Wire U2M provider into Database::new_connection()\n\nTask ID: task-3.3-database-integration

Author: vikrantpuppala

rust/src/auth/oauth/cache.rs

@@ -27,15 +27,14 @@ use std::path::PathBuf;
 
 /// Cache key used for generating the cache filename.
 /// This struct is serialized to JSON and then hashed with SHA-256 to produce a unique filename.
-#[allow(dead_code)] // Used in Phase 3 (U2M)
+
 #[derive(Debug, Serialize, Deserialize)]
 struct CacheKey {
     host: String,
     client_id: String,
     scopes: Vec<String>,
 }
 
-#[allow(dead_code)] // Used in Phase 3 (U2M)
 impl CacheKey {
     /// Creates a new cache key from the given parameters.
     fn new(host: &str, client_id: &str, scopes: &[String]) -> Self {
@@ -69,10 +68,8 @@ impl CacheKey {
 /// set to `0o600` (owner read/write only) for security.
 ///
 /// Cache I/O errors are logged as warnings and never block authentication.
-#[allow(dead_code)] // Used in Phase 3 (U2M)
 pub(crate) struct TokenCache;
 
-#[allow(dead_code)] // Used in Phase 3 (U2M)
 impl TokenCache {
     /// Returns the cache directory path.
     /// Location: `~/.config/databricks-adbc/oauth/`

rust/src/auth/oauth/callback.rs

@@ -33,80 +33,20 @@ use tokio::sync::oneshot;
 /// HTML response sent to the browser after successful callback.
 const SUCCESS_HTML: &str = r#"<!DOCTYPE html>
 <html>
-<head>
-    <title>Authentication Successful</title>
-    <style>
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            height: 100vh;
-            margin: 0;
-            background-color: #f5f5f5;
-        }
-        .message {
-            text-align: center;
-            padding: 2rem;
-            background: white;
-            border-radius: 8px;
-            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
-        }
-        h1 {
-            color: #2e7d32;
-            margin: 0 0 1rem 0;
-        }
-        p {
-            color: #666;
-            margin: 0;
-        }
-    </style>
-</head>
+<head><title>Authentication Successful</title></head>
 <body>
-    <div class="message">
-        <h1>✓ Authentication Successful</h1>
-        <p>You can close this tab and return to your application.</p>
-    </div>
+<h1>Authentication Successful</h1>
+<p>You can close this tab and return to your application.</p>
 </body>
 </html>"#;
 
 /// HTML response sent to the browser when an error occurs.
 const ERROR_HTML: &str = r#"<!DOCTYPE html>
 <html>
-<head>
-    <title>Authentication Error</title>
-    <style>
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-            display: flex;
-            justify-content: center;
-            align-items: center;
-            height: 100vh;
-            margin: 0;
-            background-color: #f5f5f5;
-        }
-        .message {
-            text-align: center;
-            padding: 2rem;
-            background: white;
-            border-radius: 8px;
-            box-shadow: 0 2px 10px rgba(0,0,0,0.1);
-        }
-        h1 {
-            color: #c62828;
-            margin: 0 0 1rem 0;
-        }
-        p {
-            color: #666;
-            margin: 0;
-        }
-    </style>
-</head>
+<head><title>Authentication Error</title></head>
 <body>
-    <div class="message">
-        <h1>✗ Authentication Error</h1>
-        <p>An error occurred during authentication. You can close this tab and try again.</p>
-    </div>
+<h1>Authentication Error</h1>
+<p>An error occurred during authentication. You can close this tab and try again.</p>
 </body>
 </html>"#;
 
@@ -496,7 +436,7 @@ mod tests {
 
             // Read the response
             let mut response = vec![0u8; 4096];
-            stream.read(&mut response).await.ok();
+            let _ = stream.read(&mut response).await;
         });
 
         // Wait for callback
@@ -533,7 +473,7 @@ mod tests {
             stream.flush().await.ok();
 
             let mut response = vec![0u8; 4096];
-            stream.read(&mut response).await.ok();
+            let _ = stream.read(&mut response).await;
         });
 
         // Wait for callback - should fail due to state mismatch
@@ -668,9 +608,24 @@ mod tests {
 
