2018-02-14 23:53:11 +00:00
|
|
|
use chrono::{NaiveDateTime, Utc};
|
2018-10-10 18:40:39 +00:00
|
|
|
use serde_json::Value;
|
2018-02-10 00:00:55 +00:00
|
|
|
|
2018-12-07 01:05:45 +00:00
|
|
|
use crate::crypto;
|
|
|
|
|
use crate::CONFIG;
|
2018-02-10 00:00:55 +00:00
|
|
|
|
2019-09-12 20:12:22 +00:00
|
|
|
#[derive(Debug, Identifiable, Queryable, Insertable, AsChangeset)]
|
2018-02-10 00:00:55 +00:00
|
|
|
#[table_name = "users"]
|
|
|
|
|
#[primary_key(uuid)]
|
|
|
|
|
pub struct User {
|
|
|
|
|
pub uuid: String,
|
|
|
|
|
pub created_at: NaiveDateTime,
|
|
|
|
|
pub updated_at: NaiveDateTime,
|
|
|
|
|
|
|
|
|
|
pub email: String,
|
|
|
|
|
pub name: String,
|
|
|
|
|
|
|
|
|
|
pub password_hash: Vec<u8>,
|
|
|
|
|
pub salt: Vec<u8>,
|
|
|
|
|
pub password_iterations: i32,
|
|
|
|
|
pub password_hint: Option<String>,
|
|
|
|
|
|
2019-05-20 19:12:41 +00:00
|
|
|
pub akey: String,
|
2018-02-10 00:00:55 +00:00
|
|
|
pub private_key: Option<String>,
|
|
|
|
|
pub public_key: Option<String>,
|
2018-12-30 22:34:31 +00:00
|
|
|
|
2018-07-12 19:46:50 +00:00
|
|
|
#[column_name = "totp_secret"]
|
|
|
|
|
_totp_secret: Option<String>,
|
2018-02-10 00:00:55 +00:00
|
|
|
pub totp_recover: Option<String>,
|
2018-06-01 13:08:03 +00:00
|
|
|
|
2018-02-10 00:00:55 +00:00
|
|
|
pub security_stamp: String,
|
2018-02-14 23:40:34 +00:00
|
|
|
|
|
|
|
|
pub equivalent_domains: String,
|
|
|
|
|
pub excluded_globals: String,
|
2018-12-30 22:34:31 +00:00
|
|
|
|
2018-09-19 15:30:14 +00:00
|
|
|
pub client_kdf_type: i32,
|
|
|
|
|
pub client_kdf_iter: i32,
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
2019-04-12 22:01:52 +00:00
|
|
|
enum UserStatus {
|
|
|
|
|
Enabled = 0,
|
|
|
|
|
Invited = 1,
|
|
|
|
|
_Disabled = 2,
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-10 00:00:55 +00:00
|
|
|
/// Local methods
|
|
|
|
|
impl User {
|
2018-09-19 15:30:14 +00:00
|
|
|
pub const CLIENT_KDF_TYPE_DEFAULT: i32 = 0; // PBKDF2: 0
|
2019-09-05 19:56:12 +00:00
|
|
|
pub const CLIENT_KDF_ITER_DEFAULT: i32 = 100_000;
|
2018-09-19 15:30:14 +00:00
|
|
|
|
2018-09-11 13:25:12 +00:00
|
|
|
pub fn new(mail: String) -> Self {
|
2018-02-10 00:00:55 +00:00
|
|
|
let now = Utc::now().naive_utc();
|
|
|
|
|
let email = mail.to_lowercase();
|
|
|
|
|
|
2018-02-14 23:40:34 +00:00
|
|
|
Self {
|
2018-12-07 13:32:40 +00:00
|
|
|
uuid: crate::util::get_uuid(),
|
2018-02-10 00:00:55 +00:00
|
|
|
created_at: now,
|
|
|
|
|
updated_at: now,
|
|
|
|
|
name: email.clone(),
|
|
|
|
|
email,
|
2019-05-20 19:12:41 +00:00
|
|
|
akey: String::new(),
|
2018-02-10 00:00:55 +00:00
|
|
|
|
2018-09-11 13:25:12 +00:00
|
|
|
password_hash: Vec::new(),
|
2018-09-19 15:30:14 +00:00
|
|
|
salt: crypto::get_random_64(),
|
2019-01-25 17:23:51 +00:00
|
|
|
password_iterations: CONFIG.password_iterations(),
|
2018-02-10 00:00:55 +00:00
|
|
|
|
2018-12-07 13:32:40 +00:00
|
|
|
security_stamp: crate::util::get_uuid(),
|
2018-02-10 00:00:55 +00:00
|
|
|
|
|
|
|
|
password_hint: None,
|
|
|
|
|
private_key: None,
|
|
|
|
|
public_key: None,
|
2018-12-30 22:34:31 +00:00
|
|
|
|
2018-07-12 19:46:50 +00:00
|
|
|
_totp_secret: None,
|
2018-02-10 00:00:55 +00:00
|
|
|
totp_recover: None,
|
2018-02-14 23:40:34 +00:00
|
|
|
|
|
|
|
|
equivalent_domains: "[]".to_string(),
|
|
|
|
|
excluded_globals: "[]".to_string(),
|
2018-12-30 22:34:31 +00:00
|
|
|
|
2018-09-19 15:30:14 +00:00
|
|
|
client_kdf_type: Self::CLIENT_KDF_TYPE_DEFAULT,
|
|
|
|
|
client_kdf_iter: Self::CLIENT_KDF_ITER_DEFAULT,
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn check_valid_password(&self, password: &str) -> bool {
