pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor users management
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
* Shard `src/data/user.rs` into two different files
  * One for user data structure (same file)
  * One for user manipulation (new file: `user_file_entity.rs`)
* Isolate password hashing and verification
This commit is contained in:
Pierre HUBERT
2022-11-19 17:52:35 +01:00
parent 75d894d648
commit 65d334b947
7 changed files with 145 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/data/mod.rs
View File

@ -15,4 +15,5 @@ pub mod remote_ip;
pub mod session_identity;
pub mod totp_key;
pub mod user;
pub mod users_file_entity;
pub mod webauthn_manager;

93
src/data/user.rs
View File

@ -3,11 +3,9 @@ use std::net::IpAddr;
use crate::constants::SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN;
use crate::data::client::ClientID;
use crate::data::entity_manager::EntityManager;
use crate::data::login_redirect::LoginRedirect;
use crate::data::totp_key::TotpKey;
use crate::data::webauthn_manager::WebauthnPubKey;
use crate::utils::err::Res;
use crate::utils::time::{fmt_time, time};
#[derive(Clone, Debug, Eq, PartialEq, serde::Serialize, serde::Deserialize)]
@ -133,10 +131,6 @@ impl User {
}
}
pub fn verify_password<P: AsRef<[u8]>>(&self, pass: P) -> bool {
verify_password(pass, &self.password)
}
pub fn has_two_factor(&self) -> bool {
!self.two_factor.is_empty()
}
@ -247,90 +241,3 @@ impl Default for User {
}
}
}
pub fn hash_password<P: AsRef<[u8]>>(pwd: P) -> Res<String> {
Ok(bcrypt::hash(pwd, bcrypt::DEFAULT_COST)?)
}
pub fn verify_password<P: AsRef<[u8]>>(pwd: P, hash: &str) -> bool {
match bcrypt::verify(pwd, hash) {
Ok(r) => r,
Err(e) => {
log::warn!("Failed to verify password! {:?}", e);
false
}
}
}
impl EntityManager<User> {
pub fn find_by_username_or_email(&self, u: &str) -> Option<User> {
for entry in self.iter() {
if entry.username.eq(u) || entry.email.eq(u) {
return Some(entry.clone());
}
}
None
}
pub fn find_by_user_id(&self, id: &UserID) -> Option<User> {
for entry in self.iter() {
if entry.uid.eq(id) {
return Some(entry.clone());
}
}
None
}
/// Update user information
fn update_user<F>(&mut self, id: &UserID, update: F) -> bool
where
F: FnOnce(User) -> User,
{
let user = match self.find_by_user_id(id) {
None => return false,
Some(user) => user,
};
if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
log::error!("Failed to update user information! {:?}", e);
return false;
}
true
}
pub fn change_user_password(&mut self, id: &UserID, password: &str, temporary: bool) -> bool {
let new_hash = match hash_password(password) {
Ok(h) => h,
Err(e) => {
log::error!("Failed to hash user password! {}", e);
return false;
}
};
self.update_user(id, |mut user| {
user.password = new_hash;
user.need_reset_password = temporary;
user.two_factor_exemption_after_successful_login = Default::default();
user
})
}
pub fn save_new_successful_2fa_authentication(&mut self, id: &UserID, ip: IpAddr) -> bool {
self.update_user(id, |mut user| {
user.last_successful_2fa.insert(ip, time());
// Remove outdated successful attempts
user.remove_outdated_successful_2fa_attempts();
user
})
}
pub fn clear_2fa_login_history(&mut self, id: &UserID) -> bool {
self.update_user(id, |mut user| {
user.last_successful_2fa = Default::default();
user
})
}
}

98
src/data/users_file_entity.rs Normal file
View File

@ -0,0 +1,98 @@
use crate::data::entity_manager::EntityManager;
use crate::data::user::{User, UserID};
use crate::utils::err::Res;
use crate::utils::time::time;
use std::net::IpAddr;
fn hash_password<P: AsRef<[u8]>>(pwd: P) -> Res<String> {
Ok(bcrypt::hash(pwd, bcrypt::DEFAULT_COST)?)
}
fn verify_password<P: AsRef<[u8]>>(pwd: P, hash: &str) -> bool {
match bcrypt::verify(pwd, hash) {
Ok(r) => r,
Err(e) => {
log::warn!("Failed to verify password! {:?}", e);
false
}
}
}
impl EntityManager<User> {
pub fn find_by_username_or_email(&self, u: &str) -> Option<User> {
for entry in self.iter() {
if entry.username.eq(u) || entry.email.eq(u) {
return Some(entry.clone());
}
}
None
}
pub fn find_by_user_id(&self, id: &UserID) -> Option<User> {
for entry in self.iter() {
if entry.uid.eq(id) {
return Some(entry.clone());
}
}
None
}
/// Update user information
fn update_user<F>(&mut self, id: &UserID, update: F) -> bool
where
F: FnOnce(User) -> User,
{
let user = match self.find_by_user_id(id) {
None => return false,
Some(user) => user,
};
if let Err(e) = self.replace_entries(|u| u.uid.eq(id), &update(user)) {
log::error!("Failed to update user information! {:?}", e);
return false;
}
true
}
pub fn change_user_password(&mut self, id: &UserID, password: &str, temporary: bool) -> bool {
let new_hash = match hash_password(password) {
Ok(h) => h,
Err(e) => {
log::error!("Failed to hash user password! {}", e);
return false;
}
};
self.update_user(id, |mut user| {
user.password = new_hash;
user.need_reset_password = temporary;
user.two_factor_exemption_after_successful_login = Default::default();
user
})
}
pub fn verify_user_password(&self, user: &UserID, password: &str) -> bool {
self.find_by_user_id(user)
.map(|u| verify_password(password, &u.password))
.unwrap_or(false)
}
pub fn save_new_successful_2fa_authentication(&mut self, id: &UserID, ip: IpAddr) -> bool {
self.update_user(id, |mut user| {
user.last_successful_2fa.insert(ip, time());
// Remove outdated successful attempts
user.remove_outdated_successful_2fa_attempts();
user
})
}
pub fn clear_2fa_login_history(&mut self, id: &UserID) -> bool {
self.update_user(id, |mut user| {
user.last_successful_2fa = Default::default();
user
})
}
}