Skip to content

GitLab

Commit db438a15 authored by Daniel Brüning's avatar Daniel Brüning
Browse files

new passwords are now hashed before they are saved

parent a8878f9b
Show whitespace changes
Inline Side-by-side
Cargo.lock
View file @ db438a15
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
[[package]]
name = "adler32"
version = "1.0.3"
......
src/db_conn_sqlite.rs
View file @ db438a15
......@@ -853,18 +853,3 @@ impl MedalObject<Connection> for Group {
}
}
}
pub trait SetPassword {
fn set_password(&mut self, &str) -> Option<()>;
}
impl SetPassword for SessionUser {
fn set_password(&mut self, password: &str) -> Option<()> {
let salt = "blub";
let hash = hash_password(password, salt);
self.password = Some(hash);
self.salt = Some(salt.into());
Some(())
}
}
src/functions.rs
View file @ db438a15
......@@ -8,7 +8,7 @@ use rand::{thread_rng, Rng, distributions::Alphanumeric};
use db_conn::{MedalConnection};
use db_objects::{Submission, Group};
use db_objects::{Submission, Group, SessionUser};
use self::bcrypt::{DEFAULT_COST, hash, verify, BcryptError};
......@@ -77,9 +77,16 @@ pub enum MedalError {
CsrfCheckFailed,
SessionTimeout,
DatabaseError,
NoneError,
}
// TODO: Add CsrfCheckFailed, DatabaseError
impl std::convert::From<std::option::NoneError> for MedalError {
fn from(_: std::option::NoneError) -> Self {
MedalError::NoneError
}
}
type MedalValue = (String, json_val::Map<String, json_val::Value>);
type MedalResult<T> = Result<T, MedalError>;
type MedalValueResult = MedalResult<MedalValue>;
......@@ -523,7 +530,11 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: String, user_id
session.grade = grade;
if new_password_1 == new_password_2 {
session.password = Some(new_password_1);
let salt: String = thread_rng().sample_iter(&Alphanumeric).take(10).collect();
let hash = hash_password(&new_password_1, &salt).ok()?;
session.password = Some(hash);
session.salt = Some(salt.into());
}
conn.save_session(session);
......@@ -540,6 +551,14 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: String, user_id
user.lastname = Some(lastname);
user.grade = grade;
if new_password_1 == new_password_2 {
let salt: String = thread_rng().sample_iter(&Alphanumeric).take(10).collect();
let hash = hash_password(&new_password_1, &salt).ok()?;
user.password = Some(hash);
user.salt = Some(salt.into());
}
conn.save_session(user);
}
}
......@@ -582,3 +601,17 @@ pub fn login_oauth<T: MedalConnection>(conn: &T, user_data: ForeignUserData) ->
}
}
pub trait SetPassword {
fn set_password(&mut self, &str) -> Option<()>;
}
impl SetPassword for SessionUser {
fn set_password(&mut self, password: &str) -> Option<()> {
let salt: String = thread_rng().sample_iter(&Alphanumeric).take(10).collect();
let hash = hash_password(password, &salt).ok()?;
self.password = Some(hash);
self.salt = Some(salt.into());
Some(())
}
}
src/main.rs
View file @ db438a15
#![feature(try_trait)]
#[macro_use]
extern crate iron;
#[macro_use]
......@@ -29,7 +31,7 @@ mod db_conn_sqlite;
mod db_conn;
mod db_objects;
use db_conn_sqlite::SetPassword; // TODO: Refactor, so we don't need to take this from there!
use functions::SetPassword; // TODO: Refactor, so we don't need to take this from there!
use db_conn::{MedalConnection, MedalObject};
use db_objects::*;
......
src/webfw_iron.rs
View file @ db438a15
......@@ -203,6 +203,9 @@ impl<'c, 'a, 'b> From<AugMedalError<'c, 'a, 'b>> for IronError {
functions::MedalError::DatabaseError => IronError {
error: Box::new(SessionError { message: "Database Error".to_string() }),
response: Response::with(status::Forbidden) },
functions::MedalError::NoneError => IronError {
error: Box::new(SessionError { message: "None Error".to_string() }),
response: Response::with(status::Forbidden) },
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment