From 55343df9c1f54113b5f2ed04cecfadf0670887c7 Mon Sep 17 00:00:00 2001 From: pennae Date: Sun, 17 Jul 2022 11:43:52 +0200 Subject: add dedicated types for all the tokens using SecretBytes for all of them isn't that great. --- src/api/auth/password.rs | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) (limited to 'src/api/auth/password.rs') diff --git a/src/api/auth/password.rs b/src/api/auth/password.rs index 56ad2a2..ae5bd6d 100644 --- a/src/api/auth/password.rs +++ b/src/api/auth/password.rs @@ -9,11 +9,14 @@ use validator::Validate; use crate::{ api::auth, auth::{AuthSource, Authenticated}, - crypto::{AccountResetReq, AuthPW, KeyBundle, KeyFetchReq, PasswordChangeReq, SecretBytes}, + crypto::{ + AccountResetReq, AccountResetToken, AuthPW, KeyBundle, KeyFetchReq, KeyFetchToken, + PasswordChangeReq, PasswordChangeToken, SecretBytes, + }, db::{Db, DbConn}, mailer::Mailer, types::{ - AccountResetID, HawkKey, KeyFetchID, OauthToken, PasswordChangeID, SecretKey, UserID, + HawkKey, OauthToken, PasswordChangeID, SecretKey, UserID, VerifyHash, }, }; @@ -34,8 +37,8 @@ pub(crate) struct ChangeStartReq { #[derive(Debug, Serialize)] #[allow(non_snake_case)] pub(crate) struct ChangeStartResp { - keyFetchToken: SecretBytes<32>, - passwordChangeToken: SecretBytes<32>, + keyFetchToken: KeyFetchToken, + passwordChangeToken: PasswordChangeToken, } #[post("/password/change/start", data = "")] @@ -59,19 +62,19 @@ pub(crate) async fn change_start( return Err(auth::Error::IncorrectPassword); } - let change_token = SecretBytes::generate(); - let change_req = PasswordChangeReq::from_change_token(&change_token); - let key_fetch_token = SecretBytes::generate(); - let key_req = KeyFetchReq::from_token(&key_fetch_token); + let change_token = PasswordChangeToken::generate(); + let change_req = PasswordChangeReq::derive_from_change_token(&change_token); + let key_fetch_token = KeyFetchToken::generate(); + let key_req = KeyFetchReq::derive_from(&key_fetch_token); let wrapped = key_req.derive_resp().wrap_keys(&KeyBundle { ka: SecretBytes(user.ka.0), wrap_kb: stretched.decrypt_wwkb(&SecretBytes(user.wrapwrap_kb.0)), }); - db.add_key_fetch(KeyFetchID(key_req.token_id.0), &HawkKey(key_req.req_hmac_key.0), &wrapped) + db.add_key_fetch(key_req.token_id, &HawkKey(key_req.req_hmac_key.0), &wrapped) .await?; db.add_password_change( &uid, - &PasswordChangeID(change_req.token_id.0), + &change_req.token_id, &HawkKey(change_req.req_hmac_key.0), None, ) @@ -183,7 +186,7 @@ pub(crate) struct ForgotStartReq { #[derive(Debug, Serialize)] #[allow(non_snake_case)] pub(crate) struct ForgotStartResp { - passwordForgotToken: SecretBytes<32>, + passwordForgotToken: PasswordChangeToken, ttl: u32, codeLength: u32, tries: u32, @@ -207,11 +210,11 @@ pub(crate) async fn forgot_start( } let forgot_code = hex::encode(SecretBytes::<16>::generate().0); - let forgot_token = SecretBytes::generate(); - let forgot_req = PasswordChangeReq::from_forgot_token(&forgot_token); + let forgot_token = PasswordChangeToken::generate(); + let forgot_req = PasswordChangeReq::derive_from_forgot_token(&forgot_token); db.add_password_change( &uid, - &PasswordChangeID(forgot_req.token_id.0), + &forgot_req.token_id, &HawkKey(forgot_req.req_hmac_key.0), Some(&forgot_code), ) @@ -238,7 +241,7 @@ pub(crate) struct ForgotFinishReq { #[derive(Debug, Serialize)] #[allow(non_snake_case)] pub(crate) struct ForgotFinishResp { - accountResetToken: SecretBytes<32>, + accountResetToken: AccountResetToken, } #[post("/password/forgot/verify_code", data = "")] @@ -250,11 +253,11 @@ pub(crate) async fn forgot_finish( return Err(auth::Error::InvalidVerificationCode); } - let reset_token = SecretBytes::generate(); - let reset_req = AccountResetReq::from_token(&reset_token); + let reset_token = AccountResetToken::generate(); + let reset_req = AccountResetReq::derive_from(&reset_token); db.add_account_reset( &data.context.0, - &AccountResetID(reset_req.token_id.0), + &reset_req.token_id, &HawkKey(reset_req.req_hmac_key.0), ) .await?; -- cgit v1.2.3