better expiration handling

Author: Emilgardis

CHANGELOG.md

@@ -8,30 +8,31 @@
 
 ### Breaking
 
-* Added new feature flag `client` that enables client specific functions. Without this feature,
+- Added new feature flag `client` that enables client specific functions. Without this feature,
   `twitch_oauth2` will only provide non-async functions and
-  provide library users `http::Request`s and consume `http::Response`s.
+  provide library users functions that returns `http::Request`s and consume `http::Response`s.
+- `ValidatedToken::expires_in` is now an `Option`.
 
 ## [v0.8.0] - 2022-08-27
 
 [Commits](https://github.com/twitch-rs/twitch_oauth2/compare/v0.7.1...v0.8.0)
 
 ### Breaking
 
-* Bumped `aliri_braid` to `0.2`, this change means that the `new` method on the types in `types` only take an owned string now
-  * `AccessToken::new`, `ClientId::new`, `ClientSecret::new`, `CsrfToken::new` and `RefreshToken::new` now take a `String` instead of `impl Into<String>`
+- Bumped `aliri_braid` to `0.2`, this change means that the `new` method on the types in `types` only take an owned string now
+  - `AccessToken::new`, `ClientId::new`, `ClientSecret::new`, `CsrfToken::new` and `RefreshToken::new` now take a `String` instead of `impl Into<String>`
 
 ## [v0.7.1] - 2022-08-27
 
 [Commits](https://github.com/twitch-rs/twitch_oauth2/compare/v0.7.0...v0.7.1)
 
 ### Changed
 
-* Organization moved to `twitch-rs`
+- Organization moved to `twitch-rs`
 
 ### Added
 
-* Added scopes `channel:manage:raids`, `channel:manage:moderators`, `channel:manage:vips`, `channel:read:charity`,
+- Added scopes `channel:manage:raids`, `channel:manage:moderators`, `channel:manage:vips`, `channel:read:charity`,
   `channel:read:vips`, `moderator:manage:announcements`, `moderator:manage:chat_messages`, `user:manage:chat_color` and
   `user:manage:whispers`
 
@@ -41,16 +42,16 @@
 
 ### Breaking changes
 
-* switch to [`twitch_types`](https://crates.io/crates/twitch_types) for `UserId` and `Nickname`/`UserName`
-* bump MSRV to 1.60, also changes the feature names for clients to their simpler variant `surf` and `client`
+- switch to [`twitch_types`](https://crates.io/crates/twitch_types) for `UserId` and `Nickname`/`UserName`
+- bump MSRV to 1.60, also changes the feature names for clients to their simpler variant `surf` and `client`
 
 ## [v0.6.1] - 2021-11-23
 
 [Commits](https://github.com/twitch-rs/twitch_oauth2/compare/v0.6.0...v0.6.1)
 
 ### Added
 
-* Added new scopes `moderator:manage:automod_settings`, `moderator:manage:banned_users`,
+- Added new scopes `moderator:manage:automod_settings`, `moderator:manage:banned_users`,
   `moderator:manage:blocked_terms`, `moderator:manage:chat_settings`, `moderator:read:automod_settings`,
   `moderator:read:blocked_terms` and `moderator:read:chat_settings`
 
@@ -60,68 +61,69 @@
 
 ### Breaking changes
 
-* All types associated with tokens are now defined in this crate. This is a consequence of the `oauth2` dependency being removed from tree.
+- All types associated with tokens are now defined in this crate. This is a consequence of the `oauth2` dependency being removed from tree.
   Additionally, as another consequence, clients are now able to be specified as a `for<'a> &'a T where T: Client<'a>`, meaning `twitch_api` can use its clients as an interface to token requests,
   and clients can persist instead of being rebuilt every call. Care should be taken when making clients, as SSRF and similar attacks are possible with improper client configurations.
 
