nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-14 12:52:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Wrap app tokens and password of User in secret type

Browse Source
This commit is contained in:
Lennart
2025-04-16 16:30:45 +02:00
parent 9bff8c228d
commit ed84fb894f
4 changed files with 21 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
crates/store/src/auth/toml_user_store.rs
View File

@@ -89,7 +89,7 @@ impl AuthenticationProvider for TomlPrincipalStore {
None => return Ok(None), None => return Ok(None),
}; };
if password_auth::verify_password(password_input, password).is_ok() { if password_auth::verify_password(password_input, password.as_ref()).is_ok() {
return Ok(Some(user)); return Ok(Some(user));
} }
Ok(None) Ok(None)
@@ -102,7 +102,7 @@ impl AuthenticationProvider for TomlPrincipalStore {
}; };
for app_token in &user.app_tokens { for app_token in &user.app_tokens {
if password_auth::verify_password(token, &app_token.token).is_ok() { if password_auth::verify_password(token, app_token.token.as_ref()).is_ok() {
return Ok(Some(user)); return Ok(Some(user));
} }
} }
@@ -135,7 +135,7 @@ impl AuthenticationProvider for TomlPrincipalStore {
.to_string(); .to_string();
principal.app_tokens.push(AppToken { principal.app_tokens.push(AppToken {
name, name,
token: token_hash, token: token_hash.into(),
created_at: Some(chrono::Utc::now()), created_at: Some(chrono::Utc::now()),
id: id.clone(), id: id.clone(),
}); });

6
crates/store/src/auth/user.rs
View File

@@ -9,6 +9,8 @@ use rustical_xml::ValueSerialize;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::future::{Ready, ready}; use std::future::{Ready, ready};
use crate::Secret;
/// https://datatracker.ietf.org/doc/html/rfc5545#section-3.2.3 /// https://datatracker.ietf.org/doc/html/rfc5545#section-3.2.3
#[derive(Debug, Clone, Deserialize, Serialize, Default, PartialEq)] #[derive(Debug, Clone, Deserialize, Serialize, Default, PartialEq)]
#[serde(rename_all = "lowercase")] #[serde(rename_all = "lowercase")]
@@ -39,7 +41,7 @@ impl ValueSerialize for PrincipalType {
pub struct AppToken { pub struct AppToken {
pub id: String, pub id: String,
pub name: String, pub name: String,
pub token: String, pub token: Secret<String>,
pub created_at: Option<DateTime<Utc>>, pub created_at: Option<DateTime<Utc>>,
} }
@@ -51,7 +53,7 @@ pub struct User {
pub displayname: Option<String>, pub displayname: Option<String>,
#[serde(default)] #[serde(default)]
pub principal_type: PrincipalType, pub principal_type: PrincipalType,
pub password: Option<String>, pub password: Option<Secret<String>>,
#[serde(default)] #[serde(default)]
pub app_tokens: Vec<AppToken>, pub app_tokens: Vec<AppToken>,
#[serde(default)] #[serde(default)]

2
crates/store/src/lib.rs
View File

@@ -6,12 +6,14 @@ pub use error::Error;
pub mod auth; pub mod auth;
pub mod calendar; pub mod calendar;
mod contact_birthday_store; mod contact_birthday_store;
mod secret;
mod subscription_store; mod subscription_store;
pub mod synctoken; pub mod synctoken;
pub use addressbook_store::AddressbookStore; pub use addressbook_store::AddressbookStore;
pub use calendar_store::CalendarStore; pub use calendar_store::CalendarStore;
pub use contact_birthday_store::ContactBirthdayStore; pub use contact_birthday_store::ContactBirthdayStore;
pub use secret::Secret;
pub use subscription_store::*; pub use subscription_store::*;
pub use addressbook::{AddressObject, Addressbook}; pub use addressbook::{AddressObject, Addressbook};

12
crates/store/src/secret.rs Normal file
View File

@@ -0,0 +1,12 @@
use derive_more::{AsRef, From};
use serde::{Deserialize, Serialize};
/// Wrapper type to prevent secrets from accidentally getting leaked into traces
#[derive(From, Clone, Deserialize, Serialize, AsRef)]
pub struct Secret<T>(pub T);
impl<T> std::fmt::Debug for Secret<T> {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.write_str("Secret")
}
}