vaultwarden/src/db/models/user.rs

use chrono::{NaiveDateTime, Utc};
use serde_json::Value as JsonValue;

use uuid::Uuid;

use crypto;
use CONFIG;

#[derive(Debug, Identifiable, Queryable, Insertable)]
#[table_name = "users"]
#[primary_key(uuid)]
pub struct User {
    pub uuid: String,
    pub created_at: NaiveDateTime,
    pub updated_at: NaiveDateTime,

    pub email: String,
    pub name: String,

    pub password_hash: Vec<u8>,
    pub salt: Vec<u8>,
    pub password_iterations: i32,
    pub password_hint: Option<String>,

    pub key: String,
    pub private_key: Option<String>,
    pub public_key: Option<String>,
    pub totp_secret: Option<String>,
    pub totp_recover: Option<String>,
    pub security_stamp: String,

    pub equivalent_domains: String,
    pub excluded_globals: String,
}

/// Local methods
impl User {
    pub fn new(mail: String, key: String, password: String) -> Self {
        let now = Utc::now().naive_utc();
        let email = mail.to_lowercase();

        let iterations = CONFIG.password_iterations;
        let salt = crypto::get_random_64();
        let password_hash = crypto::hash_password(password.as_bytes(), &salt, iterations as u32);

        Self {
            uuid: Uuid::new_v4().to_string(),
            created_at: now,
            updated_at: now,
            name: email.clone(),
            email,
            key,

            password_hash,
            salt,
            password_iterations: iterations,

            security_stamp: Uuid::new_v4().to_string(),

            password_hint: None,
            private_key: None,
            public_key: None,
            totp_secret: None,
            totp_recover: None,

            equivalent_domains: "[]".to_string(),
            excluded_globals: "[]".to_string(),
        }
    }

    pub fn check_valid_password(&self, password: &str) -> bool {
        crypto::verify_password_hash(password.as_bytes(),
                                     &self.salt,
                                     &self.password_hash,
                                     self.password_iterations as u32)
    }

    pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {
        if let Some(ref totp_recover) = self.totp_recover {
            recovery_code == totp_recover.to_lowercase()
        } else {
            false
        }
    }

    pub fn set_password(&mut self, password: &str) {
        self.password_hash = crypto::hash_password(password.as_bytes(),
                                                   &self.salt,
                                                   self.password_iterations as u32);
        self.reset_security_stamp();
    }

    pub fn reset_security_stamp(&mut self) {
        self.security_stamp = Uuid::new_v4().to_string();
    }

    pub fn check_totp_code(&self, totp_code: Option<u64>) -> bool {
        if let Some(ref totp_secret) = self.totp_secret {
            if let Some(code) = totp_code {
                // Validate totp
                use data_encoding::BASE32;
                use oath::{totp_raw_now, HashType};

                let decoded_secret = match BASE32.decode(totp_secret.as_bytes()) {
                    Ok(s) => s,
                    Err(_) => return false
                };

                let generated = totp_raw_now(&decoded_secret, 6, 0, 30, &HashType::SHA1);
                generated == code
            } else {
                false
            }
        } else {
            true
        }
    }
}

use diesel;
use diesel::prelude::*;
use db::DbConn;
use db::schema::users;

/// Database methods
impl User {
    pub fn to_json(&self, conn: &DbConn) -> JsonValue {
        use super::UserOrganization;

        let orgs = UserOrganization::find_by_user(&self.uuid, conn);
        let orgs_json: Vec<JsonValue> = orgs.iter().map(|c| c.to_json(&conn)).collect();

        json!({
            "Id": self.uuid,
            "Name": self.name,
            "Email": self.email,
            "EmailVerified": true,
            "Premium": true,
            "MasterPasswordHint": self.password_hint,
            "Culture": "en-US",
            "TwoFactorEnabled": self.totp_secret.is_some(),
            "Key": self.key,
            "PrivateKey": self.private_key,
            "SecurityStamp": self.security_stamp,
            "Organizations": orgs_json,
            "Object": "profile"
        })
    }


