diff --git a/src/client/mysql_admutils_compatibility/error_messages.rs b/src/client/mysql_admutils_compatibility/error_messages.rs index 3378e6a..4790a35 100644 --- a/src/client/mysql_admutils_compatibility/error_messages.rs +++ b/src/client/mysql_admutils_compatibility/error_messages.rs @@ -1,7 +1,7 @@ use crate::core::{ protocol::{ CreateDatabaseError, CreateUserError, DropDatabaseError, DropUserError, - GetDatabasesPrivilegeDataError, ListUsersError, request_validation::AuthorizationError, + GetDatabasesPrivilegeDataError, ListUsersError, request_validation::ValidationError, }, types::DbOrUser, }; @@ -23,7 +23,7 @@ pub fn name_validation_error_to_error_message(db_or_user: DbOrUser) -> String { ) } -pub fn owner_validation_error_message(db_or_user: DbOrUser) -> String { +pub fn authorization_error_message(db_or_user: DbOrUser) -> String { format!( "You are not in charge of mysql-{}: '{}'. Skipping.", db_or_user.lowercased_noun(), @@ -36,16 +36,16 @@ pub fn handle_create_user_error(error: CreateUserError, name: &str) { .next() .unwrap_or_else(|| "mysql-useradm".to_string()); match error { - CreateUserError::AuthorizationError(AuthorizationError::SanitizationError(_)) => { + CreateUserError::ValidationError(ValidationError::NameValidationError(_)) => { eprintln!( "{}", name_validation_error_to_error_message(DbOrUser::User(name.into())) ); } - CreateUserError::AuthorizationError(AuthorizationError::OwnershipError(_)) => { + CreateUserError::ValidationError(ValidationError::AuthorizationError(_)) => { eprintln!( "{}", - owner_validation_error_message(DbOrUser::User(name.into())) + authorization_error_message(DbOrUser::User(name.into())) ); } CreateUserError::MySqlError(_) | CreateUserError::UserAlreadyExists => { @@ -59,16 +59,16 @@ pub fn handle_drop_user_error(error: DropUserError, name: &str) { .next() .unwrap_or_else(|| "mysql-useradm".to_string()); match error { - DropUserError::AuthorizationError(AuthorizationError::SanitizationError(_)) => { + DropUserError::ValidationError(ValidationError::NameValidationError(_)) => { eprintln!( "{}", name_validation_error_to_error_message(DbOrUser::User(name.into())) ); } - DropUserError::AuthorizationError(AuthorizationError::OwnershipError(_)) => { + DropUserError::ValidationError(ValidationError::AuthorizationError(_)) => { eprintln!( "{}", - owner_validation_error_message(DbOrUser::User(name.into())) + authorization_error_message(DbOrUser::User(name.into())) ); } DropUserError::MySqlError(_) | DropUserError::UserDoesNotExist => { @@ -82,16 +82,16 @@ pub fn handle_list_users_error(error: ListUsersError, name: &str) { .next() .unwrap_or_else(|| "mysql-useradm".to_string()); match error { - ListUsersError::AuthorizationError(AuthorizationError::SanitizationError(_)) => { + ListUsersError::ValidationError(ValidationError::NameValidationError(_)) => { eprintln!( "{}", name_validation_error_to_error_message(DbOrUser::User(name.into())) ); } - ListUsersError::AuthorizationError(AuthorizationError::OwnershipError(_)) => { + ListUsersError::ValidationError(ValidationError::AuthorizationError(_)) => { eprintln!( "{}", - owner_validation_error_message(DbOrUser::User(name.into())) + authorization_error_message(DbOrUser::User(name.into())) ); } ListUsersError::UserDoesNotExist => { @@ -113,17 +113,17 @@ pub fn handle_create_database_error(error: CreateDatabaseError, name: &str) { .next() .unwrap_or_else(|| "mysql-dbadm".to_string()); match error { - CreateDatabaseError::AuthorizationError(AuthorizationError::SanitizationError(_)) => { + CreateDatabaseError::ValidationError(ValidationError::NameValidationError(_)) => { eprintln!( "{}", name_validation_error_to_error_message(DbOrUser::Database(name.into())) ); } - CreateDatabaseError::AuthorizationError(AuthorizationError::OwnershipError(_)) => { + CreateDatabaseError::ValidationError(ValidationError::AuthorizationError(_)) => { eprintln!