Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
bwinf
medal
Commits
db438a15
Commit
db438a15
authored
Feb 13, 2019
by
Daniel Brüning
Browse files
new passwords are now hashed before they are saved
parent
a8878f9b
Changes
5
Hide whitespace changes
Inline
Side-by-side
Cargo.lock
View file @
db438a15
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
[[package]]
name = "adler32"
version = "1.0.3"
...
...
src/db_conn_sqlite.rs
View file @
db438a15
...
...
@@ -165,10 +165,10 @@ impl MedalConnection for Connection {
});
res
.ok
()
}
fn
get_user_and_group_by_id
(
&
self
,
user_id
:
u32
)
->
Option
<
(
SessionUser
,
Option
<
Group
>
)
>
{
let
session
=
self
.get_user_by_id
(
user_id
)
?
;
println!
(
"A"
);
let
group_id
=
match
session
.managed_by
{
Some
(
id
)
=>
id
,
...
...
@@ -853,18 +853,3 @@ impl MedalObject<Connection> for Group {
}
}
}
pub
trait
SetPassword
{
fn
set_password
(
&
mut
self
,
&
str
)
->
Option
<
()
>
;
}
impl
SetPassword
for
SessionUser
{
fn
set_password
(
&
mut
self
,
password
:
&
str
)
->
Option
<
()
>
{
let
salt
=
"blub"
;
let
hash
=
hash_password
(
password
,
salt
);
self
.password
=
Some
(
hash
);
self
.salt
=
Some
(
salt
.into
());
Some
(())
}
}
src/functions.rs
View file @
db438a15
...
...
@@ -8,7 +8,7 @@ use rand::{thread_rng, Rng, distributions::Alphanumeric};
use
db_conn
::{
MedalConnection
};
use
db_objects
::{
Submission
,
Group
};
use
db_objects
::{
Submission
,
Group
,
SessionUser
};
use
self
::
bcrypt
::{
DEFAULT_COST
,
hash
,
verify
,
BcryptError
};
...
...
@@ -77,9 +77,16 @@ pub enum MedalError {
CsrfCheckFailed
,
SessionTimeout
,
DatabaseError
,
NoneError
,
}
// TODO: Add CsrfCheckFailed, DatabaseError
impl
std
::
convert
::
From
<
std
::
option
::
NoneError
>
for
MedalError
{
fn
from
(
_
:
std
::
option
::
NoneError
)
->
Self
{
MedalError
::
NoneError
}
}
type
MedalValue
=
(
String
,
json_val
::
Map
<
String
,
json_val
::
Value
>
);
type
MedalResult
<
T
>
=
Result
<
T
,
MedalError
>
;
type
MedalValueResult
=
MedalResult
<
MedalValue
>
;
...
...
@@ -523,7 +530,11 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: String, user_id
session
.grade
=
grade
;
if
new_password_1
==
new_password_2
{
session
.password
=
Some
(
new_password_1
);
let
salt
:
String
=
thread_rng
()
.sample_iter
(
&
Alphanumeric
)
.take
(
10
)
.collect
();
let
hash
=
hash_password
(
&
new_password_1
,
&
salt
)
.ok
()
?
;
session
.password
=
Some
(
hash
);
session
.salt
=
Some
(
salt
.into
());
}
conn
.save_session
(
session
);
...
...
@@ -540,6 +551,14 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: String, user_id
user
.lastname
=
Some
(
lastname
);
user
.grade
=
grade
;
if
new_password_1
==
new_password_2
{
let
salt
:
String
=
thread_rng
()
.sample_iter
(
&
Alphanumeric
)
.take
(
10
)
.collect
();
let
hash
=
hash_password
(
&
new_password_1
,
&
salt
)
.ok
()
?
;
user
.password
=
Some
(
hash
);
user
.salt
=
Some
(
salt
.into
());
}
conn
.save_session
(
user
);
}
}
...
...
@@ -582,3 +601,17 @@ pub fn login_oauth<T: MedalConnection>(conn: &T, user_data: ForeignUserData) ->
}
}
pub
trait
SetPassword
{
fn
set_password
(
&
mut
self
,
&
str
)
->
Option
<
()
>
;
}
impl
SetPassword
for
SessionUser
{
fn
set_password
(
&
mut
self
,
password
:
&
str
)
->
Option
<
()
>
{
let
salt
:
String
=
thread_rng
()
.sample_iter
(
&
Alphanumeric
)
.take
(
10
)
.collect
();
let
hash
=
hash_password
(
password
,
&
salt
)
.ok
()
?
;
self
.password
=
Some
(
hash
);
self
.salt
=
Some
(
salt
.into
());
Some
(())
}
}
src/main.rs
View file @
db438a15
#![feature(try_trait)]
#[macro_use]
extern
crate
iron
;
#[macro_use]
...
...
@@ -29,7 +31,7 @@ mod db_conn_sqlite;
mod
db_conn
;
mod
db_objects
;
use
db_conn_sqlite
::
SetPassword
;
// TODO: Refactor, so we don't need to take this from there!
use
functions
::
SetPassword
;
// TODO: Refactor, so we don't need to take this from there!
use
db_conn
::{
MedalConnection
,
MedalObject
};
use
db_objects
::
*
;
...
...
@@ -64,7 +66,7 @@ fn read_config_from_file(file: &Path) -> Config {
use
std
::
io
::
Read
;
println!
(
"Reading Config file '{}'"
,
file
.to_str
()
.unwrap_or
(
"<Encoding error>"
));
let
mut
config
:
Config
=
if
let
Ok
(
mut
file
)
=
fs
::
File
::
open
(
file
)
{
let
mut
contents
=
String
::
new
();
file
.read_to_string
(
&
mut
contents
)
.unwrap
();
...
...