    pub fn save(&mut self, conn: &DbConn) -> bool {
        self.updated_at = Utc::now().naive_utc();

        match diesel::replace_into(users::table) // Insert or update
            .values(&*self)
            .execute(&**conn) {
            Ok(1) => true, // One row inserted
            _ => false,
        }
    }

    pub fn delete(self, conn: &DbConn) -> bool {
        match diesel::delete(users::table.filter(
            users::uuid.eq(self.uuid)))
            .execute(&**conn) {
            Ok(1) => true, // One row deleted
            _ => false,
        }
    }

    pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
        let lower_mail = mail.to_lowercase();
        users::table
            .filter(users::email.eq(lower_mail))
            .first::<Self>(&**conn).ok()
    }

    pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
        users::table
            .filter(users::uuid.eq(uuid))
            .first::<Self>(&**conn).ok()
    }
}
Solved some warnings 2018-02-14 23:53:11 +00:00			`use chrono::{NaiveDateTime, Utc};`
First working version 2018-02-10 00:00:55 +00:00			`use serde_json::Value as JsonValue;`

			`use uuid::Uuid;`

Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 18:05:57 +00:00			`use crypto;`
First working version 2018-02-10 00:00:55 +00:00			`use CONFIG;`

Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`#[derive(Debug, Identifiable, Queryable, Insertable)]`
First working version 2018-02-10 00:00:55 +00:00			`#[table_name = "users"]`
			`#[primary_key(uuid)]`
			`pub struct User {`
			`pub uuid: String,`
			`pub created_at: NaiveDateTime,`
			`pub updated_at: NaiveDateTime,`

			`pub email: String,`
			`pub name: String,`

			`pub password_hash: Vec<u8>,`
			`pub salt: Vec<u8>,`
			`pub password_iterations: i32,`
			`pub password_hint: Option<String>,`

			`pub key: String,`
			`pub private_key: Option<String>,`
			`pub public_key: Option<String>,`
			`pub totp_secret: Option<String>,`
			`pub totp_recover: Option<String>,`
			`pub security_stamp: String,`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00
			`pub equivalent_domains: String,`
			`pub excluded_globals: String,`
First working version 2018-02-10 00:00:55 +00:00			`}`

			`/// Local methods`
			`impl User {`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`pub fn new(mail: String, key: String, password: String) -> Self {`
First working version 2018-02-10 00:00:55 +00:00			`let now = Utc::now().naive_utc();`
			`let email = mail.to_lowercase();`

			`let iterations = CONFIG.password_iterations;`
			`let salt = crypto::get_random_64();`
			`let password_hash = crypto::hash_password(password.as_bytes(), &salt, iterations as u32);`

Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`Self {`
First working version 2018-02-10 00:00:55 +00:00			`uuid: Uuid::new_v4().to_string(),`
			`created_at: now,`
			`updated_at: now,`
			`name: email.clone(),`
			`email,`
			`key,`

			`password_hash,`
			`salt,`
			`password_iterations: iterations,`

			`security_stamp: Uuid::new_v4().to_string(),`

			`password_hint: None,`
			`private_key: None,`
			`public_key: None,`
			`totp_secret: None,`
			`totp_recover: None,`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00
			`equivalent_domains: "[]".to_string(),`
			`excluded_globals: "[]".to_string(),`
First working version 2018-02-10 00:00:55 +00:00			`}`
			`}`

			`pub fn check_valid_password(&self, password: &str) -> bool {`
			`crypto::verify_password_hash(password.as_bytes(),`
			`&self.salt,`
			`&self.password_hash,`
			`self.password_iterations as u32)`
			`}`

Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 18:05:57 +00:00			`pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {`
			`if let Some(ref totp_recover) = self.totp_recover {`
			`recovery_code == totp_recover.to_lowercase()`
			`} else {`
			`false`
			`}`
			`}`

