vaultwarden/src/db/models/user.rs

265 lines
7.9 KiB
Rust
Raw Normal View History

2018-02-14 23:53:11 +00:00
use chrono::{NaiveDateTime, Utc};
use serde_json::Value;
2018-02-10 00:00:55 +00:00
2018-12-07 01:05:45 +00:00
use crate::crypto;
use crate::CONFIG;
2018-02-10 00:00:55 +00:00
2018-04-20 16:35:11 +00:00
#[derive(Debug, Identifiable, Queryable, Insertable)]
2018-02-10 00:00:55 +00:00
#[table_name = "users"]
#[primary_key(uuid)]
pub struct User {
pub uuid: String,
pub created_at: NaiveDateTime,
pub updated_at: NaiveDateTime,
pub email: String,
pub name: String,
pub password_hash: Vec<u8>,
pub salt: Vec<u8>,
pub password_iterations: i32,
pub password_hint: Option<String>,
pub key: String,
pub private_key: Option<String>,
pub public_key: Option<String>,
2018-06-01 13:08:03 +00:00
#[column_name = "totp_secret"]
_totp_secret: Option<String>,
2018-02-10 00:00:55 +00:00
pub totp_recover: Option<String>,
2018-06-01 13:08:03 +00:00
2018-02-10 00:00:55 +00:00
pub security_stamp: String,
pub equivalent_domains: String,
pub excluded_globals: String,
pub client_kdf_type: i32,
pub client_kdf_iter: i32,
2018-02-10 00:00:55 +00:00
}
/// Local methods
impl User {
pub const CLIENT_KDF_TYPE_DEFAULT: i32 = 0; // PBKDF2: 0
pub const CLIENT_KDF_ITER_DEFAULT: i32 = 5_000;
pub fn new(mail: String) -> Self {
2018-02-10 00:00:55 +00:00
let now = Utc::now().naive_utc();
let email = mail.to_lowercase();
Self {
uuid: crate::util::get_uuid(),
2018-02-10 00:00:55 +00:00
created_at: now,
updated_at: now,
name: email.clone(),
email,
key: String::new(),
2018-02-10 00:00:55 +00:00
password_hash: Vec::new(),
salt: crypto::get_random_64(),
password_iterations: CONFIG.password_iterations,
2018-02-10 00:00:55 +00:00
security_stamp: crate::util::get_uuid(),
2018-02-10 00:00:55 +00:00
password_hint: None,
private_key: None,
public_key: None,
2018-06-01 13:08:03 +00:00
_totp_secret: None,
2018-02-10 00:00:55 +00:00
totp_recover: None,
equivalent_domains: "[]".to_string(),
excluded_globals: "[]".to_string(),
client_kdf_type: Self::CLIENT_KDF_TYPE_DEFAULT,
client_kdf_iter: Self::CLIENT_KDF_ITER_DEFAULT,
2018-02-10 00:00:55 +00:00
}
}
pub fn check_valid_password(&self, password: &str) -> bool {
crypto::verify_password_hash(password.as_bytes(),
&self.salt,
&self.password_hash,
self.password_iterations as u32)
}
pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {
if let Some(ref totp_recover) = self.totp_recover {
recovery_code == totp_recover.to_lowercase()
} else {
false
}
}
2018-02-10 00:00:55 +00:00
pub fn set_password(&mut self, password: &str) {
self.password_hash = crypto::hash_password(password.as_bytes(),
&self.salt,
self.password_iterations as u32);
}
pub fn reset_security_stamp(&mut self) {
self.security_stamp = crate::util::get_uuid();
2018-02-10 00:00:55 +00:00
}
2018-10-12 14:20:10 +00:00
pub fn is_server_admin(&self) -> bool {
match CONFIG.server_admin_email {
Some(ref server_admin_email) => &self.email == server_admin_email,
None => false
}
}
}
use diesel;
use diesel::prelude::*;
2018-12-07 01:05:45 +00:00
use crate::db::DbConn;
use crate::db::schema::{users, invitations};
use super::{Cipher, Folder, Device, UserOrganization, UserOrgType, TwoFactor};
use crate::api::EmptyResult;
use crate::error::MapResult;
/// Database methods
impl User {
pub fn to_json(&self, conn: &DbConn) -> Value {
2018-10-12 14:20:10 +00:00
use super::{UserOrganization, UserOrgType, UserOrgStatus, TwoFactor};
2018-10-12 14:20:10 +00:00
let mut orgs = UserOrganization::find_by_user(&self.uuid, conn);
if self.is_server_admin() {
orgs.push(UserOrganization::new_virtual(self.uuid.clone(), UserOrgType::Owner, UserOrgStatus::Confirmed));
}
let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect();
2018-09-13 19:55:23 +00:00