 ### Added
 
-* Added types/braids `ClientId`, `ClientSecret`, `AccessToken`, `RefreshToken` and `CsrfToken`.
-* Added way to interact with the Twitch-CLI [mock API](https://github.com/twitchdev/twitch-cli/blob/main/docs/mock-api.md) using environment variables.
+- Added types/braids `ClientId`, `ClientSecret`, `AccessToken`, `RefreshToken` and `CsrfToken`.
+- Added way to interact with the Twitch-CLI [mock API](https://github.com/twitchdev/twitch-cli/blob/main/docs/mock-api.md) using environment variables.
   See static variables `AUTH_URL`, `TOKEN_URL`, `VALIDATE_URL` and `REVOKE_URL` for more information.
-* Added `impl Borrow<str> for Scope`, meaning it can be used in places it couldn't be used before. Primarily, it allows the following code to work:
+- Added `impl Borrow<str> for Scope`, meaning it can be used in places it couldn't be used before. Primarily, it allows the following code to work:
   ```rust
   let scopes = vec![Scope::ChatEdit, Scope::ChatRead];
   let space_separated_scope: String = scopes.as_slice().join(" ");
   ```
-* Added scope `channel:read:goals`
+- Added scope `channel:read:goals`
 
 ### Changed
 
-* Requests to `id.twitch.tv` now follow the documentation, instead of following a subset of the RFC for oauth2.
-* URLs are now initialized lazily and specified as `url::Url`s.
+- Requests to `id.twitch.tv` now follow the documentation, instead of following a subset of the RFC for oauth2.
+- URLs are now initialized lazily and specified as `url::Url`s.
 
 ### Removed
 
-* Removed `oauth2` dependency.
+- Removed `oauth2` dependency.
 
 ## [v0.5.2] - 2021-06-18
 
 [Commits](https://github.com/twitch-rs/twitch_oauth2/compare/v0.5.1...v0.5.2)
 
 ### Added
 
-* Added new scope `channel:manage:schedule`
+- Added new scope `channel:manage:schedule`
 
 ## [v0.5.1] - 2021-05-16
 
 [Commits](https://github.com/twitch-rs/twitch_oauth2/compare/v0.5.0...v0.5.1)
 
 ### Added
 
-* Added new scopes `channel:manage:polls`, `channel:manage:predictions`, `channel:read:polls`, `channel:read:predictions`, and `moderator:manage:automod`,
-* Added function `Scope::description` to get the description of the scope
+- Added new scopes `channel:manage:polls`, `channel:manage:predictions`, `channel:read:polls`, `channel:read:predictions`, and `moderator:manage:automod`,
+- Added function `Scope::description` to get the description of the scope
 
 ## [v0.5.0] - 2021-05-08
 
 [Commits](https://github.com/twitch-rs/twitch_oauth2/compare/49a083ceda6768cc52a1f8f1714bb7f942f24c01...v0.5.0)
 
 ### Added
 
-* Made crate runtime agnostic with custom clients.
-* Updated deps.
-* Add an extra (optional) client secret field to `UserToken::from_existing` (thanks [Dinnerbone](https://github.com/Dinnerbone))
-* Added `channel:manage:redemptions`, `channel:read:editors`, `channel:manage:videos`, `user:read:blocked_users`,  `user:manage:blocked_users`, `user:read:subscriptions` and `user:read:follows`
-* Implemented [OAuth Authorization Code Flow](https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#oauth-authorization-code-flow) with `UserTokenBuilder`
-* Added a way to suggest or infer that an user token is never expiring, making `is_elapsed` return false and `expires_in` a bogus (max) duration.
+- Made crate runtime agnostic with custom clients.
+- Updated deps.
+- Add an extra (optional) client secret field to `UserToken::from_existing` (thanks [Dinnerbone](https://github.com/Dinnerbone))
+- Added `channel:manage:redemptions`, `channel:read:editors`, `channel:manage:videos`, `user:read:blocked_users`, `user:manage:blocked_users`, `user:read:subscriptions` and `user:read:follows`
+- Implemented [OAuth Authorization Code Flow](https://dev.twitch.tv/docs/authentication/getting-tokens-oauth/#oauth-authorization-code-flow) with `UserTokenBuilder`
+- Added a way to suggest or infer that an user token is never expiring, making `is_elapsed` return false and `expires_in` a bogus (max) duration.
+
 ### Changed
 
