summaryrefslogtreecommitdiff
path: root/src/api/auth/account.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/auth/account.rs')
-rw-r--r--src/api/auth/account.rs26
1 files changed, 11 insertions, 15 deletions
diff --git a/src/api/auth/account.rs b/src/api/auth/account.rs
index c0c2099..bff2a66 100644
--- a/src/api/auth/account.rs
+++ b/src/api/auth/account.rs
@@ -15,14 +15,14 @@ use crate::crypto::{KeyFetchToken, SessionToken};
use crate::db::{Db, DbConn};
use crate::mailer::Mailer;
use crate::push::PushClient;
-use crate::types::AccountResetID;
+use crate::types::{AccountResetID, HawkKey};
use crate::utils::DeferAction;
use crate::Config;
use crate::{
api::{auth, serialize_dt},
auth::{AuthSource, Authenticated},
crypto::{AuthPW, KeyBundle, KeyFetchReq, SecretBytes, SessionCredentials},
- types::{HawkKey, KeyFetchID, OauthToken, SecretKey, User, UserID, VerifyHash},
+ types::{KeyFetchID, OauthToken, SecretKey, User, UserID, VerifyHash},
};
// TODO better error handling
@@ -104,7 +104,7 @@ pub(crate) async fn create(
ka: ka.clone(),
wrap_kb: stretched.decrypt_wwkb(&wrapwrap_kb),
});
- db.add_key_fetch(req.token_id, &HawkKey(req.req_hmac_key.0), &wrapped).await?;
+ db.add_key_fetch(req.token_id, &req.req_hmac_key, &wrapped).await?;
Some(key_fetch_token)
} else {
None
@@ -120,9 +120,8 @@ pub(crate) async fn create(
verified: false,
})
.await?;
- let auth_at = db
- .add_session(session.token_id.clone(), &uid, HawkKey(session.req_hmac_key.0), false, None)
- .await?;
+ let auth_at =
+ db.add_session(session.token_id.clone(), &uid, session.req_hmac_key, false, None).await?;
let verify_code = hex::encode(&SecretBytes::<16>::generate().0);
db.add_verify_code(&uid, &session.token_id, &verify_code).await?;
// NOTE we send the email in this context rather than a spawn to signal
@@ -208,7 +207,7 @@ pub(crate) async fn login(
ka: SecretBytes(user.ka.0),
wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)),
});
- db.add_key_fetch(req.token_id, &HawkKey(req.req_hmac_key.0), &wrapped).await?;
+ db.add_key_fetch(req.token_id, &req.req_hmac_key, &wrapped).await?;
Some(key_fetch_token)
} else {
None
@@ -219,7 +218,7 @@ pub(crate) async fn login(
.add_session(
session.token_id.clone(),
&uid,
- HawkKey(session.req_hmac_key.0),
+ session.req_hmac_key,
false,
Some(&verify_code),
)
@@ -308,10 +307,10 @@ pub(crate) struct WithKeyFetch;
impl AuthSource for WithKeyFetch {
type ID = KeyFetchID;
type Context = Vec<u8>;
- async fn hawk(r: &Request<'_>, id: &KeyFetchID) -> Result<(SecretBytes<32>, Self::Context)> {
+ async fn hawk(r: &Request<'_>, id: &KeyFetchID) -> Result<(HawkKey, Self::Context)> {
let db = Authenticated::<(), Self>::get_conn(r).await?;
db.always_commit().await?;
- Ok(db.finish_key_fetch(id).await.map(|(h, ks)| (SecretBytes(h.0), ks))?)
+ Ok(db.finish_key_fetch(id).await?)
}
async fn bearer_token(_: &Request<'_>, _: &OauthToken) -> Result<(KeyFetchID, Self::Context)> {
// key fetch tokens are only valid in hawk requests
@@ -335,17 +334,14 @@ pub(crate) struct WithResetToken;
impl AuthSource for WithResetToken {
type ID = AccountResetID;
type Context = UserID;
- async fn hawk(
- r: &Request<'_>,
- id: &AccountResetID,
- ) -> Result<(SecretBytes<32>, Self::Context)> {
+ async fn hawk(r: &Request<'_>, id: &AccountResetID) -> Result<(HawkKey, Self::Context)> {
// unlike key fetch we'll use a separate transaction here since the body of the
// handler can fail.
let pool = <&Db as FromRequest>::from_request(r)
.await
.success_or_else(|| anyhow!("could not open db connection"))?;
let db = pool.begin().await?;
- let result = db.finish_account_reset(id).await.map(|(h, ctx)| (SecretBytes(h.0), ctx))?;
+ let result = db.finish_account_reset(id).await?;
db.commit().await?;
Ok(result)
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 05:49:27 +0000