|
2018-12-30 22:34:31 +00:00
|
|
|
crypto::verify_password_hash(
|
|
|
|
|
password.as_bytes(),
|
|
|
|
|
&self.salt,
|
|
|
|
|
&self.password_hash,
|
|
|
|
|
self.password_iterations as u32,
|
|
|
|
|
)
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-15 18:05:57 +00:00
|
|
|
pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {
|
|
|
|
|
if let Some(ref totp_recover) = self.totp_recover {
|
2019-02-11 22:45:55 +00:00
|
|
|
crate::crypto::ct_eq(recovery_code, totp_recover.to_lowercase())
|
2018-02-15 18:05:57 +00:00
|
|
|
} else {
|
|
|
|
|
false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-10 00:00:55 +00:00
|
|
|
pub fn set_password(&mut self, password: &str) {
|
2018-12-30 22:34:31 +00:00
|
|
|
self.password_hash = crypto::hash_password(password.as_bytes(), &self.salt, self.password_iterations as u32);
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn reset_security_stamp(&mut self) {
|
2018-12-07 13:32:40 +00:00
|
|
|
self.security_stamp = crate::util::get_uuid();
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
2018-04-24 20:01:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-30 22:34:31 +00:00
|
|
|
use super::{Cipher, Device, Folder, TwoFactor, UserOrgType, UserOrganization};
|
|
|
|
|
use crate::db::schema::{invitations, users};
|
|
|
|
|
use crate::db::DbConn;
|
2018-04-24 20:01:55 +00:00
|
|
|
use diesel;
|
|
|
|
|
use diesel::prelude::*;
|
|
|
|
|
|
2018-12-19 20:52:53 +00:00
|
|
|
use crate::api::EmptyResult;
|
|
|
|
|
use crate::error::MapResult;
|
|
|
|
|
|
2018-04-24 20:01:55 +00:00
|
|
|
/// Database methods
|
|
|
|
|
impl User {
|
2018-10-10 18:40:39 +00:00
|
|
|
pub fn to_json(&self, conn: &DbConn) -> Value {
|
2018-12-19 21:51:08 +00:00
|
|
|
let orgs = UserOrganization::find_by_user(&self.uuid, conn);
|
2018-10-10 18:40:39 +00:00
|
|
|
let orgs_json: Vec<Value> = orgs.iter().map(|c| c.to_json(&conn)).collect();
|
2018-09-13 19:55:23 +00:00
|
|
|
let twofactor_enabled = !TwoFactor::find_by_user(&self.uuid, conn).is_empty();
|
2018-07-12 19:46:50 +00:00
|
|
|
|
2019-04-12 22:01:52 +00:00
|
|
|
// TODO: Might want to save the status field in the DB
|
|
|
|
|
let status = if self.password_hash.is_empty() {
|
|
|
|
|
UserStatus::Invited
|
|
|
|
|
} else {
|
|
|
|
|
UserStatus::Enabled
|
|
|
|
|
};
|
|
|
|
|
|
2018-02-10 00:00:55 +00:00
|
|
|
json!({
|
2019-04-12 22:01:52 +00:00
|
|
|
"_Status": status as i32,
|
2018-02-10 00:00:55 +00:00
|
|
|
"Id": self.uuid,
|
|
|
|
|
"Name": self.name,
|
|
|
|
|
"Email": self.email,
|
|
|
|
|
"EmailVerified": true,
|
|
|
|
|
"Premium": true,
|
|
|
|
|
"MasterPasswordHint": self.password_hint,
|
|
|
|
|
"Culture": "en-US",
|
2018-07-12 19:46:50 +00:00
|
|
|
"TwoFactorEnabled": twofactor_enabled,
|
2019-05-20 19:12:41 +00:00
|
|
|
"Key": self.akey,
|
2018-02-10 00:00:55 +00:00
|
|
|
"PrivateKey": self.private_key,
|
|
|
|
|
"SecurityStamp": self.security_stamp,
|
2018-04-24 20:01:55 +00:00
|
|
|
"Organizations": orgs_json,
|
2018-02-10 00:00:55 +00:00
|
|
|
"Object": "profile"
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-12 20:12:22 +00:00
|
|
|
#[cfg(feature = "postgresql")]
|
|
|
|
|
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
|
|
|
|
if self.email.trim().is_empty() {
|
|
|
|
|
err!("User email can't be empty")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
self.updated_at = Utc::now().naive_utc();
|
|
|
|
|
|
|
|
|
|
diesel::insert_into(users::table) // Insert or update
|
|
|
|
|
.values(&*self)
|
|
|
|
|
.on_conflict(users::uuid)
|
|
|
|
|
.do_update()
|
|
|
|
|