( "{}", - owner_validation_error_message(DbOrUser::Database(name.into())) + authorization_error_message(DbOrUser::Database(name.into())) ); } CreateDatabaseError::MySqlError(_) => { @@ -140,16 +140,16 @@ pub fn handle_drop_database_error(error: DropDatabaseError, name: &str) { .next() .unwrap_or_else(|| "mysql-dbadm".to_string()); match error { - DropDatabaseError::AuthorizationError(AuthorizationError::SanitizationError(_)) => { + DropDatabaseError::ValidationError(ValidationError::NameValidationError(_)) => { eprintln!( "{}", name_validation_error_to_error_message(DbOrUser::Database(name.into())) ); } - DropDatabaseError::AuthorizationError(AuthorizationError::OwnershipError(_)) => { + DropDatabaseError::ValidationError(ValidationError::AuthorizationError(_)) => { eprintln!( "{}", - owner_validation_error_message(DbOrUser::Database(name.into())) + authorization_error_message(DbOrUser::Database(name.into())) ); } DropDatabaseError::MySqlError(_) => { @@ -170,12 +170,12 @@ pub fn format_show_database_error_message( .unwrap_or_else(|| "mysql-dbadm".to_string()); match error { - GetDatabasesPrivilegeDataError::AuthorizationError( - AuthorizationError::SanitizationError(_), - ) => name_validation_error_to_error_message(DbOrUser::Database(name.into())), - GetDatabasesPrivilegeDataError::AuthorizationError(AuthorizationError::OwnershipError( + GetDatabasesPrivilegeDataError::ValidationError(ValidationError::NameValidationError( _, - )) => owner_validation_error_message(DbOrUser::Database(name.into())), + )) => name_validation_error_to_error_message(DbOrUser::Database(name.into())), + GetDatabasesPrivilegeDataError::ValidationError(ValidationError::AuthorizationError(_)) => { + authorization_error_message(DbOrUser::Database(name.into())) + } GetDatabasesPrivilegeDataError::MySqlError(err) => { format!( "{}: Failed to look up privileges for database '{}': {}", diff --git a/src/core/protocol/commands/check_authorization.rs b/src/core/protocol/commands/check_authorization.rs index de42811..2cd7694 100644 --- a/src/core/protocol/commands/check_authorization.rs +++ b/src/core/protocol/commands/check_authorization.rs @@ -4,15 +4,15 @@ use serde::{Deserialize, Serialize}; use serde_json::json; use thiserror::Error; -use crate::core::{protocol::request_validation::AuthorizationError, types::DbOrUser}; +use crate::core::{protocol::request_validation::ValidationError, types::DbOrUser}; pub type CheckAuthorizationRequest = Vec; pub type CheckAuthorizationResponse = BTreeMap>; #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] -#[error("Authorization error: {0}")] -pub struct CheckAuthorizationError(#[from] pub AuthorizationError); +#[error("Validation error: {0}")] +pub struct CheckAuthorizationError(#[from] pub ValidationError); pub fn print_check_authorization_output_status(output: &CheckAuthorizationResponse) { for (db_or_user, result) in output { diff --git a/src/core/protocol/commands/create_databases.rs b/src/core/protocol/commands/create_databases.rs index 2d6ee9b..1da5e8b 100644 --- a/src/core/protocol/commands/create_databases.rs +++ b/src/core/protocol/commands/create_databases.rs @@ -5,7 +5,7 @@ use serde_json::json; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLDatabase}, }; @@ -15,8 +15,8 @@ pub type CreateDatabasesResponse = BTreeMap String { match self { - CreateDatabaseError::AuthorizationError(err) => { + CreateDatabaseError::ValidationError(err) => { err.to_error_message(DbOrUser::Database(database_name.clone())) } CreateDatabaseError::DatabaseAlreadyExists => { @@ -79,7 +79,7 @@ impl CreateDatabaseError { pub fn error_type(&self) -> String { match self { - CreateDatabaseError::AuthorizationError(err) => err.error_type(), + CreateDatabaseError::ValidationError(err) => err.error_type(), CreateDatabaseError::DatabaseAlreadyExists => "database-already-exists".to_string(), CreateDatabaseError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/create_users.rs b/src/core/protocol/commands/create_users.rs index b703375..efe067b 100644 --- a/src/core/protocol/commands/create_users.rs +++ b/src/core/protocol/commands/create_users.rs @@ -5,7 +5,7 @@ use serde_json::json; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLUser}, }; @@ -15,8 +15,8 @@ pub type CreateUsersResponse = BTreeMap>; #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum CreateUserError { - #[error("Authorization