diff options
author | pennae <github@quasiparticle.net> | 2022-07-17 11:43:52 +0200 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2022-07-17 17:25:27 +0200 |
commit | 55343df9c1f54113b5f2ed04cecfadf0670887c7 (patch) | |
tree | 506c7b548ec6c0536a012ef7e6fe6083b7bcf4bc /src/api/auth/password.rs | |
parent | b0935f56b430223403629baa535d8b1f45ad9c6d (diff) | |
download | minor-skulk-55343df9c1f54113b5f2ed04cecfadf0670887c7.tar.gz minor-skulk-55343df9c1f54113b5f2ed04cecfadf0670887c7.tar.xz minor-skulk-55343df9c1f54113b5f2ed04cecfadf0670887c7.zip |
add dedicated types for all the tokens
using SecretBytes for all of them isn't that great.
Diffstat (limited to 'src/api/auth/password.rs')
-rw-r--r-- | src/api/auth/password.rs | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs index 56ad2a2..ae5bd6d 100644 --- a/src/api/auth/password.rs +++ b/src/api/auth/password.rs @@ -9,11 +9,14 @@ use validator::Validate; use crate::{ api::auth, auth::{AuthSource, Authenticated}, - crypto::{AccountResetReq, AuthPW, KeyBundle, KeyFetchReq, PasswordChangeReq, SecretBytes}, + crypto::{ + AccountResetReq, AccountResetToken, AuthPW, KeyBundle, KeyFetchReq, KeyFetchToken, + PasswordChangeReq, PasswordChangeToken, SecretBytes, + }, db::{Db, DbConn}, mailer::Mailer, types::{ - AccountResetID, HawkKey, KeyFetchID, OauthToken, PasswordChangeID, SecretKey, UserID, + HawkKey, OauthToken, PasswordChangeID, SecretKey, UserID, VerifyHash, }, }; @@ -34,8 +37,8 @@ pub(crate) struct ChangeStartReq { #[derive(Debug, Serialize)] #[allow(non_snake_case)] pub(crate) struct ChangeStartResp { - keyFetchToken: SecretBytes<32>, - passwordChangeToken: SecretBytes<32>, + keyFetchToken: KeyFetchToken, + passwordChangeToken: PasswordChangeToken, } #[post("/password/change/start", data = "<data>")] @@ -59,19 +62,19 @@ pub(crate) async fn change_start( return Err(auth::Error::IncorrectPassword); } - let change_token = SecretBytes::generate(); - let change_req = PasswordChangeReq::from_change_token(&change_token); - let key_fetch_token = SecretBytes::generate(); - let key_req = KeyFetchReq::from_token(&key_fetch_token); + let change_token = PasswordChangeToken::generate(); + let change_req = PasswordChangeReq::derive_from_change_token(&change_token); + let key_fetch_token = KeyFetchToken::generate(); + let key_req = KeyFetchReq::derive_from(&key_fetch_token); let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle { ka: SecretBytes(user.ka.0), wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), }); - db.add_key_fetch(KeyFetchID(key_req.token_id.0), &HawkKey(key_req.req_hmac_key.0), &wrapped) + db.add_key_fetch(key_req.token_id, &HawkKey(key_req.req_hmac_key.0), &wrapped) .await?; db.add_password_change( &uid, - &PasswordChangeID(change_req.token_id.0), + &change_req.token_id, &HawkKey(change_req.req_hmac_key.0), None, ) @@ -183,7 +186,7 @@ pub(crate) struct ForgotStartReq { #[derive(Debug, Serialize)] #[allow(non_snake_case)] pub(crate) struct ForgotStartResp { - passwordForgotToken: SecretBytes<32>, + passwordForgotToken: PasswordChangeToken, ttl: u32, codeLength: u32, tries: u32, @@ -207,11 +210,11 @@ pub(crate) async fn forgot_start( } let forgot_code = hex::encode(SecretBytes::<16>::generate().0); - let forgot_token = SecretBytes::generate(); - let forgot_req = PasswordChangeReq::from_forgot_token(&forgot_token); + let forgot_token = PasswordChangeToken::generate(); + let forgot_req = PasswordChangeReq::derive_from_forgot_token(&forgot_token); db.add_password_change( &uid, - &PasswordChangeID(forgot_req.token_id.0), + &forgot_req.token_id, &HawkKey(forgot_req.req_hmac_key.0), Some(&forgot_code), ) @@ -238,7 +241,7 @@ pub(crate) struct ForgotFinishReq { #[derive(Debug, Serialize)] #[allow(non_snake_case)] pub(crate) struct ForgotFinishResp { - accountResetToken: SecretBytes<32>, + accountResetToken: AccountResetToken, } #[post("/password/forgot/verify_code", data = "<data>")] @@ -250,11 +253,11 @@ pub(crate) async fn forgot_finish( return Err(auth::Error::InvalidVerificationCode); } - let reset_token = SecretBytes::generate(); - let reset_req = AccountResetReq::from_token(&reset_token); + let reset_token = AccountResetToken::generate(); + let reset_req = AccountResetReq::derive_from(&reset_token); db.add_account_reset( &data.context.0, - &AccountResetID(reset_req.token_id.0), + &reset_req.token_id, &HawkKey(reset_req.req_hmac_key.0), ) .await?; |