fix errors, move password hashing into User add sqlx offline checks

2022-04-28 21:55:52 +02:00
parent 601b2d4f42
commit 304f82baa4
7 changed files with 219 additions and 13 deletions
--- a/src/api/client_server/auth.rs
+++ b/src/api/client_server/auth.rs
@@ -33,8 +33,8 @@ pub fn routes() -> axum::Router {
 }

 #[tracing::instrument]
-async fn get_login() -> Json<Flows> {
-    Json(Flows::new())
+async fn get_login() -> Result<Json<Flows>, ApiError> {
+    Ok(Json(Flows::new()))
 }

 #[tracing::instrument(skip_all)]
@@ -81,18 +81,12 @@ async fn post_register(
                .then(|| ())
                .ok_or(RegistrationError::UserIdTaken)?;

-            let salt = SaltString::generate(OsRng);
-            let argon2 = Argon2::default();
-            let pw_hash = argon2
-                .hash_password(auth_data.password().as_bytes(), &salt)?
-                .to_string();
-
            let display_name = match body.initial_device_display_name() {
                Some(display_name) => display_name.as_ref(),
                None => "Random displayname",
            };

-            let user = User::create(&db, &user_id, &user_id.to_string(), &pw_hash).await?;
+            let user = User::create(&db, &user_id, &user_id.to_string(), auth_data.password()).await?;
            let device = Device::create(&db, &user, "test", display_name).await?;

            (user, device)
--- a/src/api/client_server/errors/api_error.rs
+++ b/src/api/client_server/errors/api_error.rs
@@ -45,7 +45,7 @@ pub enum ApiError {
    DBError(#[from] sqlx::Error),

    #[error("Generic Error")]
-    Generic(anyhow::Error),
+    Generic(anyhow::Error)
 }

 impl From<anyhow::Error> for ApiError {
--- a/src/models/users.rs
+++ b/src/models/users.rs
@@ -1,3 +1,5 @@
+use argon2::{password_hash::SaltString, Argon2, PasswordHasher};
+use rand_core::OsRng;
 use sqlx::SqlitePool;

 use crate::types::user_id::UserId;
@@ -25,7 +27,13 @@ impl User {
        display_name: &str,
        password: &str,
    ) -> anyhow::Result<Self> {
-        Ok(sqlx::query_as!(Self, "insert into users(user_id, display_name, password) values (?, ?, ?) returning id, user_id, display_name, password", user_id, display_name, password).fetch_one(conn).await?)
+        let salt = SaltString::generate(OsRng);
+        let argon2 = Argon2::default();
+        let pw_hash = argon2
+            .hash_password(password.as_bytes(), &salt)?
+            .to_string();
+            
+        Ok(sqlx::query_as!(Self, "insert into users(user_id, display_name, password) values (?, ?, ?) returning id, user_id, display_name, password", user_id, display_name, pw_hash).fetch_one(conn).await?)
    }

    pub async fn by_user_id(conn: &SqlitePool, user_id: &UserId) -> anyhow::Result<Self> {