error: {0}")] - AuthorizationError(#[from] AuthorizationError), + #[error("Validation error: {0}")] + ValidationError(#[from] ValidationError), #[error("User already exists")] UserAlreadyExists, @@ -65,7 +65,7 @@ pub fn print_create_users_output_status_json(output: &CreateUsersResponse) { impl CreateUserError { pub fn to_error_message(&self, username: &MySQLUser) -> String { match self { - CreateUserError::AuthorizationError(err) => { + CreateUserError::ValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } CreateUserError::UserAlreadyExists => { @@ -79,7 +79,7 @@ impl CreateUserError { pub fn error_type(&self) -> String { match self { - CreateUserError::AuthorizationError(err) => err.error_type(), + CreateUserError::ValidationError(err) => err.error_type(), CreateUserError::UserAlreadyExists => "user-already-exists".to_string(), CreateUserError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/drop_databases.rs b/src/core/protocol/commands/drop_databases.rs index d9ff408..824a348 100644 --- a/src/core/protocol/commands/drop_databases.rs +++ b/src/core/protocol/commands/drop_databases.rs @@ -5,7 +5,7 @@ use serde_json::json; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLDatabase}, }; @@ -15,8 +15,8 @@ pub type DropDatabasesResponse = BTreeMap String { match self { - DropDatabaseError::AuthorizationError(err) => { + DropDatabaseError::ValidationError(err) => { err.to_error_message(DbOrUser::Database(database_name.clone())) } DropDatabaseError::DatabaseDoesNotExist => { @@ -82,7 +82,7 @@ impl DropDatabaseError { pub fn error_type(&self) -> String { match self { - DropDatabaseError::AuthorizationError(err) => err.error_type(), + DropDatabaseError::ValidationError(err) => err.error_type(), DropDatabaseError::DatabaseDoesNotExist => "database-does-not-exist".to_string(), DropDatabaseError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/drop_users.rs b/src/core/protocol/commands/drop_users.rs index c4aeadd..28aab1d 100644 --- a/src/core/protocol/commands/drop_users.rs +++ b/src/core/protocol/commands/drop_users.rs @@ -5,7 +5,7 @@ use serde_json::json; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLUser}, }; @@ -15,8 +15,8 @@ pub type DropUsersResponse = BTreeMap>; #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum DropUserError { - #[error("Authorization error: {0}")] - AuthorizationError(#[from] AuthorizationError), + #[error("Validation error: {0}")] + ValidationError(#[from] ValidationError), #[error("User does not exist")] UserDoesNotExist, @@ -65,7 +65,7 @@ pub fn print_drop_users_output_status_json(output: &DropUsersResponse) { impl DropUserError { pub fn to_error_message(&self, username: &MySQLUser) -> String { match self { - DropUserError::AuthorizationError(err) => { + DropUserError::ValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } DropUserError::UserDoesNotExist => { @@ -79,7 +79,7 @@ impl DropUserError { pub fn error_type(&self) -> String { match self { - DropUserError::AuthorizationError(err) => err.error_type(), + DropUserError::ValidationError(err) => err.error_type(), DropUserError::UserDoesNotExist => "user-does-not-exist".to_string(), DropUserError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/list_databases.rs b/src/core/protocol/commands/list_databases.rs index f268606..fdecd1d 100644 --- a/src/core/protocol/commands/list_databases.rs +++ b/src/core/protocol/commands/list_databases.rs @@ -8,7 +8,7 @@ use thiserror::Error; use crate::{ core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLDatabase}, }, server::sql::database_operations::DatabaseRow, @@ -20,8 +20,8 @@ pub type ListDatabasesResponse = BTreeMap String { match self { - ListDatabasesError::AuthorizationError(err) => { + ListDatabasesError::ValidationError(err) => { err.to_error_message(DbOrUser::Database(database_name.clone())) } ListDatabasesError::DatabaseDoesNotExist => { @@ -118,7 +118,7 @@ impl ListDatabasesError { pub fn error_type(&self) -> String { match self { - ListDatabasesError::AuthorizationError(err) => err.error_type(), + ListDatabasesError::ValidationError(err) => err.error_type(), ListDatabasesError::DatabaseDoesNotExist => "database-does-not-exist".to_string(), ListDatabasesError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/list_privileges.rs b/src/core/protocol/commands/list_privileges.rs index daad53b..c866b8c 100644 --- a/src/core/protocol/commands/list_privileges.rs +++ b/src/core/protocol/commands/list_privileges.rs @@ -16,7 +16,7 @@ use crate::core::{ DATABASE_PRIVILEGE_FIELDS, DatabasePrivilegeRow, db_priv_field_human_readable_name, db_priv_field_single_character_name, }, - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLDatabase}, }; @@ -118,8 +118,8 @@ pub fn print_list_privileges_output_status_json(output: &ListPrivilegesResponse) #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum GetDatabasesPrivilegeDataError { - #[error("Authorization error: {0}")] - AuthorizationError(#[from] AuthorizationError), + #[error("Validation error: {0}")] + ValidationError(#[from] ValidationError), #[error("Database does not exist")] DatabaseDoesNotExist, @@ -131,7 +131,7 @@ pub enum GetDatabasesPrivilegeDataError { impl GetDatabasesPrivilegeDataError { pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String { match self { - GetDatabasesPrivilegeDataError::AuthorizationError(err) => { + GetDatabasesPrivilegeDataError::ValidationError(err) => { err.to_error_message(DbOrUser::Database(database_name.clone())) } GetDatabasesPrivilegeDataError::DatabaseDoesNotExist => { @@ -145,7 +145,7 @@ impl GetDatabasesPrivilegeDataError { pub fn error_type(&self) -> String { match self { - GetDatabasesPrivilegeDataError::AuthorizationError(err) => err.error_type(), + GetDatabasesPrivilegeDataError::ValidationError(err) => err.error_type(), GetDatabasesPrivilegeDataError::DatabaseDoesNotExist => { "database-does-not-exist".to_string() } diff --git a/src/core/protocol/commands/list_users.rs b/src/core/protocol/commands/list_users.rs index fc207f6..160c814 100644 --- a/src/core/protocol/commands/list_users.rs +++ b/src/core/protocol/commands/list_users.rs @@ -7,7 +7,7 @@ use thiserror::Error; use crate::{ core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLUser}, }, server::sql::user_operations::DatabaseUser, @@ -19,8 +19,8 @@ pub type ListUsersResponse = BTreeMap String { match self { - ListUsersError::AuthorizationError(err) => { + ListUsersError::ValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } ListUsersError::UserDoesNotExist => { @@ -113,7 +113,7 @@ impl ListUsersError { pub fn error_type(&self) -> String { match self { - ListUsersError::AuthorizationError(err) => err.error_type(), + ListUsersError::ValidationError(err) => err.error_type(), ListUsersError::UserDoesNotExist => "user-does-not-exist".to_string(), ListUsersError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/lock_users.rs b/src/core/protocol/commands/lock_users.rs index d0ab673..75a0aa7 100644 --- a/src/core/protocol/commands/lock_users.rs +++ b/src/core/protocol/commands/lock_users.rs @@ -5,7 +5,7 @@ use serde_json::json; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLUser}, }; @@ -15,8 +15,8 @@ pub type LockUsersResponse = BTreeMap>; #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum LockUserError { - #[error("Authorization error: {0}")] - AuthorizationError(#[from] AuthorizationError), + #[error("Validation error: {0}")] + ValidationError(#[from] ValidationError), #[error("User does not exist")] UserDoesNotExist, @@ -68,7 +68,7 @@ pub fn print_lock_users_output_status_json(output: &LockUsersResponse) { impl LockUserError { pub fn to_error_message(&self, username: &MySQLUser) -> String { match self { - LockUserError::AuthorizationError(err) => { + LockUserError::ValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } LockUserError::UserDoesNotExist => { @@ -85,7 +85,7 @@ impl LockUserError { pub fn error_type(&self) -> String { match self { - LockUserError::AuthorizationError(err) => err.error_type(), + LockUserError::ValidationError(err) => err.error_type(), LockUserError::UserDoesNotExist => "user-does-not-exist".to_string(), LockUserError::UserIsAlreadyLocked => "user-is-already-locked".to_string(), LockUserError::MySqlError(_) => "mysql-error".to_string(), diff --git a/src/core/protocol/commands/modify_privileges.rs b/src/core/protocol/commands/modify_privileges.rs index 98f94a3..22320cc 100644 --- a/src/core/protocol/commands/modify_privileges.rs +++ b/src/core/protocol/commands/modify_privileges.rs @@ -5,7 +5,7 @@ use thiserror::Error; use crate::core::{ database_privileges::{DatabasePrivilegeRow, DatabasePrivilegeRowDiff, DatabasePrivilegesDiff}, - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLDatabase, MySQLUser}, }; @@ -16,11 +16,11 @@ pub type ModifyPrivilegesResponse = #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum ModifyDatabasePrivilegesError { - #[error("Database authorization error: {0}")] - DatabaseAuthorizationError(AuthorizationError), + #[error("Database validation error: {0}")] + DatabaseValidationError(ValidationError), - #[error("User authorization error: {0}")] - UserAuthorizationError(AuthorizationError), + #[error("User validation error: {0}")] + UserValidationError(ValidationError), #[error("Database does not exist")] DatabaseDoesNotExist, @@ -69,10 +69,10 @@ pub fn print_modify_database_privileges_output_status(output: &ModifyPrivilegesR impl ModifyDatabasePrivilegesError { pub fn to_error_message(&self, database_name: &MySQLDatabase, username: &MySQLUser) -> String { match self { - ModifyDatabasePrivilegesError::DatabaseAuthorizationError(err) => { + ModifyDatabasePrivilegesError::DatabaseValidationError(err) => { err.to_error_message(DbOrUser::Database(database_name.clone())) } - ModifyDatabasePrivilegesError::UserAuthorizationError(err) => { + ModifyDatabasePrivilegesError::UserValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } ModifyDatabasePrivilegesError::DatabaseDoesNotExist => { @@ -97,8 +97,8 @@ impl ModifyDatabasePrivilegesError { pub fn error_type(&self) -> String { match self { // TODO: should these be subtyped? - ModifyDatabasePrivilegesError::DatabaseAuthorizationError(err) => err.error_type(), - ModifyDatabasePrivilegesError::UserAuthorizationError(err) => err.error_type(), + ModifyDatabasePrivilegesError::DatabaseValidationError(err) => err.error_type(), + ModifyDatabasePrivilegesError::UserValidationError(err) => err.error_type(), ModifyDatabasePrivilegesError::DatabaseDoesNotExist => { "database-does-not-exist".to_string() } diff --git a/src/core/protocol/commands/passwd_user.rs b/src/core/protocol/commands/passwd_user.rs index 8ba861e..1ac8948 100644 --- a/src/core/protocol/commands/passwd_user.rs +++ b/src/core/protocol/commands/passwd_user.rs @@ -2,7 +2,7 @@ use serde::{Deserialize, Serialize}; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLUser}, }; @@ -12,8 +12,8 @@ pub type SetUserPasswordResponse = Result<(), SetPasswordError>; #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum SetPasswordError { - #[error("Authorization error: {0}")] - AuthorizationError(#[from] AuthorizationError), + #[error("Validation error: {0}")] + ValidationError(#[from] ValidationError), #[error("User does not exist")] UserDoesNotExist, @@ -37,7 +37,7 @@ pub fn print_set_password_output_status(output: &SetUserPasswordResponse, userna impl SetPasswordError { pub fn to_error_message(&self, username: &MySQLUser) -> String { match self { - SetPasswordError::AuthorizationError(err) => { + SetPasswordError::ValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } SetPasswordError::UserDoesNotExist => { @@ -52,7 +52,7 @@ impl SetPasswordError { #[allow(dead_code)] pub fn error_type(&self) -> String { match self { - SetPasswordError::AuthorizationError(err) => err.error_type(), + SetPasswordError::ValidationError(err) => err.error_type(), SetPasswordError::UserDoesNotExist => "user-does-not-exist".to_string(), SetPasswordError::MySqlError(_) => "mysql-error".to_string(), } diff --git a/src/core/protocol/commands/unlock_users.rs b/src/core/protocol/commands/unlock_users.rs index b3be99a..7583105 100644 --- a/src/core/protocol/commands/unlock_users.rs +++ b/src/core/protocol/commands/unlock_users.rs @@ -5,7 +5,7 @@ use serde_json::json; use thiserror::Error; use crate::core::{ - protocol::request_validation::AuthorizationError, + protocol::request_validation::ValidationError, types::{DbOrUser, MySQLUser}, }; @@ -15,8 +15,8 @@ pub type UnlockUsersResponse = BTreeMap>; #[derive(Error, Debug, Clone, PartialEq, Serialize, Deserialize)] pub enum UnlockUserError { - #[error("Authorization error: {0}")] - AuthorizationError(#[from] AuthorizationError), + #[error("Validation error: {0}")] + ValidationError(#[from] ValidationError), #[error("User does not exist")] UserDoesNotExist, @@ -68,7 +68,7 @@ pub fn print_unlock_users_output_status_json(output: &UnlockUsersResponse) { impl UnlockUserError { pub fn to_error_message(&self, username: &MySQLUser) -> String { match self { - UnlockUserError::AuthorizationError(err) => { + UnlockUserError::ValidationError(err) => { err.to_error_message(DbOrUser::User(username.clone())) } UnlockUserError::UserDoesNotExist => { @@ -85,7 +85,7 @@ impl UnlockUserError { pub fn error_type(&self) -> String { match self { - UnlockUserError::AuthorizationError(err) => err.error_type(), + UnlockUserError::ValidationError(err) => err.error_type(), UnlockUserError::UserDoesNotExist => "user-does-not-exist".to_string(), UnlockUserError::UserIsAlreadyUnlocked => "user-is-already-unlocked".to_string(), UnlockUserError::MySqlError(_) => "mysql-error".to_string(), diff --git a/src/core/protocol/request_validation.rs b/src/core/protocol/request_validation.rs index 78778d3..fae3dd7 100644 --- a/src/core/protocol/request_validation.rs +++ b/src/core/protocol/request_validation.rs @@ -53,15 +53,16 @@ impl NameValidationError { } #[derive(Error, Debug, PartialEq, Eq, Clone, Copy, Serialize, Deserialize)] -pub enum OwnerValidationError { +pub enum AuthorizationError { #[error("No matching owner prefix found")] NoMatch, + // TODO: I don't think this should ever happen? #[error("Name cannot be empty")] StringEmpty, } -impl OwnerValidationError { +impl AuthorizationError { pub fn to_error_message(self, db_or_user: DbOrUser) -> String { let user = UnixUser::from_enviroment(); @@ -76,7 +77,7 @@ impl OwnerValidationError { groups.sort(); match self { - OwnerValidationError::NoMatch => format!( + AuthorizationError::NoMatch => format!( indoc! {r#" Invalid {} name prefix: '{}' does not match your username or any of your groups. Are you sure you are allowed to create {} names with this prefix? @@ -98,7 +99,7 @@ impl OwnerValidationError { .join("\n"), ) .to_owned(), - OwnerValidationError::StringEmpty => format!( + AuthorizationError::StringEmpty => format!( "'{}' is not a valid {} name.", db_or_user.name(), db_or_user.lowercased_noun() @@ -109,27 +110,27 @@ impl OwnerValidationError { pub fn error_type(&self) -> &'static str { match self { - OwnerValidationError::NoMatch => "no-match", - OwnerValidationError::StringEmpty => "string-empty", + AuthorizationError::NoMatch => "no-match", + AuthorizationError::StringEmpty => "string-empty", } } } #[derive(Error, Debug, PartialEq, Eq, Clone, Serialize, Deserialize)] -pub enum AuthorizationError { - #[error("Sanitization error: {0}")] - SanitizationError(NameValidationError), +pub enum ValidationError { + #[error("Name validation error: {0}")] + NameValidationError(NameValidationError), - #[error("Ownership error: {0}")] - OwnershipError(OwnerValidationError), + #[error("Authorization error: {0}")] + AuthorizationError(AuthorizationError), // AuthorizationHandlerError(String), } -impl AuthorizationError { +impl ValidationError { pub fn to_error_message(&self, db_or_user: DbOrUser) -> String { match self { - AuthorizationError::SanitizationError(err) => err.to_error_message(db_or_user), - AuthorizationError::OwnershipError(err) => err.to_error_message(db_or_user), + ValidationError::NameValidationError(err) => err.to_error_message(db_or_user), + ValidationError::AuthorizationError(err) => err.to_error_message(db_or_user), // AuthorizationError::AuthorizationHandlerError(msg) => { // format!( // "Authorization handler error for '{}': {}", @@ -142,12 +143,11 @@ impl AuthorizationError { pub fn error_type(&self) -> String { match self { - AuthorizationError::SanitizationError(err) => { - format!("sanitization-error/{}", err.error_type()) + ValidationError::NameValidationError(err) => { + format!("name-validation-error/{}", err.error_type()) } - // TODO: maybe rename this to authorization error? - AuthorizationError::OwnershipError(err) => { - format!("ownership-error/{}", err.error_type()) + ValidationError::AuthorizationError(err) => { + format!("authorization-error/{}", err.error_type()) } // AuthorizationError::AuthorizationHandlerError(_) => { // "authorization-handler-error".to_string() // } @@ -172,27 +172,27 @@ pub fn validate_name(name: &str) -> Result<(), NameValidationError> { } } -pub fn validate_ownership_by_unix_user( +pub fn validate_authorization_by_unix_user( name: &str, user: &UnixUser, -) -> Result<(), OwnerValidationError> { +) -> Result<(), AuthorizationError> { let prefixes = std::iter::once(user.username.to_owned()) .chain(user.groups.iter().cloned()) .collect::>(); - validate_ownership_by_prefixes(name, &prefixes) + validate_authorization_by_prefixes(name, &prefixes) } /// Core logic for validating the ownership of a database name. /// This function checks if the given name matches any of the given prefixes. /// These prefixes will in most cases be the user's unix username and any /// unix groups the user is a member of. -pub fn validate_ownership_by_prefixes( +pub fn validate_authorization_by_prefixes( name: &str, prefixes: &[String], -) -> Result<(), OwnerValidationError> { +) -> Result<(), AuthorizationError> { if name.is_empty() { - return Err(OwnerValidationError::StringEmpty); + return Err(AuthorizationError::StringEmpty); } if prefixes @@ -201,7 +201,7 @@ pub fn validate_ownership_by_prefixes( .collect::>() .is_empty() { - return Err(OwnerValidationError::NoMatch); + return Err(AuthorizationError::NoMatch); }; Ok(()) @@ -210,11 +210,11 @@ pub fn validate_ownership_by_prefixes( pub fn validate_db_or_user_request( db_or_user: &DbOrUser, unix_user: &UnixUser, -) -> Result<(), AuthorizationError> { - validate_name(db_or_user.name()).map_err(AuthorizationError::SanitizationError)?; +) -> Result<(), ValidationError> { + validate_name(db_or_user.name()).map_err(ValidationError::NameValidationError)?; - validate_ownership_by_unix_user(db_or_user.name(), unix_user) - .map_err(AuthorizationError::OwnershipError)?; + validate_authorization_by_unix_user(db_or_user.name(), unix_user) + .map_err(ValidationError::AuthorizationError)?; Ok(()) } @@ -246,34 +246,34 @@ mod tests { } #[test] - fn test_validate_owner_by_prefixes() { + fn test_validate_authorization_by_prefixes() { let prefixes = vec!["user".to_string(), "group".to_string()]; assert_eq!( - validate_ownership_by_prefixes("", &prefixes), - Err(OwnerValidationError::StringEmpty) + validate_authorization_by_prefixes("", &prefixes), + Err(AuthorizationError::StringEmpty) ); assert_eq!( - validate_ownership_by_prefixes("user_testdb", &prefixes), + validate_authorization_by_prefixes("user_testdb", &prefixes), Ok(()) ); assert_eq!( - validate_ownership_by_prefixes("group_testdb", &prefixes), + validate_authorization_by_prefixes("group_testdb", &prefixes), Ok(()) ); assert_eq!( - validate_ownership_by_prefixes("group_test_db", &prefixes), + validate_authorization_by_prefixes("group_test_db", &prefixes), Ok(()) ); assert_eq!( - validate_ownership_by_prefixes("group_test-db", &prefixes), + validate_authorization_by_prefixes("group_test-db", &prefixes), Ok(()) ); assert_eq!( - validate_ownership_by_prefixes("nonexistent_testdb", &prefixes), - Err(OwnerValidationError::NoMatch) + validate_authorization_by_prefixes("nonexistent_testdb", &prefixes), + Err(AuthorizationError::NoMatch) ); } } diff --git a/src/server/sql/database_operations.rs b/src/server/sql/database_operations.rs index 434452f..b38574e 100644 --- a/src/server/sql/database_operations.rs +++ b/src/server/sql/database_operations.rs @@ -95,7 +95,7 @@ pub async fn create_databases( for database_name in database_names { if let Err(err) = validate_db_or_user_request(&DbOrUser::Database(database_name.clone()), unix_user) - .map_err(CreateDatabaseError::AuthorizationError) + .map_err(CreateDatabaseError::ValidationError) { results.insert(database_name.to_owned(), Err(err)); continue; @@ -147,7 +147,7 @@ pub async fn drop_databases( for database_name in database_names { if let Err(err) = validate_db_or_user_request(&DbOrUser::Database(database_name.clone()), unix_user) - .map_err(DropDatabaseError::AuthorizationError) + .map_err(DropDatabaseError::ValidationError) { results.insert(database_name.to_owned(), Err(err)); continue; @@ -242,7 +242,7 @@ pub async fn list_databases( for database_name in database_names { if let Err(err) = validate_db_or_user_request(&DbOrUser::Database(database_name.clone()), unix_user) - .map_err(ListDatabasesError::AuthorizationError) + .map_err(ListDatabasesError::ValidationError) { results.insert(database_name.to_owned(), Err(err)); continue; diff --git a/src/server/sql/database_privilege_operations.rs b/src/server/sql/database_privilege_operations.rs index d7dc770..d1fb49b 100644 --- a/src/server/sql/database_privilege_operations.rs +++ b/src/server/sql/database_privilege_operations.rs @@ -149,7 +149,7 @@ pub async fn get_databases_privilege_data( for database_name in database_names.iter() { if let Err(err) = validate_db_or_user_request(&DbOrUser::Database(database_name.clone()), unix_user) - .map_err(GetDatabasesPrivilegeDataError::AuthorizationError) + .map_err(GetDatabasesPrivilegeDataError::ValidationError) { results.insert(database_name.to_owned(), Err(err)); continue; @@ -409,7 +409,7 @@ pub async fn apply_privilege_diffs( &DbOrUser::Database(diff.get_database_name().to_owned()), unix_user, ) - .map_err(ModifyDatabasePrivilegesError::UserAuthorizationError) + .map_err(ModifyDatabasePrivilegesError::UserValidationError) { results.insert(key, Err(err)); continue; @@ -417,7 +417,7 @@ pub async fn apply_privilege_diffs( if let Err(err) = validate_db_or_user_request(&DbOrUser::User(diff.get_user_name().to_owned()), unix_user) - .map_err(ModifyDatabasePrivilegesError::UserAuthorizationError) + .map_err(ModifyDatabasePrivilegesError::UserValidationError) { results.insert(key, Err(err)); continue; diff --git a/src/server/sql/user_operations.rs b/src/server/sql/user_operations.rs index c78f458..0ef2cf8 100644 --- a/src/server/sql/user_operations.rs +++ b/src/server/sql/user_operations.rs @@ -102,7 +102,7 @@ pub async fn create_database_users( for db_user in db_users { if let Err(err) = validate_db_or_user_request(&DbOrUser::User(db_user.clone()), unix_user) - .map_err(CreateUserError::AuthorizationError) + .map_err(CreateUserError::ValidationError) { results.insert(db_user, Err(err)); continue; @@ -146,7 +146,7 @@ pub async fn drop_database_users( for db_user in db_users { if let Err(err) = validate_db_or_user_request(&DbOrUser::User(db_user.clone()), unix_user) - .map_err(DropUserError::AuthorizationError) + .map_err(DropUserError::ValidationError) { results.insert(db_user, Err(err)); continue; @@ -188,7 +188,7 @@ pub async fn set_password_for_database_user( _db_is_mariadb: bool, ) -> SetUserPasswordResponse { validate_db_or_user_request(&DbOrUser::User(db_user.clone()), unix_user) - .map_err(SetPasswordError::AuthorizationError)?; + .map_err(SetPasswordError::ValidationError)?; match unsafe_user_exists(db_user, &mut *connection).await { Ok(false) => return Err(SetPasswordError::UserDoesNotExist), @@ -274,7 +274,7 @@ pub async fn lock_database_users( for db_user in db_users { if let Err(err) = validate_db_or_user_request(&DbOrUser::User(db_user.clone()), unix_user) - .map_err(LockUserError::AuthorizationError) + .map_err(LockUserError::ValidationError) { results.insert(db_user, Err(err)); continue; @@ -332,7 +332,7 @@ pub async fn unlock_database_users( for db_user in db_users { if let Err(err) = validate_db_or_user_request(&DbOrUser::User(db_user.clone()), unix_user) - .map_err(UnlockUserError::AuthorizationError) + .map_err(UnlockUserError::ValidationError) { results.insert(db_user, Err(err)); continue; @@ -438,7 +438,7 @@ pub async fn list_database_users( for db_user in db_users { if let Err(err) = validate_db_or_user_request(&DbOrUser::User(db_user.clone()), unix_user) - .map_err(ListUsersError::AuthorizationError) + .map_err(ListUsersError::ValidationError) { results.insert(db_user, Err(err)); continue;