vaultwarden/src/db/models/user.rs

236 lines
6.6 KiB
Rust
Raw Normal View History

2018-02-14 23:53:11 +00:00
use chrono::{NaiveDateTime, Utc};
2018-02-10 00:00:55 +00:00
use serde_json::Value as JsonValue;
use uuid::Uuid;
use crypto;
2018-02-10 00:00:55 +00:00
use CONFIG;
2018-04-20 16:35:11 +00:00
#[derive(Debug, Identifiable, Queryable, Insertable)]
2018-02-10 00:00:55 +00:00
#[table_name = "users"]
#[primary_key(uuid)]
pub struct User {
pub uuid: String,
pub created_at: NaiveDateTime,
pub updated_at: NaiveDateTime,
pub email: String,
pub name: String,
pub password_hash: Vec<u8>,
pub salt: Vec<u8>,
pub password_iterations: i32,
pub password_hint: Option<String>,
pub key: String,
pub private_key: Option<String>,
pub public_key: Option<String>,
2018-06-01 13:08:03 +00:00
#[column_name = "totp_secret"]
_totp_secret: Option<String>,
2018-02-10 00:00:55 +00:00
pub totp_recover: Option<String>,
2018-06-01 13:08:03 +00:00
2018-02-10 00:00:55 +00:00
pub security_stamp: String,
pub equivalent_domains: String,
pub excluded_globals: String,
2018-02-10 00:00:55 +00:00
}
/// Local methods
impl User {
pub fn new(mail: String, key: String, password: String) -> Self {
2018-02-10 00:00:55 +00:00
let now = Utc::now().naive_utc();
let email = mail.to_lowercase();
let iterations = CONFIG.password_iterations;
let salt = crypto::get_random_64();
let password_hash = crypto::hash_password(password.as_bytes(), &salt, iterations as u32);
Self {
2018-02-10 00:00:55 +00:00
uuid: Uuid::new_v4().to_string(),
created_at: now,
updated_at: now,
name: email.clone(),
email,
key,
password_hash,
salt,
password_iterations: iterations,
security_stamp: Uuid::new_v4().to_string(),
password_hint: None,
private_key: None,
public_key: None,
2018-06-01 13:08:03 +00:00
_totp_secret: None,
2018-02-10 00:00:55 +00:00
totp_recover: None,
equivalent_domains: "[]".to_string(),
excluded_globals: "[]".to_string(),
2018-02-10 00:00:55 +00:00
}
}
pub fn new_invited(mail: String) -> Self {
Self::new(mail,"".to_string(),"".to_string())
}
2018-02-10 00:00:55 +00:00
pub fn check_valid_password(&self, password: &str) -> bool {
crypto::verify_password_hash(password.as_bytes(),
&self.salt,
&self.password_hash,
self.password_iterations as u32)
}
pub fn check_valid_recovery_code(&self, recovery_code: &str) -> bool {
if let Some(ref totp_recover) = self.totp_recover {
recovery_code == totp_recover.to_lowercase()
} else {
false
}
}
2018-02-10 00:00:55 +00:00
pub fn set_password(&mut self, password: &str) {
self.password_hash = crypto::hash_password(password.as_bytes(),
&self.salt,
self.password_iterations as u32);
self.reset_security_stamp();
}
pub fn reset_security_stamp(&mut self) {
self.security_stamp = Uuid::new_v4().to_string();
}
}
use diesel;
use diesel::prelude::*;
use db::DbConn;
use db::schema::{users, invitations};
/// Database methods
impl User {
pub fn to_json(&self, conn: &DbConn) -> JsonValue {
use super::UserOrganization;
use super::TwoFactor;
let orgs = UserOrganization::find_by_user(&self.uuid, conn);
let orgs_json: Vec<JsonValue> = orgs.iter().map(|c| c.to_json(&conn)).collect();
2018-02-10 00:00:55 +00:00
let twofactor_enabled = TwoFactor::find_by_user(&self.uuid, conn).len() > 0;
2018-02-10 00:00:55 +00:00
json!({
"Id": self.uuid,
"Name": self.name,
"Email": self.email,
"EmailVerified": true,
"Premium": true,
"MasterPasswordHint": self.password_hint,
"Culture": "en-US",
"TwoFactorEnabled": twofactor_enabled,
2018-02-10 00:00:55 +00:00
"Key": self.key,
"PrivateKey": self.private_key,
"SecurityStamp": self.security_stamp,
"Organizations": orgs_json,
2018-02-10 00:00:55 +00:00
"Object": "profile"
})
}
pub fn save(&mut self, conn: &DbConn) -> bool {
self.updated_at = Utc::now().naive_utc();
2018-02-10 00:00:55 +00:00
match diesel::replace_into(users::table) // Insert or update
.values(&*self)
2018-02-10 00:00:55 +00:00
.execute(&**conn) {
Ok(1) => true, // One row inserted
_ => false,
}
}
pub fn delete(self, conn: &DbConn) -> bool {
match diesel::delete(users::table.filter(
users::uuid.eq(self.uuid)))
.execute(&**conn) {
Ok(1) => true, // One row deleted
_ => false,
}
}
pub fn update_uuid_revision(uuid: &str, conn: &DbConn) {
if let Some(mut user) = User::find_by_uuid(&uuid, conn) {
if user.update_revision(conn).is_err(){
println!("Warning: Failed to update revision for {}", user.email);
};
};
}
2018-08-13 09:58:39 +00:00
pub fn update_revision(&mut self, conn: &DbConn) -> QueryResult<()> {
self.updated_at = Utc::now().naive_utc();
2018-08-13 09:58:39 +00:00
diesel::update(
users::table.filter(
users::uuid.eq(&self.uuid)
)
)
.set(users::updated_at.eq(&self.updated_at))
2018-08-13 09:58:39 +00:00
.execute(&**conn).and(Ok(()))
}
pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
2018-02-10 00:00:55 +00:00
let lower_mail = mail.to_lowercase();
users::table
.filter(users::email.eq(lower_mail))
.first::<Self>(&**conn).ok()
2018-02-10 00:00:55 +00:00
}
pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
2018-02-10 00:00:55 +00:00
users::table
.filter(users::uuid.eq(uuid))
.first::<Self>(&**conn).ok()
2018-02-10 00:00:55 +00:00
}
}
#[derive(Debug, Identifiable, Queryable, Insertable)]
#[table_name = "invitations"]
#[primary_key(email)]
pub struct Invitation {
pub email: String,
}
impl Invitation {
pub fn new(email: String) -> Self {
Self {
email
}
}
pub fn save(&mut self, conn: &DbConn) -> QueryResult<()> {
diesel::replace_into(invitations::table)
.values(&*self)
.execute(&**conn)
.and(Ok(()))
}
pub fn delete(self, conn: &DbConn) -> QueryResult<()> {
diesel::delete(invitations::table.filter(
invitations::email.eq(self.email)))
.execute(&**conn)
.and(Ok(()))
}
pub fn find_by_mail(mail: &str, conn: &DbConn) -> Option<Self> {
let lower_mail = mail.to_lowercase();
invitations::table
.filter(invitations::email.eq(lower_mail))
.first::<Self>(&**conn).ok()
}
pub fn take(mail: &str, conn: &DbConn) -> bool {
CONFIG.invitations_allowed &&
match Self::find_by_mail(mail, &conn) {
Some(invitation) => invitation.delete(&conn).is_ok(),
None => false
}
}
}