.set(&*self)
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
.map_res("Error saving user")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(feature = "postgresql"))]
|
2018-12-19 20:52:53 +00:00
|
|
|
pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
|
2019-01-22 16:26:17 +00:00
|
|
|
if self.email.trim().is_empty() {
|
|
|
|
|
err!("User email can't be empty")
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-15 00:07:57 +00:00
|
|
|
self.updated_at = Utc::now().naive_utc();
|
2018-02-10 00:00:55 +00:00
|
|
|
|
2018-10-14 17:32:43 +00:00
|
|
|
diesel::replace_into(users::table) // Insert or update
|
2018-12-30 22:34:31 +00:00
|
|
|
.values(&*self)
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
.map_res("Error saving user")
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-19 20:52:53 +00:00
|
|
|
pub fn delete(self, conn: &DbConn) -> EmptyResult {
|
2018-10-12 14:20:10 +00:00
|
|
|
for user_org in UserOrganization::find_by_user(&self.uuid, &*conn) {
|
2019-05-20 19:24:29 +00:00
|
|
|
if user_org.atype == UserOrgType::Owner {
|
2018-12-30 22:34:31 +00:00
|
|
|
let owner_type = UserOrgType::Owner as i32;
|
|
|
|
|
if UserOrganization::find_by_org_and_type(&user_org.org_uuid, owner_type, &conn).len() <= 1 {
|
2018-12-19 20:52:53 +00:00
|
|
|
err!("Can't delete last owner")
|
2018-10-12 14:20:10 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-02-15 18:05:57 +00:00
|
|
|
}
|
2018-10-12 14:20:10 +00:00
|
|
|
|
|
|
|
|
UserOrganization::delete_all_by_user(&self.uuid, &*conn)?;
|
|
|
|
|
Cipher::delete_all_by_user(&self.uuid, &*conn)?;
|
|
|
|
|
Folder::delete_all_by_user(&self.uuid, &*conn)?;
|
|
|
|
|
Device::delete_all_by_user(&self.uuid, &*conn)?;
|
2018-12-19 21:51:08 +00:00
|
|
|
TwoFactor::delete_all_by_user(&self.uuid, &*conn)?;
|
2018-10-12 14:20:10 +00:00
|
|
|
Invitation::take(&self.email, &*conn); // Delete invitation if any
|
|
|
|
|
|
2018-12-30 22:34:31 +00:00
|
|
|
diesel::delete(users::table.filter(users::uuid.eq(self.uuid)))
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
.map_res("Error deleting user")
|
2018-02-15 18:05:57 +00:00
|
|
|
}
|
|
|
|
|
|
2019-02-08 17:45:07 +00:00
|
|
|
pub fn update_uuid_revision(uuid: &str, conn: &DbConn) {
|
|
|
|
|
if let Err(e) = Self::_update_revision(uuid, &Utc::now().naive_utc(), conn) {
|
|
|
|
|
warn!("Failed to update revision for {}: {:#?}", uuid, e);
|
|
|
|
|
}
|
2018-08-21 11:20:55 +00:00
|
|
|
}
|
|
|
|
|
|
2019-03-07 20:08:33 +00:00
|
|
|
pub fn update_all_revisions(conn: &DbConn) -> EmptyResult {
|
|
|
|
|
let updated_at = Utc::now().naive_utc();
|
|
|
|
|
|
|
|
|
|
crate::util::retry(
|
|
|
|
|
|| {
|
|
|
|
|
diesel::update(users::table)
|
|
|
|
|
.set(users::updated_at.eq(updated_at))
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
},
|
|
|
|
|
10,
|
|
|
|
|
)
|
|
|
|
|
.map_res("Error updating revision date for all users")
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-19 20:52:53 +00:00
|
|
|
pub fn update_revision(&mut self, conn: &DbConn) -> EmptyResult {
|
2018-08-21 09:36:04 +00:00
|
|
|
self.updated_at = Utc::now().naive_utc();
|
2019-02-08 17:45:07 +00:00
|
|
|
|
|
|
|
|
Self::_update_revision(&self.uuid, &self.updated_at, conn)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn _update_revision(uuid: &str, date: &NaiveDateTime, conn: &DbConn) -> EmptyResult {
|
|
|
|
|
crate::util::retry(
|
|
|
|
|
|| {
|
|
|
|
|
diesel::update(users::table.filter(users::uuid.eq(uuid)))
|
|
|
|
|
.set(users::updated_at.eq(date))
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
},
|
|
|
|
|
10,
