xeovalyte/wrbapp-next
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Optimized password hash errors

Browse Source
This commit is contained in:
xeovalyte 2025-02-14 12:31:45 +01:00
parent 1e2247abe2
commit 701d430742
Signed by: xeovalyte
SSH Key Fingerprint: SHA256:GWI1hq+MNKR2UOcvk7n9tekASXT8vyazK7vDF9Xyciw
8 changed files with 28 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
server/src/auth.rs
View File

@ -58,9 +58,7 @@ pub fn get_token_from_bearer(bearer: &str) -> Result<String, AuthError> {
} }
} }
pub async fn generate_password_hash( pub async fn generate_password_hash(password: String) -> Result<String, AuthError> {
password: String,
) -> Result<String, argon2::password_hash::Error> {
let password_hash: Result<String, argon2::password_hash::Error> = let password_hash: Result<String, argon2::password_hash::Error> =
task::spawn_blocking(move || { task::spawn_blocking(move || {
let salt = SaltString::generate(&mut OsRng); let salt = SaltString::generate(&mut OsRng);
@ -76,22 +74,19 @@ pub async fn generate_password_hash(
.await .await
.unwrap(); .unwrap();
password_hash password_hash.map_err(|e| e.into())
} }
pub async fn verify_password_hash( pub async fn verify_password_hash(password: &str, hash: &str) -> Result<(), AuthError> {
password: &str,
hash: &str,
) -> Result<(), argon2::password_hash::Error> {
let parsed_hash = PasswordHash::new(hash)?; let parsed_hash = PasswordHash::new(hash)?;
Argon2::default().verify_password(password.as_bytes(), &parsed_hash)?; Argon2::default()
.verify_password(password.as_bytes(), &parsed_hash)
.map_err(|_| AuthError::InvalidPassword)?;
Ok(()) Ok(())
} }
pub fn generate_session_token() -> String { pub fn generate_session_token() -> String {
ChaCha20Rng::from_os_rng() ChaCha20Rng::from_os_rng()
.sample_iter(&Alphanumeric) .sample_iter(&Alphanumeric)
.take(60) .take(60)

8
server/src/auth/error.rs
View File

@ -7,6 +7,7 @@ pub enum AuthError {
Unexpected, Unexpected,
InvalidPassword, InvalidPassword,
Unauthorized, Unauthorized,
HashingFailed(String),
} }
impl Display for AuthError { impl Display for AuthError {
@ -17,8 +18,15 @@ impl Display for AuthError {
Self::Unexpected => write!(f, "Unexpected error"), Self::Unexpected => write!(f, "Unexpected error"),
Self::InvalidPassword => write!(f, "Password is incorrect"), Self::InvalidPassword => write!(f, "Password is incorrect"),
Self::Unauthorized => write!(f, "Authentication is required"), Self::Unauthorized => write!(f, "Authentication is required"),
Self::HashingFailed(msg) => write!(f, "Password hashing failed: {}", msg),
} }
} }
} }
impl std::error::Error for AuthError {} impl std::error::Error for AuthError {}
impl From<argon2::password_hash::Error> for AuthError {
fn from(value: argon2::password_hash::Error) -> Self {
AuthError::HashingFailed(value.to_string())
}
}

4
server/src/database/model/member.rs
View File

@ -32,10 +32,6 @@ impl Member {
Ok(members) Ok(members)
} }
pub async fn get_many(transaction: &PgPool, members: Vec<Self>) -> Result<(), sqlx::Error> {
Ok(())
}
pub async fn get_all(pool: &PgPool) -> Result<Vec<Self>, sqlx::Error> { pub async fn get_all(pool: &PgPool) -> Result<Vec<Self>, sqlx::Error> {
let members = sqlx::query_as!(Member, "SELECT * FROM members;",) let members = sqlx::query_as!(Member, "SELECT * FROM members;",)
.fetch_all(pool) .fetch_all(pool)

4
server/src/database/model/session.rs
View File

@ -36,9 +36,9 @@ impl Session {
Ok(()) Ok(())
} }
pub async fn from_token(transaction: &PgPool, token: &str) -> Result<Self, sqlx::Error> { pub async fn from_token(pool: &PgPool, token: &str) -> Result<Self, sqlx::Error> {
let session = sqlx::query_as!(Self, "SELECT * FROM sessions WHERE token = $1;", token) let session = sqlx::query_as!(Self, "SELECT * FROM sessions WHERE token = $1;", token)
.fetch_one(transaction) .fetch_one(pool)
.await?; .await?;
Ok(session) Ok(session)