     #[tokio::test]
     async fn test_redirect_uri_format() {
-        let server = CallbackServer::new(8020)
+        // Use port 0 to let the OS assign an available port, avoiding conflicts
+        let server = CallbackServer::new(0)
             .await
             .expect("Failed to create server");
-        assert_eq!(server.redirect_uri(), "http://localhost:8020/callback");
+        let uri = server.redirect_uri();
+        assert!(
+            uri.starts_with("http://localhost:"),
+            "Expected URI starting with http://localhost:, got: {}",
+            uri
+        );
+        // Verify the port is a valid non-zero number
+        let port: u16 = uri
+            .strip_prefix("http://localhost:")
+            .unwrap()
+            .strip_suffix("/callback")
+            .unwrap_or_else(|| uri.strip_prefix("http://localhost:").unwrap())
+            .parse()
+            .unwrap();
+        assert!(port > 0, "Expected a non-zero port, got: {}", port);
     }
 }

rust/src/auth/oauth/m2m.rs

@@ -170,77 +170,6 @@ impl ClientCredentialsProvider {
             scopes,
         })
     }
-
-    /// Exchanges client credentials for an access token.
-    ///
-    /// This method performs the OAuth 2.0 client credentials grant:
-    /// ```text
-    /// POST {token_endpoint}
-    /// Authorization: Basic base64(client_id:client_secret)
-    /// Content-Type: application/x-www-form-urlencoded
-    ///
-    /// grant_type=client_credentials&scope=all-apis
-    /// ```
-    ///
-    /// Uses the DatabricksHttpClient's inner reqwest::Client to execute the request.
-    /// The oauth2 crate adds Basic authentication header automatically.
-    ///
-    /// Note: This method is currently unused but kept for potential future use
-    /// (e.g., direct testing or alternative refresh strategies).
-    #[allow(dead_code)]
-    async fn fetch_token(&self) -> Result<OAuthToken> {
-        // Build the OAuth client
-        let oauth_client = BasicClient::new(ClientId::new(self.client_id.clone()))
-            .set_client_secret(ClientSecret::new(self.client_secret.clone()))
-            .set_auth_uri(AuthUrl::new(self.auth_endpoint.clone()).map_err(|e| {
-                DatabricksErrorHelper::invalid_argument()
-                    .message(format!("Invalid authorization endpoint URL: {}", e))
-            })?)
-            .set_token_uri(TokenUrl::new(self.token_endpoint.clone()).map_err(|e| {
-                DatabricksErrorHelper::invalid_argument()
-                    .message(format!("Invalid token endpoint URL: {}", e))
-            })?);
-
-        // Build the token request with scopes
-        let mut token_request = oauth_client.exchange_client_credentials();
-
-        for scope in &self.scopes {
-            token_request = token_request.add_scope(Scope::new(scope.clone()));
-        }
-
-        // Execute the token exchange using the inner reqwest client
-        // The oauth2 crate's reqwest::Client implements AsyncHttpClient
-        let token_response = token_request
-            .request_async(self.http_client.inner())
-            .await
-            .map_err(|e| {
-                DatabricksErrorHelper::io()
-                    .message(format!("M2M token exchange failed: {}", e))
-                    .context("client credentials grant")
-            })?;
-
-        // Convert oauth2 token response to our OAuthToken
-        let access_token = token_response.access_token().secret().to_string();
-        let token_type = token_response.token_type().as_ref().to_string();
-        let expires_in = token_response
-            .expires_in()
-            .map(|d| d.as_secs() as i64)
-            .unwrap_or(3600); // Default to 1 hour if not specified
-
-        let scopes = token_response
-            .scopes()
-            .map(|s| s.iter().map(|scope| scope.to_string()).collect())
-            .unwrap_or_else(|| self.scopes.clone());
-
-        // M2M tokens have no refresh_token
-        Ok(OAuthToken::new(
-            access_token,
-            token_type,
-            expires_in,
-            None, // No refresh token for M2M
-            scopes,
-        ))
-    }
 }
 
 impl AuthProvider for ClientCredentialsProvider {
@@ -367,20 +296,18 @@ mod tests {
         // Mock OIDC discovery
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(200).set_body_json(&serde_json::json!({
-                    "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
-                    "token_endpoint": token_endpoint,
-                })),
-            )
+            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
+                "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
+                "token_endpoint": token_endpoint,
+            })))
             .mount(&mock_server)
             .await;
 
         // Mock token endpoint - verify grant_type and Basic auth
         Mock::given(method("POST"))
             .and(path("/oidc/v1/token"))
             .and(header("content-type", "application/x-www-form-urlencoded"))
-            .respond_with(ResponseTemplate::new(200).set_body_json(&mock_token_response_body()))
+            .respond_with(ResponseTemplate::new(200).set_body_json(mock_token_response_body()))
             .expect(1)
             .mount(&mock_server)
             .await;
@@ -416,12 +343,10 @@ mod tests {
         // Mock OIDC discovery
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(200).set_body_json(&serde_json::json!({
-                    "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
-                    "token_endpoint": token_endpoint,
-                })),
-            )
+            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
+                "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
+                "token_endpoint": token_endpoint,
+            })))
             .mount(&mock_server)
             .await;
 
@@ -436,15 +361,15 @@ mod tests {
                 let count = call_count_clone.fetch_add(1, std::sync::atomic::Ordering::SeqCst);
                 if count == 0 {
                     // First call - return short-lived token
-                    ResponseTemplate::new(200).set_body_json(&serde_json::json!({
+                    ResponseTemplate::new(200).set_body_json(serde_json::json!({
                         "access_token": "initial-token",
                         "token_type": "Bearer",
                         "expires_in": 1, // Very short expiry to trigger refresh
                         "scope": "all-apis"
                     }))
                 } else {
                     // Subsequent calls - return long-lived token
-                    ResponseTemplate::new(200).set_body_json(&serde_json::json!({
+                    ResponseTemplate::new(200).set_body_json(serde_json::json!({
                         "access_token": "refreshed-token",
                         "token_type": "Bearer",
                         "expires_in": 3600,
@@ -493,19 +418,17 @@ mod tests {
         // Mock OIDC discovery with specific endpoints
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(200).set_body_json(&serde_json::json!({
-                    "authorization_endpoint": "https://custom.example.com/auth",
-                    "token_endpoint": "https://custom.example.com/token",
-                })),
-            )
+            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
+                "authorization_endpoint": "https://custom.example.com/auth",
+                "token_endpoint": "https://custom.example.com/token",
+            })))
             .mount(&mock_server)
             .await;
 
         // Mock token endpoint
         Mock::given(method("POST"))
             .and(path("/token"))
-            .respond_with(ResponseTemplate::new(200).set_body_json(&mock_token_response_body()))
+            .respond_with(ResponseTemplate::new(200).set_body_json(mock_token_response_body()))
             .mount(&mock_server)
             .await;
 
@@ -572,19 +495,17 @@ mod tests {
         // Mock OIDC discovery
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(200).set_body_json(&serde_json::json!({
-                    "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
-                    "token_endpoint": token_endpoint,
-                })),
-            )
+            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
+                "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
+                "token_endpoint": token_endpoint,
+            })))
             .mount(&mock_server)
             .await;
 
         // Mock token endpoint - should only be called once despite concurrent requests
         Mock::given(method("POST"))
             .and(path("/oidc/v1/token"))
-            .respond_with(ResponseTemplate::new(200).set_body_json(&mock_token_response_body()))
+            .respond_with(ResponseTemplate::new(200).set_body_json(mock_token_response_body()))
             .expect(1) // Verify only one token fetch occurs
             .mount(&mock_server)
             .await;
@@ -640,26 +561,22 @@ mod tests {
         // Mock OIDC discovery
         Mock::given(method("GET"))
             .and(path("/oidc/.well-known/oauth-authorization-server"))
-            .respond_with(
-                ResponseTemplate::new(200).set_body_json(&serde_json::json!({
-                    "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
-                    "token_endpoint": token_endpoint,
-                })),
-            )
+            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
+                "authorization_endpoint": format!("{}/oidc/v1/authorize", mock_server.uri()),
+                "token_endpoint": token_endpoint,
+            })))
             .mount(&mock_server)
             .await;
 
         // Mock token endpoint
         Mock::given(method("POST"))
             .and(path("/oidc/v1/token"))
-            .respond_with(
-                ResponseTemplate::new(200).set_body_json(&serde_json::json!({
-                    "access_token": "test-token-custom-scopes",
-                    "token_type": "Bearer",
-                    "expires_in": 3600,
-                    "scope": "custom-scope-1 custom-scope-2"
-                })),
-            )
+            .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
+                "access_token": "test-token-custom-scopes",
+                "token_type": "Bearer",
+                "expires_in": 3600,
+                "scope": "custom-scope-1 custom-scope-2"
+            })))
             .mount(&mock_server)
             .await;