First working version 2018-02-10 00:00:55 +00:00			`pub fn set_password(&mut self, password: &str) {`
			`self.password_hash = crypto::hash_password(password.as_bytes(),`
			`&self.salt,`
			`self.password_iterations as u32);`
			`self.reset_security_stamp();`
			`}`

			`pub fn reset_security_stamp(&mut self) {`
			`self.security_stamp = Uuid::new_v4().to_string();`
			`}`

			`pub fn check_totp_code(&self, totp_code: Option<u64>) -> bool {`
			`if let Some(ref totp_secret) = self.totp_secret {`
			`if let Some(code) = totp_code {`
			`// Validate totp`
			`use data_encoding::BASE32;`
			`use oath::{totp_raw_now, HashType};`

			`let decoded_secret = match BASE32.decode(totp_secret.as_bytes()) {`
			`Ok(s) => s,`
Solved some warnings 2018-02-14 23:53:11 +00:00			`Err(_) => return false`
First working version 2018-02-10 00:00:55 +00:00			`};`

			`let generated = totp_raw_now(&decoded_secret, 6, 0, 30, &HashType::SHA1);`
			`generated == code`
			`} else {`
			`false`
			`}`
			`} else {`
			`true`
			`}`
			`}`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`}`

			`use diesel;`
			`use diesel::prelude::*;`
			`use db::DbConn;`
			`use db::schema::users;`

			`/// Database methods`
			`impl User {`
			`pub fn to_json(&self, conn: &DbConn) -> JsonValue {`
			`use super::UserOrganization;`

			`let orgs = UserOrganization::find_by_user(&self.uuid, conn);`
			`let orgs_json: Vec<JsonValue> = orgs.iter().map(\|c\| c.to_json(&conn)).collect();`
First working version 2018-02-10 00:00:55 +00:00
			`json!({`
			`"Id": self.uuid,`
			`"Name": self.name,`
			`"Email": self.email,`
			`"EmailVerified": true,`
			`"Premium": true,`
			`"MasterPasswordHint": self.password_hint,`
			`"Culture": "en-US",`
			`"TwoFactorEnabled": self.totp_secret.is_some(),`
			`"Key": self.key,`
			`"PrivateKey": self.private_key,`
			`"SecurityStamp": self.security_stamp,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 20:01:55 +00:00			`"Organizations": orgs_json,`
First working version 2018-02-10 00:00:55 +00:00			`"Object": "profile"`
			`})`
			`}`


Updated modified date when saving and removed hardcoded attachment domain 2018-02-15 00:07:57 +00:00			`pub fn save(&mut self, conn: &DbConn) -> bool {`
			`self.updated_at = Utc::now().naive_utc();`
First working version 2018-02-10 00:00:55 +00:00
			`match diesel::replace_into(users::table) // Insert or update`
Updated modified date when saving and removed hardcoded attachment domain 2018-02-15 00:07:57 +00:00			`.values(&*self)`
First working version 2018-02-10 00:00:55 +00:00			`.execute(&**conn) {`
			`Ok(1) => true, // One row inserted`
			`_ => false,`
			`}`
			`}`

Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 18:05:57 +00:00			`pub fn delete(self, conn: &DbConn) -> bool {`
			`match diesel::delete(users::table.filter(`
			`users::uuid.eq(self.uuid)))`
			`.execute(&**conn) {`
			`Ok(1) => true, // One row deleted`
			`_ => false,`
			`}`
			`}`

Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {`
First working version 2018-02-10 00:00:55 +00:00			`let lower_mail = mail.to_lowercase();`
			`users::table`
			`.filter(users::email.eq(lower_mail))`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`.first::<Self>(&**conn).ok()`
First working version 2018-02-10 00:00:55 +00:00			`}`

Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {`
First working version 2018-02-10 00:00:55 +00:00			`users::table`
			`.filter(users::uuid.eq(uuid))`
Upload and download attachments, and added License file 2018-02-14 23:40:34 +00:00			`.first::<Self>(&**conn).ok()`
First working version 2018-02-10 00:00:55 +00:00			`}`
			`}`