Upgrade to Rust 1.89.0

.github/workflows/ci.yaml

@@ -215,7 +215,7 @@ jobs:
         uses: actions/checkout@v5
 
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@1.87.0
+        uses: dtolnay/rust-toolchain@1.89.0
         with:
           components: clippy
 

Dockerfile

@@ -12,7 +12,7 @@
 # The Debian version and version name must be in sync
 ARG DEBIAN_VERSION=12
 ARG DEBIAN_VERSION_NAME=bookworm
-ARG RUSTC_VERSION=1.87.0
+ARG RUSTC_VERSION=1.89.0
 ARG NODEJS_VERSION=20.15.0
 ARG OPA_VERSION=1.1.0
 ARG CARGO_AUDITABLE_VERSION=0.6.6

clippy.toml

@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
 # Please see LICENSE files in the repository root for full details.
 
-doc-valid-idents = ["OpenID", "OAuth", "..", "PostgreSQL", "SQLite"]
+doc-valid-idents = ["OpenID", "OAuth", "UserInfo", "..", "PostgreSQL", "SQLite"]
 
 disallowed-methods = [
     { path = "rand::thread_rng", reason = "do not create rngs on the fly, pass them as parameters" },

crates/cli/build.rs

@@ -12,13 +12,13 @@ fn main() -> anyhow::Result<()> {
     // At build time, we override the version through the environment variable
     // VERGEN_GIT_DESCRIBE. In some contexts, it means this variable is set but
     // empty, so we unset it here.
-    if let Ok(ver) = std::env::var("VERGEN_GIT_DESCRIBE") {
-        if ver.is_empty() {
-            #[allow(unsafe_code)]
-            // SAFETY: This is safe because the build script is running a single thread
-            unsafe {
-                std::env::remove_var("VERGEN_GIT_DESCRIBE");
-            }
+    if let Ok(ver) = std::env::var("VERGEN_GIT_DESCRIBE")
+        && ver.is_empty()
+    {
+        #[allow(unsafe_code)]
+        // SAFETY: This is safe because the build script is running a single thread
+        unsafe {
+            std::env::remove_var("VERGEN_GIT_DESCRIBE");
         }
     }
 

crates/cli/src/app_state.rs

@@ -275,10 +275,10 @@ fn infer_client_ip(
 
     let peer = if let Some(info) = connection_info {
         // We can always trust the proxy protocol to give us the correct IP address
-        if let Some(proxy) = info.get_proxy_ref() {
-            if let Some(source) = proxy.source() {
-                return Some(source.ip());
-            }
+        if let Some(proxy) = info.get_proxy_ref()
+            && let Some(source) = proxy.source()
+        {
+            return Some(source.ip());
         }
 
         info.get_peer_addr().map(|addr| addr.ip())

crates/cli/src/commands/manage.rs

@@ -619,13 +619,12 @@ impl Options {
                 let txn = conn.begin().await?;
                 let mut repo = PgRepository::from_conn(txn);
 
-                if let Some(password) = &password {
-                    if !ignore_password_complexity
-                        && !password_manager.is_password_complex_enough(password)?
-                    {
-                        error!("That password is too weak.");
-                        return Ok(ExitCode::from(1));
-                    }
+                if let Some(password) = &password
+                    && !ignore_password_complexity
+                    && !password_manager.is_password_complex_enough(password)?
+                {
+                    error!("That password is too weak.");
+                    return Ok(ExitCode::from(1));
                 }
 
                 // If the username is provided, check if it's available and normalize it.

crates/cli/src/sync.rs

@@ -208,11 +208,11 @@ pub async fn config_sync(
                     // private key to hold the content of the private key file.
                     // private key (raw) takes precedence so both can be defined
                     // without issues
-                    if siwa.private_key.is_none() {
-                        if let Some(private_key_file) = siwa.private_key_file.take() {
-                            let key = tokio::fs::read_to_string(private_key_file).await?;
-                            siwa.private_key = Some(key);
-                        }
+                    if siwa.private_key.is_none()
+                        && let Some(private_key_file) = siwa.private_key_file.take()
+                    {
+                        let key = tokio::fs::read_to_string(private_key_file).await?;
+                        siwa.private_key = Some(key);
                     }
                     let encoded = serde_json::to_vec(&siwa)?;
                     Some(encrypter.encrypt_to_string(&encoded)?)