-* MSRV: 1.51
-* Made scope take `Cow<&'static str>`
-* Made fields `access_token`, `refresh_token`, `user_id` and `login` `pub` on `UserToken` and `AppAccessToken` (where applicable)
-* Fixed wrong scope `user:read:stream_key` -> `channel:read:stream_key`
-* BREAKING: changed `TwitchToken::expires` -> `TwitchToken::expires_in` to calculate current lifetime of token
+- MSRV: 1.51
+- Made scope take `Cow<&'static str>`
+- Made fields `access_token`, `refresh_token`, `user_id` and `login` `pub` on `UserToken` and `AppAccessToken` (where applicable)
+- Fixed wrong scope `user:read:stream_key` -> `channel:read:stream_key`
+- BREAKING: changed `TwitchToken::expires` -> `TwitchToken::expires_in` to calculate current lifetime of token
 
 ## End of Changelog
 
-Changelog starts on v0.5.0
+Changelog starts on v0.5.0

src/id.rs

@@ -29,9 +29,9 @@ pub struct TwitchTokenResponse {
 impl TwitchTokenResponse {
     /// Create a [TwitchTokenResponse] from a [http::Response]
     pub fn from_response<B: AsRef<[u8]>>(
-        resp: &http::Response<B>,
+        response: &http::Response<B>,
     ) -> Result<TwitchTokenResponse, RequestParseError> {
-        crate::parse_response(resp)
+        crate::parse_response(response)
     }
 }
 

src/tokens.rs

@@ -163,23 +163,29 @@ pub struct ValidatedToken {
     /// Scopes attached to the token.
     pub scopes: Option<Vec<Scope>>,
     /// Lifetime of the token
-    #[serde(deserialize_with = "seconds_to_duration")]
-    pub expires_in: std::time::Duration,
+    #[serde(deserialize_with = "expires_in")]
+    pub expires_in: Option<std::time::Duration>,
 }
 
-fn seconds_to_duration<'a, D: serde::de::Deserializer<'a>>(
+fn expires_in<'a, D: serde::de::Deserializer<'a>>(
     d: D,
-) -> Result<std::time::Duration, D::Error> {
-    Ok(std::time::Duration::from_secs(u64::deserialize(d)?))
+) -> Result<Option<std::time::Duration>, D::Error> {
+    let num = u64::deserialize(d)?;
+    if num == 0 {
+        Ok(None)
+    } else {
+        Ok(Some(std::time::Duration::from_secs(num)))
+    }
 }
+
 impl ValidatedToken {
     /// Assemble a a validated token from a response.
     ///
     /// Get the request that generates this response with [`AccessToken::validate_token_request`][crate::types::AccessTokenRef::validate_token_request]
     pub fn from_response<B: AsRef<[u8]>>(
-        resp: &http::Response<B>,
+        response: &http::Response<B>,
     ) -> Result<ValidatedToken, ValidationError<std::convert::Infallible>> {
-        match crate::parse_response(resp) {
+        match crate::parse_response(response) {
             Ok(ok) => Ok(ok),
             Err(err) => match err {
                 RequestParseError::TwitchError(TwitchTokenErrorResponse { status, .. })
@@ -192,3 +198,58 @@ impl ValidatedToken {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::ValidatedToken;
+
+    use super::errors::ValidationError;
+
+    #[test]
+    fn validated_token() {
+        let body = br#"
+        {
+            "client_id": "wbmytr93xzw8zbg0p1izqyzzc5mbiz",
+            "login": "twitchdev",
+            "scopes": [
+              "channel:read:subscriptions"
+            ],
+            "user_id": "141981764",
+            "expires_in": 5520838
+        }
+        "#;
+        let response = http::Response::builder().status(200).body(body).unwrap();
+        ValidatedToken::from_response(&response).unwrap();
+    }
+
+    #[test]
+    fn validated_non_expiring_token() {
+        let body = br#"
+        {
+            "client_id": "wbmytr93xzw8zbg0p1izqyzzc5mbiz",
+            "login": "twitchdev",
+            "scopes": [
+              "channel:read:subscriptions"
+            ],
+            "user_id": "141981764",
+            "expires_in": 0
+        }
+        "#;
+        let response = http::Response::builder().status(200).body(body).unwrap();
+        let token = ValidatedToken::from_response(&response).unwrap();
+        assert!(token.expires_in.is_none());
+    }
+
+    #[test]
+    fn validated_error_response() {
+        let body = br#"
+        {
+            "status": 401,
+            "message": "missing authorization token",
+        }
+        "#;
+        let response = http::Response::builder().status(401).body(body).unwrap();
+        let error = ValidatedToken::from_response(&response).unwrap_err();
+        assert!(matches!(error, ValidationError::RequestParseError(_)))
+    }
+}

