1 files changed, 7 insertions, 28 deletions

diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs
index ae5bd6d..e389261 100644
--- a/src/api/auth/password.rs
+++ b/src/api/auth/password.rs
@@ -15,10 +15,7 @@ use crate::{
     },
     db::{Db, DbConn},
     mailer::Mailer,
-    types::{
-        HawkKey, OauthToken, PasswordChangeID, SecretKey, UserID,
-        VerifyHash,
-    },
+    types::{HawkKey, OauthToken, PasswordChangeID, SecretKey, UserID, VerifyHash},
 };
 
 // MISSING get /password/forgot/status
@@ -70,15 +67,8 @@ pub(crate) async fn change_start(
         ka: SecretBytes(user.ka.0),
         wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)),
     });
-    db.add_key_fetch(key_req.token_id, &HawkKey(key_req.req_hmac_key.0), &wrapped)
-        .await?;
-    db.add_password_change(
-        &uid,
-        &change_req.token_id,
-        &HawkKey(change_req.req_hmac_key.0),
-        None,
-    )
-    .await?;
+    db.add_key_fetch(key_req.token_id, &key_req.req_hmac_key, &wrapped).await?;
+    db.add_password_change(&uid, &change_req.token_id, &change_req.req_hmac_key, None).await?;
 
     Ok(Json(ChangeStartResp { keyFetchToken: key_fetch_token, passwordChangeToken: change_token }))
 }
@@ -92,20 +82,14 @@ pub(crate) struct WithChangeToken<const IS_FORGOT: bool>;
 impl<const IS_FORGOT: bool> AuthSource for WithChangeToken<IS_FORGOT> {
     type ID = PasswordChangeID;
     type Context = (UserID, Option<String>);
-    async fn hawk(
-        r: &Request<'_>,
-        id: &PasswordChangeID,
-    ) -> Result<(SecretBytes<32>, Self::Context)> {
+    async fn hawk(r: &Request<'_>, id: &PasswordChangeID) -> Result<(HawkKey, Self::Context)> {
         // unlike key fetch we'll use a separate transaction here since the body of the
         // handler can fail.
         let pool = <&Db as FromRequest>::from_request(r)
             .await
             .success_or_else(|| anyhow!("could not open db connection"))?;
         let db = pool.begin().await?;
-        let result = db
-            .finish_password_change(id, IS_FORGOT)
-            .await
-            .map(|(h, ctx)| (SecretBytes(h.0), ctx))?;
+        let result = db.finish_password_change(id, IS_FORGOT).await?;
         db.commit().await?;
         Ok(result)
     }
@@ -215,7 +199,7 @@ pub(crate) async fn forgot_start(
     db.add_password_change(
         &uid,
         &forgot_req.token_id,
-        &HawkKey(forgot_req.req_hmac_key.0),
+        &forgot_req.req_hmac_key,
         Some(&forgot_code),
     )
     .await?;
@@ -255,12 +239,7 @@ pub(crate) async fn forgot_finish(
 
     let reset_token = AccountResetToken::generate();
     let reset_req = AccountResetReq::derive_from(&reset_token);
-    db.add_account_reset(
-        &data.context.0,
-        &reset_req.token_id,
-        &HawkKey(reset_req.req_hmac_key.0),
-    )
-    .await?;
+    db.add_account_reset(&data.context.0, &reset_req.token_id, &reset_req.req_hmac_key).await?;
 
     Ok(Json(ForgotFinishResp { accountResetToken: reset_token }))
 }