crates/config/src/sections/secrets.rs

@@ -149,7 +149,7 @@ impl KeyConfig {
     /// Returns the password in case any is provided.
     ///
     /// If `password_file` was given, the password is read from that file.
-    async fn password(&self) -> anyhow::Result<Option<Cow<[u8]>>> {
+    async fn password(&self) -> anyhow::Result<Option<Cow<'_, [u8]>>> {
         Ok(match &self.password {
             Some(Password::File(path)) => Some(Cow::Owned(tokio::fs::read(path).await?)),
             Some(Password::Value(password)) => Some(Cow::Borrowed(password.as_bytes())),
@@ -160,7 +160,7 @@ impl KeyConfig {
     /// Returns the key.
     ///
     /// If `key_file` was given, the key is read from that file.
-    async fn key(&self) -> anyhow::Result<Cow<[u8]>> {
+    async fn key(&self) -> anyhow::Result<Cow<'_, [u8]>> {
         Ok(match &self.key {
             Key::File(path) => Cow::Owned(tokio::fs::read(path).await?),
             Key::Value(key) => Cow::Borrowed(key.as_bytes()),

crates/config/src/sections/telemetry.rs

@@ -198,34 +198,34 @@ impl ConfigurationSection for TelemetryConfig {
         &self,
         _figment: &figment::Figment,
     ) -> Result<(), Box<dyn std::error::Error + Send + Sync + 'static>> {
-        if let Some(sample_rate) = self.sentry.sample_rate {
-            if !(0.0..=1.0).contains(&sample_rate) {
-                return Err(figment::error::Error::custom(
-                    "Sentry sample rate must be between 0.0 and 1.0",
-                )
-                .with_path("sentry.sample_rate")
-                .into());
-            }
+        if let Some(sample_rate) = self.sentry.sample_rate
+            && !(0.0..=1.0).contains(&sample_rate)
+        {
+            return Err(figment::error::Error::custom(
+                "Sentry sample rate must be between 0.0 and 1.0",
+            )
+            .with_path("sentry.sample_rate")
+            .into());
         }
 
-        if let Some(sample_rate) = self.sentry.traces_sample_rate {
-            if !(0.0..=1.0).contains(&sample_rate) {
-                return Err(figment::error::Error::custom(
-                    "Sentry sample rate must be between 0.0 and 1.0",
-                )
-                .with_path("sentry.traces_sample_rate")
-                .into());
-            }
+        if let Some(sample_rate) = self.sentry.traces_sample_rate
+            && !(0.0..=1.0).contains(&sample_rate)
+        {
+            return Err(figment::error::Error::custom(
+                "Sentry sample rate must be between 0.0 and 1.0",
+            )
+            .with_path("sentry.traces_sample_rate")
+            .into());
         }
 
-        if let Some(sample_rate) = self.tracing.sample_rate {
-            if !(0.0..=1.0).contains(&sample_rate) {
-                return Err(figment::error::Error::custom(
-                    "Tracing sample rate must be between 0.0 and 1.0",
-                )
-                .with_path("tracing.sample_rate")
-                .into());
-            }
+        if let Some(sample_rate) = self.tracing.sample_rate
+            && !(0.0..=1.0).contains(&sample_rate)
+        {
+            return Err(figment::error::Error::custom(
+                "Tracing sample rate must be between 0.0 and 1.0",
+            )
+            .with_path("tracing.sample_rate")
+            .into());
         }
 
         Ok(())

crates/config/src/sections/upstream_oauth2.rs

@@ -652,7 +652,7 @@ pub struct Provider {
 
     /// What to do when receiving an OIDC Backchannel logout request.
     ///
-    /// Defaults to "do_nothing".
+    /// Defaults to `do_nothing`.
     #[serde(default, skip_serializing_if = "OnBackchannelLogout::is_default")]
     pub on_backchannel_logout: OnBackchannelLogout,
 }

crates/context/src/fmt.rs

@@ -129,31 +129,31 @@ where
         field_fromatter.format_fields(writer.by_ref(), event)?;
 
         // If we have a OTEL span, we can add the trace ID to the end of the log line
-        if let Some(span) = ctx.lookup_current() {
-            if let Some(otel) = span.extensions().get::<OtelData>() {
-                let parent_cx_span = otel.parent_cx.span();
-                let sc = parent_cx_span.span_context();
-
-                // Check if the span is sampled, first from the span builder,
-                // then from the parent context if nothing is set there
-                if otel
-                    .builder
-                    .sampling_result
-                    .as_ref()
-                    .map_or(sc.is_sampled(), |r| {
-                        r.decision == SamplingDecision::RecordAndSample
-                    })
-                {
-                    // If it is the root span, the trace ID will be in the span builder. Else, it
-                    // will be in the parent OTEL context
-                    let trace_id = otel.builder.trace_id.unwrap_or(sc.trace_id());
-                    if trace_id != TraceId::INVALID {
-                        let label = Style::new()
-                            .italic()
-                            .force_styling(ansi)
-                            .apply_to("trace.id");
-                        write!(&mut writer, " {label}={trace_id}")?;
-                    }
+        if let Some(span) = ctx.lookup_current()
+            && let Some(otel) = span.extensions().get::<OtelData>()
+        {
+            let parent_cx_span = otel.parent_cx.span();
+            let sc = parent_cx_span.span_context();
+
+            // Check if the span is sampled, first from the span builder,
+            // then from the parent context if nothing is set there
+            if otel
+                .builder
+                .sampling_result
+                .as_ref()
+                .map_or(sc.is_sampled(), |r| {
+                    r.decision == SamplingDecision::RecordAndSample
+                })
+            {
+                // If it is the root span, the trace ID will be in the span builder. Else, it
+                // will be in the parent OTEL context
+                let trace_id = otel.builder.trace_id.unwrap_or(sc.trace_id());
+                if trace_id != TraceId::INVALID {
+                    let label = Style::new()
+                        .italic()
+                        .force_styling(ansi)
+                        .apply_to("trace.id");
+                    write!(&mut writer, " {label}={trace_id}")?;
                 }
             }
         }

crates/data-model/src/oauth2/authorization_grant.rs

@@ -173,7 +173,7 @@ impl std::ops::Deref for AuthorizationGrant {
 
 impl AuthorizationGrant {
     #[must_use]
-    pub fn parse_login_hint(&self, homeserver: &str) -> LoginHint {
+    pub fn parse_login_hint(&self, homeserver: &str) -> LoginHint<'_> {
         let Some(login_hint) = &self.login_hint else {
             return LoginHint::None;
         };

crates/data-model/src/upstream_oauth2/provider.rs

@@ -289,7 +289,7 @@ pub struct UpstreamOAuthProvider {
 
 impl PartialOrd for UpstreamOAuthProvider {
     fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
-        Some(self.id.cmp(&other.id))
+        Some(self.cmp(other))
     }
 }
 

crates/data-model/src/user_agent.rs

@@ -88,32 +88,31 @@ impl UserAgent {
 
     #[must_use]
     pub fn parse(user_agent: String) -> Self {
-        if !user_agent.contains("Mozilla/") {
-            if let Some((name, version, model, os, os_version)) =
+        if !user_agent.contains("Mozilla/")
+            && let Some((name, version, model, os, os_version)) =
                 UserAgent::parse_custom(&user_agent)
-            {
-                let mut device_type = DeviceType::Unknown;
-
-                // Handle mobile simple mobile devices
-                if os == "Android" || os == "iOS" {
-                    device_type = DeviceType::Mobile;
-                }
-
-                // Handle iPads
-                if model.contains("iPad") {
-                    device_type = DeviceType::Tablet;
-                }
-
-                return Self {
-                    name: Some(name.to_owned()),
-                    version: Some(version.to_owned()),
-                    os: Some(os.to_owned()),
-                    os_version: os_version.map(std::borrow::ToOwned::to_owned),
-                    model: Some(model.to_owned()),
-                    device_type,
-                    raw: user_agent,
-                };
+        {
+            let mut device_type = DeviceType::Unknown;
+
+            // Handle mobile simple mobile devices
+            if os == "Android" || os == "iOS" {
+                device_type = DeviceType::Mobile;
+            }
+
+            // Handle iPads
+            if model.contains("iPad") {
+                device_type = DeviceType::Tablet;
             }
+
+            return Self {
+                name: Some(name.to_owned()),
+                version: Some(version.to_owned()),
+                os: Some(os.to_owned()),
+                os_version: os_version.map(std::borrow::ToOwned::to_owned),
+                model: Some(model.to_owned()),
+                device_type,
+                raw: user_agent,
+            };
         }
 
         let mut model = None;
@@ -205,11 +204,11 @@ impl UserAgent {
         }
 
         // Special handling for Electron applications e.g. Element Desktop
-        if user_agent.contains("Electron/") {
-            if let Some(app) = UserAgent::parse_electron(&user_agent) {
-                result.name = app.0;
-                result.version = app.1;
-            }
+        if user_agent.contains("Electron/")
+            && let Some(app) = UserAgent::parse_electron(&user_agent)
+        {
+            result.name = app.0;
+            result.version = app.1;
         }
 
         Self {

crates/data-model/src/users.rs

@@ -223,17 +223,17 @@ impl UserRegistrationToken {
         }
 
         // Check if expired
-        if let Some(expires_at) = self.expires_at {
-            if now >= expires_at {
-                return false;
-            }
+        if let Some(expires_at) = self.expires_at
+            && now >= expires_at
+        {
+            return false;
         }
 
         // Check if usage limit exceeded
-        if let Some(usage_limit) = self.usage_limit {
-            if self.times_used >= usage_limit {
-                return false;
-            }
+        if let Some(usage_limit) = self.usage_limit
+            && self.times_used >= usage_limit
+        {
+            return false;
         }
 
         true

crates/handlers/src/admin/call_context.rs

@@ -187,10 +187,10 @@ where
         };
 
         // If there is a user for this session, check that it is not locked
-        if let Some(user) = &user {
-            if !user.is_valid() {
-                return Err(Rejection::UserLocked);
-            }
+        if let Some(user) = &user
+            && !user.is_valid()
+        {
+            return Err(Rejection::UserLocked);
         }
 
         if !session.is_valid() {