simplify CSRF API

This commit gets rid of the CsrfToken type,
simplifying submission handling:

  // before
  let csrf_token = req.csrf_token(&mut response);
  let msg: FormData = body.into_form_csrf(&csrf_token).await?;

  // after
  let msg: FormData = body.into_form_csrf(req).await?;

As well as HTML input retrieval:

  // before
  req.csrf_token(&mut response).html_input();

  // after
  req.csrf_html_input(&mut response);

This commit also merges the CsrfError type into CsrfProtectedFormError.

bump version to 0.3.1

1 files changed, 1 insertions, 34 deletions

diff --git a/src/security.rs b/src/security.rs
index 5247d9e..0ffa7a0 100644
--- a/src/security.rs
+++ b/src/security.rs
@@ -1,42 +1,9 @@
-//! [`CsrfToken`], [`Key`] and functions to encode & decode expiring claims.
+//! [`Key`] and functions to encode & decode expiring claims.
 
 use time::OffsetDateTime;
-use thiserror::Error;
 
 pub use crate::signed::Key;
 
-/// A cookie-based CSRF token to be used with [`crate::request::SputnikBody::into_form_csrf`].
-pub struct CsrfToken {
-    pub(crate) token: String,
-    pub(crate) from_client: bool,
-}
-
-#[derive(Error, Debug)]
-pub enum CsrfError {
-    #[error("expected csrf cookie")]
-    NoCookie,
-
-    #[error("csrf parameter doesn't match csrf cookie")]
-    Mismatch,
-}
-
-impl CsrfToken {
-    /// Wraps the token in a hidden HTML input.
-    pub fn html_input(&self) -> String {
-        format!("<input name=csrf type=hidden value=\"{}\">", self.token)
-    }
-
-    pub(crate) fn matches(&self, str: String) -> Result<(), CsrfError> {
-        if !self.from_client {
-            return Err(CsrfError::NoCookie)
-        }
-        if self.token != str {
-            return Err(CsrfError::Mismatch)
-        }
-        Ok(())
-    }
-}
-
 /// Join a string and an expiry date together into a string.
 pub fn encode_expiring_claim(claim: &str, expiry_date: OffsetDateTime) -> String {
     format!("{}:{}", claim, expiry_date.unix_timestamp())