src/tokens/app_access_token.rs

@@ -131,7 +131,7 @@ impl AppAccessToken {
             validated.client_id,
             client_secret,
             validated.scopes,
-            Some(validated.expires_in),
+            validated.expires_in,
         ))
     }
 

src/tokens/user_token.rs

@@ -70,13 +70,7 @@ impl UserToken {
             validated.login.ok_or(ValidationError::NoLogin)?,
             validated.user_id.ok_or(ValidationError::NoLogin)?,
             validated.scopes,
-            Some(validated.expires_in).filter(|d| {
-                // FIXME: https://github.com/rust-lang/rust/pull/84084
-                // FIXME: nanos are not returned
-                // if duration is zero, the token will never expire. if the token was expired, twitch would return NotAuthorized
-                // TODO: There could be a situation where this fails, if the token is just about to expire, say 500ms, does twitch round up to 1 or down to 0?
-                !(d.as_secs() == 0 && d.as_nanos() == 0)
-            }),
+            validated.expires_in,
         ))
     }
 
@@ -683,18 +677,53 @@ impl ImplicitUserTokenBuilder {
 
 #[cfg(test)]
 mod tests {
+    use crate::id::TwitchTokenResponse;
+
     pub use super::*;
+
+    #[test]
+    fn from_validated_and_token() {
+        let body = br#"
+        {
+            "client_id": "wbmytr93xzw8zbg0p1izqyzzc5mbiz",
+            "login": "twitchdev",
+            "scopes": [
+              "channel:read:subscriptions"
+            ],
+            "user_id": "141981764",
+            "expires_in": 5520838
+        }
+        "#;
+        let response = http::Response::builder().status(200).body(body).unwrap();
+        let validated = ValidatedToken::from_response(&response).unwrap();
+        let body = br#"
+        {
+            "access_token": "rfx2uswqe8l4g1mkagrvg5tv0ks3",
+            "expires_in": 14124,
+            "refresh_token": "5b93chm6hdve3mycz05zfzatkfdenfspp1h1ar2xxdalen01",
+            "scope": [
+                "channel:read:subscriptions"
+            ],
+            "token_type": "bearer"
+          }
+        "#;
+        let response = http::Response::builder().status(200).body(body).unwrap();
+        let response = TwitchTokenResponse::from_response(&response).unwrap();
+
+        UserToken::from_response(response, validated, None).unwrap();
+    }
+
     #[test]
     fn generate_url() {
-        dbg!(UserTokenBuilder::new(
+        UserTokenBuilder::new(
             ClientId::from("random_client"),
             ClientSecret::from("random_secret"),
             url::Url::parse("https://localhost").unwrap(),
         )
         .force_verify(true)
         .generate_url()
         .0
-        .to_string());
+        .to_string();
     }
 
     #[tokio::test]