|
|
|
|
|
)
|
2019-02-05 11:52:11 +00:00
|
|
|
.map_res("Error updating user revision")
|
2018-08-13 09:58:39 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-14 23:40:34 +00:00
|
|
|
pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
|
2018-02-10 00:00:55 +00:00
|
|
|
let lower_mail = mail.to_lowercase();
|
|
|
|
|
users::table
|
|
|
|
|
.filter(users::email.eq(lower_mail))
|
2018-12-30 22:34:31 +00:00
|
|
|
.first::<Self>(&**conn)
|
|
|
|
|
.ok()
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-14 23:40:34 +00:00
|
|
|
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
|
2018-12-30 22:34:31 +00:00
|
|
|
users::table.filter(users::uuid.eq(uuid)).first::<Self>(&**conn).ok()
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
2018-10-12 14:20:10 +00:00
|
|
|
|
|
|
|
|
pub fn get_all(conn: &DbConn) -> Vec<Self> {
|
2018-12-30 22:34:31 +00:00
|
|
|
users::table.load::<Self>(&**conn).expect("Error loading users")
|
2018-10-12 14:20:10 +00:00
|
|
|
}
|
2018-02-10 00:00:55 +00:00
|
|
|
}
|
2018-09-10 13:51:40 +00:00
|
|
|
|
|
|
|
|
#[derive(Debug, Identifiable, Queryable, Insertable)]
|
|
|
|
|
#[table_name = "invitations"]
|
|
|
|
|
#[primary_key(email)]
|
|
|
|
|
pub struct Invitation {
|
|
|
|
|
pub email: String,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl Invitation {
|
|
|
|
|
pub fn new(email: String) -> Self {
|
2018-12-30 22:34:31 +00:00
|
|
|
Self { email }
|
2018-09-10 13:51:40 +00:00
|
|
|
}
|
|
|
|
|
|
2019-09-12 20:12:22 +00:00
|
|
|
#[cfg(feature = "postgresql")]
|
|
|
|
|
pub fn save(&self, conn: &DbConn) -> EmptyResult {
|
|
|
|
|
if self.email.trim().is_empty() {
|
|
|
|
|
err!("Invitation email can't be empty")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
diesel::insert_into(invitations::table)
|
|
|
|
|
.values(self)
|
|
|
|
|
.on_conflict(invitations::email)
|
|
|
|
|
.do_nothing()
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
.map_res("Error saving invitation")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[cfg(not(feature = "postgresql"))]
|
2019-02-22 19:25:50 +00:00
|
|
|
pub fn save(&self, conn: &DbConn) -> EmptyResult {
|
2019-01-22 16:26:17 +00:00
|
|
|
if self.email.trim().is_empty() {
|
|
|
|
|
err!("Invitation email can't be empty")
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-10 13:51:40 +00:00
|
|
|
diesel::replace_into(invitations::table)
|
2019-02-22 19:25:50 +00:00
|
|
|
.values(self)
|
2018-12-30 22:34:31 +00:00
|
|
|
.execute(&**conn)
|
|
|
|
|
.map_res("Error saving invitation")
|
2018-09-10 13:51:40 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-19 20:52:53 +00:00
|
|
|
pub fn delete(self, conn: &DbConn) -> EmptyResult {
|
2018-12-30 22:34:31 +00:00
|
|
|
diesel::delete(invitations::table.filter(invitations::email.eq(self.email)))
|
|
|
|
|
.execute(&**conn)
|
|
|
|
|
.map_res("Error deleting invitation")
|
2018-09-10 13:51:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
|
|
|
|
|
let lower_mail = mail.to_lowercase();
|
|
|
|
|
invitations::table
|
|
|
|
|
.filter(invitations::email.eq(lower_mail))
|
2018-12-30 22:34:31 +00:00
|
|
|
.first::<Self>(&**conn)
|
|
|
|
|
.ok()
|
2018-09-10 13:51:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn take(mail: &str, conn: &DbConn) -> bool {
|
2019-01-25 17:23:51 +00:00
|
|
|
CONFIG.invitations_allowed()
|
2018-12-30 22:34:31 +00:00
|
|
|
&& match Self::find_by_mail(mail, &conn) {
|
|
|
|
|
Some(invitation) => invitation.delete(&conn).is_ok(),
|
|
|
|
|
None => false,
|
|
|
|
|
}
|
2018-09-10 13:51:40 +00:00
|
|
|
}
|
2018-12-30 22:34:31 +00:00
|
|
|
}
|
