From c1cd4d9a6bfd1e588852e3ec48288efcbc77c71c Mon Sep 17 00:00:00 2001 From: Miroslav Prasil Date: Tue, 11 Sep 2018 14:25:12 +0100 Subject: [PATCH] Modify User::new to be keyless and paswordless --- src/api/core/accounts.rs | 7 ++++--- src/api/core/organizations.rs | 2 +- src/db/models/user.rs | 11 +++-------- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index ef0e9173..94fd48e8 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -38,8 +38,6 @@ fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { user_org.status = UserOrgStatus::Accepted as i32; user_org.save(&conn); }; - user.set_password(&data.MasterPasswordHash); - user.key = data.Key; user } else { if CONFIG.signups_allowed { @@ -51,13 +49,16 @@ fn register(data: JsonUpcase, conn: DbConn) -> EmptyResult { }, None => { if CONFIG.signups_allowed || Invitation::take(&data.Email, &conn) { - User::new(data.Email, data.Key, data.MasterPasswordHash) + User::new(data.Email) } else { err!("Registration not allowed") } } }; + user.set_password(&data.MasterPasswordHash); + user.key = data.Key; + // Add extra fields if present if let Some(name) = data.Name { user.name = name; diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index b8067b65..5852ea10 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -380,7 +380,7 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade let mut invitation = Invitation::new(email.clone()); match invitation.save(&conn) { Ok(()) => { - let mut user = User::new_invited(email.clone()); + let mut user = User::new(email.clone()); if user.save(&conn) { user_org_status = UserOrgStatus::Invited as i32; user diff --git a/src/db/models/user.rs b/src/db/models/user.rs index 312c2749..0d958b5e 100644 --- a/src/db/models/user.rs +++ b/src/db/models/user.rs @@ -39,13 +39,12 @@ pub struct User { /// Local methods impl User { - pub fn new(mail: String, key: String, password: String) -> Self { + pub fn new(mail: String) -> Self { let now = Utc::now().naive_utc(); let email = mail.to_lowercase(); let iterations = CONFIG.password_iterations; let salt = crypto::get_random_64(); - let password_hash = crypto::hash_password(password.as_bytes(), &salt, iterations as u32); Self { uuid: Uuid::new_v4().to_string(), @@ -53,9 +52,9 @@ impl User { updated_at: now, name: email.clone(), email, - key, + key: String::new(), - password_hash, + password_hash: Vec::new(), salt, password_iterations: iterations, @@ -73,10 +72,6 @@ impl User { } } - pub fn new_invited(mail: String) -> Self { - Self::new(mail,"".to_string(),"".to_string()) - } - pub fn check_valid_password(&self, password: &str) -> bool { crypto::verify_password_hash(password.as_bytes(), &self.salt,