BasicOIDC/src/data/users_file_entity.rs

use crate::actors::users_actor::UsersBackend;
use crate::data::entity_manager::EntityManager;
use crate::data::user::{FactorID, GrantedClients, TwoFactor, User, UserID};
use crate::utils::err::Res;
use crate::utils::time::time;
use std::net::IpAddr;

impl EntityManager<User> {
    /// Update user information
    fn update_user<F>(&mut self, id: &UserID, update: F) -> bool
    where
        F: FnOnce(User) -> User,
    {
        let user = match self.find_by_user_id(id) {
            None => return false,
            Some(user) => user,
        };

        if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
            log::error!("Failed to update user information! {:?}", e);
            return false;
        }

        true
    }
}

fn hash_password<P: AsRef<[u8]>>(pwd: P) -> Res<String> {
    Ok(bcrypt::hash(pwd, bcrypt::DEFAULT_COST)?)
}

fn verify_password<P: AsRef<[u8]>>(pwd: P, hash: &str) -> bool {
    match bcrypt::verify(pwd, hash) {
        Ok(r) => r,
        Err(e) => {
            log::warn!("Failed to verify password! {:?}", e);
            false
        }
    }
}

impl UsersBackend for EntityManager<User> {
    fn find_by_username_or_email(&self, u: &str) -> Option<User> {
        for entry in self.iter() {
            if entry.username.eq(u) || entry.email.eq(u) {
                return Some(entry.clone());
            }
        }
        None
    }

    fn find_by_user_id(&self, id: &UserID) -> Option<User> {
        for entry in self.iter() {
            if entry.uid.eq(id) {
                return Some(entry.clone());
            }
        }
        None
    }

    fn get_entire_users_list(&self) -> Vec<User> {
        self.cloned()
    }

    fn change_user_password(&mut self, id: &UserID, password: &str, temporary: bool) -> bool {
        let new_hash = match hash_password(password) {
            Ok(h) => h,
            Err(e) => {
                log::error!("Failed to hash user password! {}", e);
                return false;
            }
        };

        self.update_user(id, |mut user| {
            user.password = new_hash;
            user.need_reset_password = temporary;
            user.two_factor_exemption_after_successful_login = Default::default();
            user
        })
    }

    fn verify_user_password(&self, user: &UserID, password: &str) -> bool {
        self.find_by_user_id(user)
            .map(|u| verify_password(password, &u.password))
            .unwrap_or(false)
    }

    fn add_2fa_factor(&mut self, id: &UserID, factor: TwoFactor) -> bool {
        self.update_user(id, |mut user| {
            user.two_factor.push(factor);
            user
        })
    }

    fn remove_2fa_factor(&mut self, id: &UserID, factor_id: FactorID) -> bool {
        self.update_user(id, |mut user| {
            user.two_factor.retain(|f| f.id != factor_id);
            user
        })
    }

    fn save_new_successful_2fa_authentication(&mut self, id: &UserID, ip: IpAddr) -> bool {
        self.update_user(id, |mut user| {
            user.last_successful_2fa.insert(ip, time());

            // Remove outdated successful attempts
            user.remove_outdated_successful_2fa_attempts();

            user
        })
    }

    fn clear_2fa_login_history(&mut self, id: &UserID) -> bool {
        self.update_user(id, |mut user| {
            user.last_successful_2fa = Default::default();
            user
        })
    }

    fn delete_account(&mut self, id: &UserID) -> bool {
        let user = match self.find_by_user_id(id) {
            None => {
                log::warn!(
                    "Could not delete account {:?} because it was not found!",
                    id
                );
                return false;
            }
            Some(s) => s,
        };

        match self.remove(&user) {
            Ok(_) => true,
            Err(e) => {
                log::error!("Failed to update delete account! {:?}", e);
                false
            }
        }
    }

    fn set_granted_2fa_clients(&mut self, id: &UserID, clients: GrantedClients) -> bool {
        self.update_user(id, |mut user| {
            user.authorized_clients = clients.to_user();
            user
        })
    }

    fn update_or_insert_user(&mut self, user: User) -> Res {
        self.update_or_push(user)
    }
}
Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`use crate::actors::users_actor::UsersBackend;`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`use crate::data::entity_manager::EntityManager;`
Refactor users management (#6) * Use asynchronous interface to set authorized clients list 2022-11-26 13:51:08 +00:00			`use crate::data::user::{FactorID, GrantedClients, TwoFactor, User, UserID};`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`use crate::utils::err::Res;`
			`use crate::utils::time::time;`
			`use std::net::IpAddr;`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`impl EntityManager<User> {`
			`/// Update user information`
			`fn update_user<F>(&mut self, id: &UserID, update: F) -> bool`
			`where`
			`F: FnOnce(User) -> User,`
			`{`
			`let user = match self.find_by_user_id(id) {`
			`None => return false,`
			`Some(user) => user,`
			`};`

			`if let Err(e) = self.replace_entries(\|u\| u.uid.eq(id), &update(user)) {`
			`log::error!("Failed to update user information! {:?}", e);`
			`return false;`
			`}`

			`true`
			`}`
			`}`

Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`fn hash_password<P: AsRef<[u8]>>(pwd: P) -> Res<String> {`
			`Ok(bcrypt::hash(pwd, bcrypt::DEFAULT_COST)?)`
			`}`

			`fn verify_password<P: AsRef<[u8]>>(pwd: P, hash: &str) -> bool {`
			`match bcrypt::verify(pwd, hash) {`
			`Ok(r) => r,`
			`Err(e) => {`
			`log::warn!("Failed to verify password! {:?}", e);`
			`false`
			`}`
			`}`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`impl UsersBackend for EntityManager<User> {`
			`fn find_by_username_or_email(&self, u: &str) -> Option<User> {`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`for entry in self.iter() {`
			`if entry.username.eq(u) \|\| entry.email.eq(u) {`
			`return Some(entry.clone());`
			`}`
			`}`
			`None`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn find_by_user_id(&self, id: &UserID) -> Option<User> {`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`for entry in self.iter() {`
			`if entry.uid.eq(id) {`
			`return Some(entry.clone());`
			`}`
			`}`
			`None`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn get_entire_users_list(&self) -> Vec<User> {`
			`self.cloned()`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn change_user_password(&mut self, id: &UserID, password: &str, temporary: bool) -> bool {`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`let new_hash = match hash_password(password) {`
			`Ok(h) => h,`
			`Err(e) => {`
			`log::error!("Failed to hash user password! {}", e);`
			`return false;`
			`}`
			`};`

			`self.update_user(id, \|mut user\| {`
			`user.password = new_hash;`
			`user.need_reset_password = temporary;`
			`user.two_factor_exemption_after_successful_login = Default::default();`
			`user`
			`})`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn verify_user_password(&self, user: &UserID, password: &str) -> bool {`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`self.find_by_user_id(user)`
			`.map(\|u\| verify_password(password, &u.password))`
			`.unwrap_or(false)`
			`}`

Refactor users management (#3) * Improve creation of 2FA factors 2022-11-19 17:27:08 +00:00			`fn add_2fa_factor(&mut self, id: &UserID, factor: TwoFactor) -> bool {`
			`self.update_user(id, \|mut user\| {`
			`user.two_factor.push(factor);`
			`user`
			`})`
			`}`

Refactor users management (#4) * Improve deletion of 2FA factors 2022-11-19 17:35:41 +00:00			`fn remove_2fa_factor(&mut self, id: &UserID, factor_id: FactorID) -> bool {`
			`self.update_user(id, \|mut user\| {`
			`user.two_factor.retain(\|f\| f.id != factor_id);`
			`user`
			`})`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn save_new_successful_2fa_authentication(&mut self, id: &UserID, ip: IpAddr) -> bool {`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`self.update_user(id, \|mut user\| {`
			`user.last_successful_2fa.insert(ip, time());`

			`// Remove outdated successful attempts`
			`user.remove_outdated_successful_2fa_attempts();`

			`user`
			`})`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn clear_2fa_login_history(&mut self, id: &UserID) -> bool {`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`self.update_user(id, \|mut user\| {`
			`user.last_successful_2fa = Default::default();`
			`user`
			`})`
			`}`
Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00
			`fn delete_account(&mut self, id: &UserID) -> bool {`
			`let user = match self.find_by_user_id(id) {`
			`None => {`
			`log::warn!(`
			`"Could not delete account {:?} because it was not found!",`
			`id`
			`);`
			`return false;`
			`}`
			`Some(s) => s,`
			`};`

			`match self.remove(&user) {`
			`Ok(_) => true,`
			`Err(e) => {`
			`log::error!("Failed to update delete account! {:?}", e);`
			`false`
			`}`
			`}`
			`}`

Refactor users management (#6) * Use asynchronous interface to set authorized clients list 2022-11-26 13:51:08 +00:00			`fn set_granted_2fa_clients(&mut self, id: &UserID, clients: GrantedClients) -> bool {`
			`self.update_user(id, \|mut user\| {`
			`user.authorized_clients = clients.to_user();`
			`user`
			`})`
			`}`

Refactor users management (#2) * Create UserBackend trait 2022-11-19 17:18:46 +00:00			`fn update_or_insert_user(&mut self, user: User) -> Res {`
			`self.update_or_push(user)`
			`}`
Refactor users management * Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification 2022-11-19 16:52:35 +00:00			`}`