4
server/src/database/model/user.rs
View File

@ -109,8 +109,8 @@ pub struct UserMember {
impl UserMember { impl UserMember {
pub async fn insert_many( pub async fn insert_many(
transaction: &mut sqlx::Transaction<'_, Postgres>, transaction: &mut sqlx::Transaction<'_, Postgres>,
user_ids: &Vec<uuid::Uuid>, user_ids: &[uuid::Uuid],
member_ids: &Vec<String>, member_ids: &[String],
) -> Result<(), sqlx::Error> { ) -> Result<(), sqlx::Error> {
sqlx::query!( sqlx::query!(
" "

34
server/src/routes/auth.rs
View File

@ -33,10 +33,7 @@ pub async fn login<'a>(
let db_user = DbUser::get_from_email(&state.pool, login_request.email).await?; let db_user = DbUser::get_from_email(&state.pool, login_request.email).await?;
if let Some(pass) = db_user.password { if let Some(pass) = db_user.password {
match verify_password_hash(&login_request.password, &pass).await { verify_password_hash(&login_request.password, &pass).await?;
Ok(_) => (),
Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
};
} else { } else {
return Err(AuthError::Unexpected.into()); return Err(AuthError::Unexpected.into());
} }
@ -71,10 +68,7 @@ pub async fn register(
let member_ids: Vec<String> = members.into_iter().map(|m| m.member_id).collect(); let member_ids: Vec<String> = members.into_iter().map(|m| m.member_id).collect();
// Hash password // Hash password
let password_hash = match generate_password_hash(auth_request.password).await { let password_hash = generate_password_hash(auth_request.password).await?;
Ok(hash) => hash,
Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidToken)),
};
let mut transaction = state.pool.begin().await?; let mut transaction = state.pool.begin().await?;
@ -107,19 +101,13 @@ pub async fn change_password(
) -> Result<(), crate::Error> { ) -> Result<(), crate::Error> {
let (_, user) = get_user_from_header(&state.pool, &headers).await?; let (_, user) = get_user_from_header(&state.pool, &headers).await?;
let password_hash = match generate_password_hash(request.new_password).await { // Verify that password is correct
Ok(hash) => hash,
Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
};
let db_user: DbUser = user.into(); let db_user: DbUser = user.into();
let old_password_hash = db_user.get_password(&state.pool).await?; let old_password_hash = db_user.get_password(&state.pool).await?;
verify_password_hash(&request.old_password, &old_password_hash).await?;
match verify_password_hash(&request.old_password, &old_password_hash).await { // Generate password hash for new password
Ok(_) => (), let new_password_hash = generate_password_hash(request.new_password).await?;
Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
};
let mut transaction = state.pool.begin().await?; let mut transaction = state.pool.begin().await?;
@ -128,7 +116,7 @@ pub async fn change_password(
&mut transaction, &mut transaction,
UpdateUser { UpdateUser {
email: None, email: None,
password: Some(password_hash), password: Some(new_password_hash),
admin: None, admin: None,
}, },
) )
@ -152,14 +140,10 @@ pub async fn change_email(
) -> Result<(), crate::Error> { ) -> Result<(), crate::Error> {
let (_, user) = get_user_from_header(&state.pool, &headers).await?; let (_, user) = get_user_from_header(&state.pool, &headers).await?;
// Verify that password is correct
let db_user: DbUser = user.into(); let db_user: DbUser = user.into();
let password_hash = db_user.get_password(&state.pool).await?; let password_hash = db_user.get_password(&state.pool).await?;
verify_password_hash(&request.password, &password_hash).await?;
match verify_password_hash(&request.password, &password_hash).await {
Ok(_) => (),
Err(_err) => return Err(crate::Error::Auth(crate::auth::AuthError::InvalidPassword)),
};
let mut transaction = state.pool.begin().await?; let mut transaction = state.pool.begin().await?;

4
server/src/routes/member.rs
View File

@ -26,7 +26,3 @@ pub async fn get_current_members(
Ok(Json(members)) Ok(Json(members))
} }
pub async fn get_members(State(state): State<AppState>, body: String) -> Result<(), crate::Error> {
Ok(())
}

8
server/src/routes/member/migrate.rs
View File

@ -1,11 +1,6 @@
use std::collections::HashMap; use std::collections::HashMap;
use axum::{ use axum::{extract::State, http::HeaderMap, Json};
extract::State,
http::HeaderMap,
Json,
};
use itertools::Itertools;
use sqlx::PgPool; use sqlx::PgPool;
use crate::{ use crate::{
@ -143,7 +138,6 @@ pub struct MigrationStore {
pub count: u32, pub count: u32,
} }
impl Row { impl Row {
fn from_csv_many(input: &str) -> Result<Vec<Self>, csv::Error> { fn from_csv_many(input: &str) -> Result<Vec<Self>, csv::Error> {
let mut rdr = csv::ReaderBuilder::new() let mut rdr = csv::ReaderBuilder::new()