad_request, internal_error, to_internal_error}, }; use v_model::permissions::AsScope; diff --git a/v-api/src/endpoints/login/oauth/flow/code.rs b/v-api/src/endpoints/login/oauth/flow/code.rs index 7dc605f..7d6191d 100644 --- a/v-api/src/endpoints/login/oauth/flow/code.rs +++ b/v-api/src/endpoints/login/oauth/flow/code.rs @@ -40,7 +40,7 @@ use crate::{ oauth::{CheckOAuthClient, OAuthProviderAuthorizationCodePkceInfo}, }, error::ApiError, - permissions::{VAppPermission, VPermission}, + permissions::VAppPermission, response::bad_request, secrets::OpenApiSecretString, util::{ diff --git a/v-api/src/endpoints/login/oauth/flow/device_token.rs b/v-api/src/endpoints/login/oauth/flow/device_token.rs index fbc558d..3918d58 100644 --- a/v-api/src/endpoints/login/oauth/flow/device_token.rs +++ b/v-api/src/endpoints/login/oauth/flow/device_token.rs @@ -29,7 +29,7 @@ use crate::{ context::ApiContext, endpoints::login::LoginError, error::ApiError, - permissions::{VAppPermission, VPermission}, + permissions::VAppPermission, response::internal_error, util::response::bad_request, }; From f6ecbdd52c97ae729ae88664ee58d76c026482e6 Mon Sep 17 00:00:00 2001 From: augustuswm Date: Thu, 4 Jun 2026 17:01:39 -0500 Subject: [PATCH 3/4] More lint fixes --- v-api/src/endpoints/login/magic_link/mod.rs | 1 - v-api/src/endpoints/login/oauth/flow/code.rs | 2 +- v-api/src/endpoints/login/oauth/flow/device_token.rs | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/v-api/src/endpoints/login/magic_link/mod.rs b/v-api/src/endpoints/login/magic_link/mod.rs index 82bcd27..a03683e 100644 --- a/v-api/src/endpoints/login/magic_link/mod.rs +++ b/v-api/src/endpoints/login/magic_link/mod.rs @@ -28,7 +28,6 @@ use crate::{ permissions::VAppPermission, response::{ResourceError, bad_request, internal_error, to_internal_error}, }; -use v_model::permissions::AsScope; pub mod client; diff --git a/v-api/src/endpoints/login/oauth/flow/code.rs b/v-api/src/endpoints/login/oauth/flow/code.rs index 7d6191d..cca945b 100644 --- a/v-api/src/endpoints/login/oauth/flow/code.rs +++ b/v-api/src/endpoints/login/oauth/flow/code.rs @@ -26,7 +26,7 @@ use tracing::instrument; use uuid::Uuid; use v_model::{ LoginAttempt, LoginAttemptId, NewLoginAttempt, OAuthClient, OAuthClientId, - permissions::{AsScope, PermissionStorage}, + permissions::PermissionStorage, schema_ext::LoginAttemptState, }; diff --git a/v-api/src/endpoints/login/oauth/flow/device_token.rs b/v-api/src/endpoints/login/oauth/flow/device_token.rs index 3918d58..41b0ae8 100644 --- a/v-api/src/endpoints/login/oauth/flow/device_token.rs +++ b/v-api/src/endpoints/login/oauth/flow/device_token.rs @@ -20,7 +20,7 @@ use tracing::instrument; use url::Url; use v_model::{ NewLoginAttempt, OAuthClientId, - permissions::{AsScope, PermissionStorage}, + permissions::PermissionStorage, }; use super::super::OAuthProviderNameParam; From fb3dd6c9f504796da75420a143949e3c46fa6fe0 Mon Sep 17 00:00:00 2001 From: augustuswm Date: Thu, 4 Jun 2026 17:03:22 -0500 Subject: [PATCH 4/4] Fmt --- v-api/src/endpoints/login/oauth/flow/code.rs | 3 +-- .../src/endpoints/login/oauth/flow/device_token.rs | 13 +++---------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/v-api/src/endpoints/login/oauth/flow/code.rs b/v-api/src/endpoints/login/oauth/flow/code.rs index cca945b..5c59109 100644 --- a/v-api/src/endpoints/login/oauth/flow/code.rs +++ b/v-api/src/endpoints/login/oauth/flow/code.rs @@ -26,8 +26,7 @@ use tracing::instrument; use uuid::Uuid; use v_model::{ LoginAttempt, LoginAttemptId, NewLoginAttempt, OAuthClient, OAuthClientId, - permissions::PermissionStorage, - schema_ext::LoginAttemptState, + permissions::PermissionStorage, schema_ext::LoginAttemptState, }; use super::super::{OAuthProvider, OAuthProviderNameParam}; diff --git a/v-api/src/endpoints/login/oauth/flow/device_token.rs b/v-api/src/endpoints/login/oauth/flow/device_token.rs index 41b0ae8..5f0f13b 100644 --- a/v-api/src/endpoints/login/oauth/flow/device_token.rs +++ b/v-api/src/endpoints/login/oauth/flow/device_token.rs @@ -18,20 +18,13 @@ use std::ops::Add; use tap::TapFallible; use tracing::instrument; use url::Url; -use v_model::{ - NewLoginAttempt, OAuthClientId, - permissions::PermissionStorage, -}; +use v_model::{NewLoginAttempt, OAuthClientId, permissions::PermissionStorage}; use super::super::OAuthProviderNameParam; use crate::endpoints::login::UserInfoProvider; use crate::{ - context::ApiContext, - endpoints::login::LoginError, - error::ApiError, - permissions::VAppPermission, - response::internal_error, - util::response::bad_request, + context::ApiContext, endpoints::login::LoginError, error::ApiError, + permissions::VAppPermission, response::internal_error, util::response::bad_request, }; use super::complete_exchange;