Commit db438a15 authored by Daniel Brüning's avatar Daniel Brüning
Browse files

new passwords are now hashed before they are saved

parent a8878f9b
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
[[package]]
name = "adler32"
version = "1.0.3"
......
......@@ -853,18 +853,3 @@ impl MedalObject<Connection> for Group {
}
}
}
pub trait SetPassword {
fn set_password(&mut self, &str) -> Option<()>;
}
impl SetPassword for SessionUser {
fn set_password(&mut self, password: &str) -> Option<()> {
let salt = "blub";
let hash = hash_password(password, salt);
self.password = Some(hash);
self.salt = Some(salt.into());
Some(())
}
}
......@@ -8,7 +8,7 @@ use rand::{thread_rng, Rng, distributions::Alphanumeric};
use db_conn::{MedalConnection};
use db_objects::{Submission, Group};
use db_objects::{Submission, Group, SessionUser};
use self::bcrypt::{DEFAULT_COST, hash, verify, BcryptError};
......@@ -77,9 +77,16 @@ pub enum MedalError {
CsrfCheckFailed,
SessionTimeout,
DatabaseError,
NoneError,
}
// TODO: Add CsrfCheckFailed, DatabaseError
impl std::convert::From<std::option::NoneError> for MedalError {
fn from(_: std::option::NoneError) -> Self {
MedalError::NoneError
}
}
type MedalValue = (String, json_val::Map<String, json_val::Value>);
type MedalResult<T> = Result<T, MedalError>;
type MedalValueResult = MedalResult<MedalValue>;
......@@ -523,7 +530,11 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: String, user_id
session.grade = grade;
if new_password_1 == new_password_2 {
session.password = Some(new_password_1);
let salt: String = thread_rng().sample_iter(&Alphanumeric).take(10).collect();
let hash = hash_password(&new_password_1, &salt).ok()?;
session.password = Some(hash);
session.salt = Some(salt.into());
}
conn.save_session(session);
......@@ -540,6 +551,14 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: String, user_id
user.lastname = Some(lastname);
user.grade = grade;
if new_password_1 == new_password_2 {
let salt: String = thread_rng().sample_iter(&Alphanumeric).take(10).collect();
let hash = hash_password(&new_password_1, &salt).ok()?;
user.password = Some(hash);
user.salt = Some(salt.into());
}
conn.save_session(user);
}
}
......@@ -582,3 +601,17 @@ pub fn login_oauth<T: MedalConnection>(conn: &T, user_data: ForeignUserData) ->
}
}
pub trait SetPassword {
fn set_password(&mut self, &str) -> Option<()>;
}
impl SetPassword for SessionUser {
fn set_password(&mut self, password: &str) -> Option<()> {
let salt: String = thread_rng().sample_iter(&Alphanumeric).take(10).collect();
let hash = hash_password(password, &salt).ok()?;
self.password = Some(hash);
self.salt = Some(salt.into());
Some(())
}
}
#![feature(try_trait)]
#[macro_use]
extern crate iron;
#[macro_use]
......@@ -29,7 +31,7 @@ mod db_conn_sqlite;
mod db_conn;
mod db_objects;
use db_conn_sqlite::SetPassword; // TODO: Refactor, so we don't need to take this from there!
use functions::SetPassword; // TODO: Refactor, so we don't need to take this from there!
use db_conn::{MedalConnection, MedalObject};
use db_objects::*;
......
......@@ -203,6 +203,9 @@ impl<'c, 'a, 'b> From<AugMedalError<'c, 'a, 'b>> for IronError {
functions::MedalError::DatabaseError => IronError {
error: Box::new(SessionError { message: "Database Error".to_string() }),
response: Response::with(status::Forbidden) },
functions::MedalError::NoneError => IronError {
error: Box::new(SessionError { message: "None Error".to_string() }),
response: Response::with(status::Forbidden) },
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment