refactor: allow testing of mocked providers via AuthRegistry creation, avoid creation of responses in auth

pacman-server/src/auth/discord.rs

@@ -1,5 +1,3 @@
-use axum::{response::IntoResponse, response::Redirect};
-use axum_cookie::CookieManager;
 use jsonwebtoken::EncodingKey;
 use oauth2::{AuthorizationCode, CsrfToken, PkceCodeVerifier, Scope, TokenResponse};
 use serde::{Deserialize, Serialize};
@@ -7,7 +5,7 @@ use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 use tracing::{trace, warn};
 
-use crate::auth::provider::{AuthUser, OAuthProvider};
+use crate::auth::provider::{AuthUser, AuthorizeInfo, OAuthProvider};
 use crate::errors::ErrorResponse;
 use crate::session;
 
@@ -65,7 +63,7 @@ impl OAuthProvider for DiscordProvider {
         "Discord"
     }
 
-    async fn authorize(&self, cookie: &CookieManager, encoding_key: &EncodingKey) -> axum::response::Response {
+    async fn authorize(&self, encoding_key: &EncodingKey) -> Result<AuthorizeInfo, ErrorResponse> {
         let (pkce_challenge, pkce_verifier) = oauth2::PkceCodeChallenge::new_random_sha256();
         let (authorize_url, csrf_state) = self
             .client
@@ -77,10 +75,12 @@ impl OAuthProvider for DiscordProvider {
 
         // Store PKCE verifier and CSRF state in session
         let session_token = session::create_pkce_session(pkce_verifier.secret(), csrf_state.secret(), encoding_key);
-        session::set_session_cookie(cookie, &session_token);
 
         trace!(state = %csrf_state.secret(), "Generated OAuth authorization URL");
-        Redirect::to(authorize_url.as_str()).into_response()
+        Ok(AuthorizeInfo {
+            authorize_url,
+            session_token,
+        })
     }
 
     async fn exchange_code_for_token(&self, code: &str, verifier: &str) -> Result<String, ErrorResponse> {

pacman-server/src/auth/github.rs

@@ -1,5 +1,3 @@
-use axum::{response::IntoResponse, response::Redirect};
-use axum_cookie::CookieManager;
 use jsonwebtoken::EncodingKey;
 use oauth2::{AuthorizationCode, CsrfToken, PkceCodeVerifier, Scope, TokenResponse};
 use serde::{Deserialize, Serialize};
@@ -8,7 +6,7 @@ use std::sync::Arc;
 use tracing::{trace, warn};
 
 use crate::{
-    auth::provider::{AuthUser, OAuthProvider},
+    auth::provider::{AuthUser, AuthorizeInfo, OAuthProvider},
     errors::ErrorResponse,
     session,
 };
@@ -73,7 +71,7 @@ impl OAuthProvider for GitHubProvider {
         "GitHub"
     }
 
-    async fn authorize(&self, cookie: &CookieManager, encoding_key: &EncodingKey) -> axum::response::Response {
+    async fn authorize(&self, encoding_key: &EncodingKey) -> Result<AuthorizeInfo, ErrorResponse> {
         let (pkce_challenge, pkce_verifier) = oauth2::PkceCodeChallenge::new_random_sha256();
         let (authorize_url, csrf_state) = self
             .client
@@ -85,10 +83,12 @@ impl OAuthProvider for GitHubProvider {
 
         // Store PKCE verifier and CSRF state in session
         let session_token = session::create_pkce_session(pkce_verifier.secret(), csrf_state.secret(), encoding_key);
-        session::set_session_cookie(cookie, &session_token);
 
         trace!(state = %csrf_state.secret(), "Generated OAuth authorization URL");
-        Redirect::to(authorize_url.as_str()).into_response()
+        Ok(AuthorizeInfo {
+            authorize_url,
+            session_token,
+        })
     }
 
     async fn exchange_code_for_token(&self, code: &str, verifier: &str) -> Result<String, ErrorResponse> {

pacman-server/src/auth/mod.rs

@@ -17,7 +17,7 @@ type OAuthClient =
     BasicClient<oauth2::EndpointSet, oauth2::EndpointNotSet, oauth2::EndpointNotSet, oauth2::EndpointNotSet, oauth2::EndpointSet>;
 
 pub struct AuthRegistry {
-    providers: HashMap<&'static str, Arc<dyn provider::OAuthProvider>>,
+    pub providers: HashMap<&'static str, Arc<dyn provider::OAuthProvider>>,
 }
 
 impl AuthRegistry {

pacman-server/src/auth/provider.rs

@@ -24,13 +24,22 @@ pub struct AuthUser {
     pub avatar_url: Option<String>,
 }
 
+// Information required to begin an OAuth authorization flow.
+#[derive(Debug)]
+pub struct AuthorizeInfo {
+    // The URL to redirect the user to for authorization.
+    pub authorize_url: oauth2::url::Url,
+    // A session token to be stored in the user's session cookie.
+    pub session_token: String,
+}
+
 #[automock]
 #[async_trait]
 pub trait OAuthProvider: Send + Sync {
-    // Builds a server response to redirect the user to the provider's authorization page.
+    // Builds the necessary information to redirect the user to the provider's authorization page.
     // This generally also includes beginning a PKCE flow (proof key for code exchange).
-    // The cookie manager is used to store the PKCE verifier in the session.
-    async fn authorize(&self, cookie: &CookieManager, encoding_key: &EncodingKey) -> axum::response::Response;
+    // The returned session token should be stored in the user's session cookie.
+    async fn authorize(&self, encoding_key: &EncodingKey) -> Result<AuthorizeInfo, ErrorResponse>;
 
     // Handles the callback from the provider after the user has authorized the app.
     // This generally also includes completing the PKCE flow (proof key for code exchange).

pacman-server/src/routes.rs

@@ -46,9 +46,14 @@ pub async fn oauth_authorize_handler(
                 .build(),
         );
     }
-    let resp = prov.authorize(&cookie, &app_state.jwt_encoding_key).await;
+    let auth_info = match prov.authorize(&app_state.jwt_encoding_key).await {
+        Ok(info) => info,
+        Err(e) => return e.into_response(),
+    };
+
+    session::set_session_cookie(&cookie, &auth_info.session_token);
     trace!("Redirecting to provider authorization page");
-    resp
+    Redirect::to(auth_info.authorize_url.as_str()).into_response()
 }
 
 pub async fn oauth_callback_handler(