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty();
2018-02-10 00:00:55 +00:00
json!({
"Id": self.uuid,
"Name": self.name,
"Email": self.email,
"EmailVerified": true,
"Premium": true,
"MasterPasswordHint": self.password_hint,
"Culture": "en-US",
"TwoFactorEnabled": twofactor_enabled,
2018-02-10 00:00:55 +00:00
"Key": self.key,
"PrivateKey": self.private_key,
"SecurityStamp": self.security_stamp,
"Organizations": orgs_json,
2018-02-10 00:00:55 +00:00
"Object": "profile"
})
}
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
self.updated_at = Utc::now().naive_utc();
2018-02-10 00:00:55 +00:00
diesel::replace_into(users::table) // Insert or update
.values(&*self).execute(&**conn)
.map_res("Error saving user")
2018-02-10 00:00:55 +00:00
}
pub fn delete(self, conn: &DbConn) -> EmptyResult {
2018-10-12 14:20:10 +00:00
for user_org in UserOrganization::find_by_user(&self.uuid, &*conn) {
if user_org.type_ == UserOrgType::Owner {
2018-10-12 14:20:10 +00:00
if UserOrganization::find_by_org_and_type(
&user_org.org_uuid,
UserOrgType::Owner as i32, &conn
).len() <= 1 {
err!("Can't delete last owner")
2018-10-12 14:20:10 +00:00
}
}
}
2018-10-12 14:20:10 +00:00
UserOrganization::delete_all_by_user(&self.uuid, &*conn)?;
Cipher::delete_all_by_user(&self.uuid, &*conn)?;
Folder::delete_all_by_user(&self.uuid, &*conn)?;
Device::delete_all_by_user(&self.uuid, &*conn)?;
//TwoFactor::delete_all_by_user(&self.uuid, &*conn)?;
2018-10-12 14:20:10 +00:00
Invitation::take(&self.email, &*conn); // Delete invitation if any
diesel::delete(users::table.filter(
users::uuid.eq(self.uuid)))
.execute(&**conn)
.map_res("Error deleting user")
}
pub fn update_uuid_revision(uuid: &str, conn: &DbConn) {
if let Some(mut user) = User::find_by_uuid(&uuid, conn) {
if user.update_revision(conn).is_err(){
warn!("Failed to update revision for {}", user.email);
};
};
}
pub fn update_revision(&mut self, conn: &DbConn) -> EmptyResult {
self.updated_at = Utc::now().naive_utc();
2018-08-13 09:58:39 +00:00
diesel::update(
users::table.filter(
users::uuid.eq(&self.uuid)
)
)
.set(users::updated_at.eq(&self.updated_at))
.execute(&**conn)
.map_res("Error updating user revision")
2018-08-13 09:58:39 +00:00
}
pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
2018-02-10 00:00:55 +00:00
let lower_mail = mail.to_lowercase();
users::table
.filter(users::email.eq(lower_mail))
.first::<Self>(&**conn).ok()
2018-02-10 00:00:55 +00:00
}
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
2018-02-10 00:00:55 +00:00
users::table
.filter(users::uuid.eq(uuid))
.first::<Self>(&**conn).ok()
2018-02-10 00:00:55 +00:00
}
2018-10-12 14:20:10 +00:00
pub fn get_all(conn: &DbConn) -> Vec<Self> {
users::table
.load::<Self>(&**conn).expect("Error loading users")
}
2018-02-10 00:00:55 +00:00
}
#[derive(Debug, Identifiable, Queryable, Insertable)]
#[table_name = "invitations"]
#[primary_key(email)]
pub struct Invitation {
pub email: String,
}
impl Invitation {
pub fn new(email: String) -> Self {
Self {
email
}
}
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
diesel::replace_into(invitations::table)
.values(&*self)
.execute(&**conn)
.map_res("Error saving invitation")
}
pub fn delete(self, conn: &DbConn) -> EmptyResult {
diesel::delete(invitations::table.filter(
invitations::email.eq(self.email)))
.execute(&**conn)
.map_res("Error deleting invitation")
}
pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
let lower_mail = mail.to_lowercase();
invitations::table
.filter(invitations::email.eq(lower_mail))
.first::<Self>(&**conn).ok()
}
pub fn take(mail: &str, conn: &DbConn) -> bool {
CONFIG.invitations_allowed &&
match Self::find_by_mail(mail, &conn) {
Some(invitation) => invitation.delete(&conn).is_ok(),
None => false
}
}
}