diff options
Diffstat (limited to 'src/api/auth/password.rs')
-rw-r--r-- | src/api/auth/password.rs | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs index 0eeab4f..56ad2a2 100644 --- a/src/api/auth/password.rs +++ b/src/api/auth/password.rs @@ -64,15 +64,15 @@ pub(crate) async fn change_start( let key_fetch_token = SecretBytes::generate(); let key_req = KeyFetchReq::from_token(&key_fetch_token); let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle { - ka: user.ka.0.clone(), - wrap_kb: stretched.decrypt_wwkb(&user.wrapwrap_kb.0), + ka: SecretBytes(user.ka.0), + wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), }); - db.add_key_fetch(KeyFetchID(key_req.token_id.0), &HawkKey(key_req.req_hmac_key), &wrapped) + db.add_key_fetch(KeyFetchID(key_req.token_id.0), &HawkKey(key_req.req_hmac_key.0), &wrapped) .await?; db.add_password_change( &uid, &PasswordChangeID(change_req.token_id.0), - &HawkKey(change_req.req_hmac_key), + &HawkKey(change_req.req_hmac_key.0), None, ) .await?; @@ -99,7 +99,10 @@ impl<const IS_FORGOT: bool> AuthSource for WithChangeToken<IS_FORGOT> { .await .success_or_else(|| anyhow!("could not open db connection"))?; let db = pool.begin().await?; - let result = db.finish_password_change(id, IS_FORGOT).await.map(|(h, ctx)| (h.0, ctx))?; + let result = db + .finish_password_change(id, IS_FORGOT) + .await + .map(|(h, ctx)| (SecretBytes(h.0), ctx))?; db.commit().await?; Ok(result) } @@ -151,7 +154,7 @@ pub(crate) async fn change_finish( db.change_user_auth( &data.context.0, auth_salt, - SecretKey(wrapwrap_kb), + SecretKey(wrapwrap_kb.0), VerifyHash(verify_hash), ) .await?; @@ -209,7 +212,7 @@ pub(crate) async fn forgot_start( db.add_password_change( &uid, &PasswordChangeID(forgot_req.token_id.0), - &HawkKey(forgot_req.req_hmac_key), + &HawkKey(forgot_req.req_hmac_key.0), Some(&forgot_code), ) .await?; @@ -252,7 +255,7 @@ pub(crate) async fn forgot_finish( db.add_account_reset( &data.context.0, &AccountResetID(reset_req.token_id.0), - &HawkKey(reset_req.req_hmac_key), + &HawkKey(reset_req.req_hmac_key.0), ) .await?; |