Move the AuthenticationService from the FFI into the SDK crate. #3049
Conversation
pixlwave
force-pushed
the
doug/authentication-service-for-real
branch
3 times, most recently
from
f50c4f6 to
8cf7550
Compare
|
I've marked this Ready for review, mainly because I would like a review, rather thank thinking this is in a good enough state to be merged. I expect this to change a lot, will add comments on the areas I was unsure about. |
crates/matrix-sdk/src/oidc/mod.rs
Outdated
There was a problem hiding this comment.
The changes in this file and backend/mod.rs were very much "just get it working". It generates some warnings and I would love some direction on what the correct solution would be here.
| @@ -811,20 +842,148 @@ pub(crate) mod tests { | |||
| assert!(matches!(error, AuthenticationError::Generic { .. })); | |||
| } | |||
|
|
|||
| #[async_test] | |||
| #[cfg(feature = "experimental-oidc")] | |||
There was a problem hiding this comment.
Honestly, I'm not 100% sure if these new tests will run or not on CI given the feature flag? I've been running all of the tests in this file using the below which is why I'm asking.
cargo test -p matrix-sdk --features experimental-sliding-sync,experimental-oidc authentication::service
There was a problem hiding this comment.
The "all crates" CI steps will run all the tests with the necessary features as required by the combination of crates in the workspace; because we have the bindings and the UI crate, that means experimental-sliding-sync and experimental-oidc are enabled by default. And you can check that by seeing that some of the oidc tests are run in those CI steps. So this feature guard should work.
You can also double-check if the following command line runs the test:
cargo nextest run --workspace --exclude matrix-sdk-integration-testing --features testing -- test_name
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #3049 +/- ##
==========================================
+ Coverage 83.72% 83.89% +0.17%
==========================================
Files 223 223
Lines 23367 23548 +181
==========================================
+ Hits 19564 19756 +192
+ Misses 3803 3792 -11 ☔ View full report in Codecov by Sentry. |
| .map_err(|error| AuthenticationError::Generic { message: error.to_string() })?; | ||
| let session = client.matrix_auth().session().context( | ||
| "Login was successful but is missing a valid Session to configure the file store.", | ||
| )?; | ||
|
|
||
| self.finalize_client(client, session, whoami.user_id) |
There was a problem hiding this comment.
The main point of this refactor was to get to a stage where everything was tested so we could fix the requirement of creating a second client after login. However! This first step seems to make more than enough changes before trying to rationalise what to do with the 2 different types of client builder, so if it still a requirement for this part to move into the SDK, I suggest we tackle that in a follow-up PR.
As it stands right now, I've attempted to implement the AuthenticationService with the idea of using it from Rust more than the FFI use case.
| client.inner.oidc().full_session().ok_or(AuthenticationError::SessionMissing)?; | ||
| // Login and get the user ID that was resolved by the authentication server. | ||
| let client = RUNTIME.block_on(self.inner.login_with_oidc_callback( | ||
| OidcAuthorizationData { |
There was a problem hiding this comment.
Looking at it, the OidcAuthenticationData struct can likely be removed now, in favour of exposing this one through uniffi.
|
|
||
| /// Errors related to authentication through the `AuthenticationService`. | ||
| #[derive(Debug, thiserror::Error)] | ||
| #[cfg_attr(feature = "uniffi", derive(uniffi::Error), uniffi(flat_error))] |
There was a problem hiding this comment.
I have a feeling the right option here would (sadly) be to duplicate this enum in the FFI, and box the underlying messages instead of using to_string() on them. Didn't want to do that until this had been reviewed, maybe its ok, I'm not sure?
| // Now we've verified that it's a valid homeserver, make sure | ||
| // there's a sliding sync proxy available one way or another. | ||
| #[cfg(feature = "experimental-sliding-sync")] | ||
| if self.custom_sliding_sync_proxy.read().unwrap().is_none() | ||
| && client.sliding_sync_proxy().is_none() | ||
| { | ||
| return Err(AuthenticationError::SlidingSyncNotAvailable); | ||
| } |
There was a problem hiding this comment.
I don't know if this is a rational approach to take here given anyone might want to use this service now, but its the behaviour we have been using in the FFI.
There was a problem hiding this comment.
Indeed, we can't mandate usage of sliding sync for users of the authentication API, so this would probably need to go. This was specific to the FFI layer which only uses Sliding Sync, so there it would make sense to have such a check IMO.
| // TODO: Is it normal to split up the implementation into public and private | ||
| // like this? |
There was a problem hiding this comment.
Just highlighting this here to find out the answer :)
fix: Remove useless result.
- Configuration and password login for now.
pixlwave
force-pushed
the
doug/authentication-service-for-real
branch
from
8cf7550 to
5cdc032
Compare
This PR moves the AuthenticationService from the FFI into the SDK crate and transforms the FFI layer into a light wrapping around it. Closes #3029.
It would be best to review this PR commit by commit.
Todo
finalise_clientin the FFI (given the FFI builder is somewhat different to the SDK builder).