@@ -79,7 +81,7 @@ fn read_config_from_file(file: &Path) -> Config {
if
config
.self_url
.is_none
()
{
config
.self_url
=
Some
(
"http://localhost:8080"
.to_string
())}
println!
(
"I will ask OAuth-providers to redirect to {}"
,
config
.self_url
.as_ref
()
.unwrap
());
config
}
...
...
@@ -109,8 +111,8 @@ fn read_contest(p: &path::PathBuf) -> Option<Contest> {
let
mut
file
=
File
::
open
(
p
)
.unwrap
();
let
mut
contents
=
String
::
new
();
file
.read_to_string
(
&
mut
contents
)
.unwrap
();
configreader_yaml
::
parse_yaml
(
&
contents
,
p
.file_name
()
.to_owned
()
?
.to_str
()
?
,
&
format!
(
"{}/"
,
p
.parent
()
.unwrap
()
.to_str
()
?
))
configreader_yaml
::
parse_yaml
(
&
contents
,
p
.file_name
()
.to_owned
()
?
.to_str
()
?
,
&
format!
(
"{}/"
,
p
.parent
()
.unwrap
()
.to_str
()
?
))
}
fn
get_all_contest_info
(
task_dir
:
&
str
)
->
Vec
<
Contest
>
{
...
...
@@ -122,16 +124,16 @@ fn get_all_contest_info(task_dir: &str) -> Vec<Contest> {
},
_
=>
(),
}
if
p
.file_name
()
.unwrap
()
.to_string_lossy
()
.to_string
()
.ends_with
(
".yaml"
)
{
match
read_contest
(
p
)
{
Some
(
contest
)
=>
contests
.push
(
contest
),
_
=>
(),
}
};
};
};
let
mut
contests
=
Vec
::
new
();
match
fs
::
read_dir
(
task_dir
)
{
Err
(
why
)
=>
println!
(
"Error opening tasks directory! {:?}"
,
why
.kind
()),
...
...
@@ -170,28 +172,28 @@ fn add_admin_user(conn: &mut Connection) {
fn
main
()
{
let
opt
=
Opt
::
from_args
();
println!
(
"{:?}"
,
opt
);
let
mut
config
=
read_config_from_file
(
&
opt
.configfile
);
if
opt
.databasefile
.is_some
()
{
config
.database_file
=
opt
.databasefile
;
}
if
opt
.port
.is_some
()
{
config
.port
=
opt
.port
;
}
let
mut
conn
=
match
config
.database_file
{
Some
(
ref
path
)
=>
{
println!
(
"Using database file {}"
,
&
path
.to_str
()
.unwrap_or
(
"<unprintable filename>"
));
Connection
::
create
(
path
)},
None
=>
{
println!
(
"Using default database file ./medal.db"
);
Connection
::
create
(
&
Path
::
new
(
"medal.db"
))},
};
db_apply_migrations
::
test
(
&
mut
conn
);
refresh_all_contests
(
&
mut
conn
);
println!
(
"Hello, world!"
);
let
contest
=
conn
.get_contest_by_id_complete
(
1
);
add_admin_user
(
&
mut
conn
);
println!
(
"Contest {}"
,
contest
.name
);
for
taskgroup
in
contest
.taskgroups
{
print!
(
" Task {}: "
,
taskgroup
.name
);
for
task
in
taskgroup
.tasks
{
...
...
@@ -199,7 +201,7 @@ fn main() {
}
println!
(
""
);
}
start_server
(
conn
,
config
);
println!
(
"Could not run server. Is the port already in use?"
);
...
...
@@ -215,7 +217,7 @@ mod tests {
fn
start_server_and_check_request
()
{
use
std
::{
thread
,
time
};
let
mut
conn
=
Connection
::
open_in_memory
()
.unwrap
();
db_apply_migrations
::
test
(
&
mut
conn
);
...
...
@@ -226,7 +228,7 @@ mod tests {
let
pair_
=
pair
.clone
();
let
mut
config
=
read_config_from_file
(
Path
::
new
(
"thisfileshoudnotexist"
));
let
srvr
=
start_server
(
conn
,
config
);
thread
::
spawn
(
move
||
{
...
...
@@ -242,14 +244,14 @@ mod tests {
resp
.read_to_string
(
&
mut
content
);
assert
!
(
content
.contains
(
"<h1>Jugendwettbewerb Informatik</h1>"
));
assert
!
(
!
content
.contains
(
"Error"
));
let
&
(
ref
lock
,
ref
cvar
)
=
&*
pair_
;
let
mut
should_exit
=
lock
.lock
()
.unwrap
();
*
should_exit
=
true
;
cvar
.notify_one
();
//fs::copy("foo.txt", "bar.txt").unwrap();
});
// Copied from docs
let
&
(
ref
lock
,
ref
cvar
)
=
&*
pair
;
let
mut
should_exit
=
lock
.lock
()
.unwrap
();
...
...
@@ -258,7 +260,7 @@ mod tests {
}
srvr
.unwrap
()
.close
()
.unwrap
();
assert
!
(
true
);
}
}
src/webfw_iron.rs
View file @
db438a15
...
...
@@ -203,6 +203,9 @@ impl<'c, 'a, 'b> From<AugMedalError<'c, 'a, 'b>> for IronError {
functions
::
MedalError
::
DatabaseError
=>
IronError
{
error
:
Box
::
new
(
SessionError
{
message
:
"Database Error"
.to_string
()
}),
response
:
Response
::
with
(
status
::
Forbidden
)
},
functions
::
MedalError
::
NoneError
=>
IronError
{
error
:
Box
::
new
(
SessionError
{
message
:
"None Error"
.to_string
()
}),
response
:
Response
::
with
(
status
::
Forbidden
)
},
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment