Revert authentication payload change
parent: tbd commit: 16b4bc2
Showing 5 changed files with 29 insertions and 16 deletions
giterated-daemon/src/backend/mod.rs
| @@ -27,6 +27,7 @@ use giterated_models::{ | ||
| 27 | 27 | }, |
| 28 | 28 | }, |
| 29 | 29 | model::{ |
| 30 | instance::Instance, | |
| 30 | 31 | repository::{Repository, RepositorySummary, RepositoryView}, |
| 31 | 32 | user::User, |
| 32 | 33 | }, |
| @@ -83,6 +84,7 @@ pub trait AuthBackend { | ||
| 83 | 84 | |
| 84 | 85 | async fn login( |
| 85 | 86 | &mut self, |
| 87 | source: &Instance, | |
| 86 | 88 | request: AuthenticationTokenRequest, |
| 87 | 89 | ) -> Result<AuthenticationTokenResponse, Error>; |
| 88 | 90 | } |
giterated-daemon/src/backend/user.rs
| @@ -3,7 +3,7 @@ use std::sync::Arc; | ||
| 3 | 3 | use anyhow::Error; |
| 4 | 4 | |
| 5 | 5 | use aes_gcm::{aead::Aead, AeadCore, Aes256Gcm, Key, KeyInit}; |
| 6 | use argon2::{password_hash::SaltString, Argon2, PasswordHasher, PasswordHash, PasswordVerifier}; | |
| 6 | use argon2::{password_hash::SaltString, Argon2, PasswordHash, PasswordHasher, PasswordVerifier}; | |
| 7 | 7 | use base64::{engine::general_purpose::STANDARD, Engine as _}; |
| 8 | 8 | use giterated_models::{ |
| 9 | 9 | messages::{ |
| @@ -17,9 +17,10 @@ use giterated_models::{ | ||
| 17 | 17 | }, |
| 18 | 18 | }, |
| 19 | 19 | model::{ |
| 20 | authenticated::UserAuthenticationToken, | |
| 20 | 21 | instance::Instance, |
| 21 | 22 | settings::{Setting, UserBio, UserDisplayImage, UserDisplayName}, |
| 22 | user::User, authenticated::UserAuthenticationToken, | |
| 23 | user::User, | |
| 23 | 24 | }, |
| 24 | 25 | }; |
| 25 | 26 | use rsa::{ |
| @@ -221,13 +222,23 @@ impl AuthBackend for UserAuth { | ||
| 221 | 222 | |
| 222 | 223 | async fn login( |
| 223 | 224 | &mut self, |
| 225 | source: &Instance, | |
| 224 | 226 | request: AuthenticationTokenRequest, |
| 225 | 227 | ) -> Result<AuthenticationTokenResponse, Error> { |
| 226 | let user = sqlx::query_as!(UserRow, r#"SELECT * FROM users WHERE username = $1"#, request.username).fetch_one(&self.pg_pool).await?; | |
| 228 | let user = sqlx::query_as!( | |
| 229 | UserRow, | |
| 230 | r#"SELECT * FROM users WHERE username = $1"#, | |
| 231 | request.username | |
| 232 | ) | |
| 233 | .fetch_one(&self.pg_pool) | |
| 234 | .await?; | |
| 227 | 235 | |
| 228 | 236 | let hash = PasswordHash::new(&user.password).unwrap(); |
| 229 | 237 | |
| 230 | if !matches!(Argon2::default().verify_password(request.password.as_bytes(), &hash), Ok(())) { | |
| 238 | if !matches!( | |
| 239 | Argon2::default().verify_password(request.password.as_bytes(), &hash), | |
| 240 | Ok(()) | |
| 241 | ) { | |
| 231 | 242 | // Invalid password! |
| 232 | 243 | return Err(Error::from(AuthenticationError::InvalidPassword)); |
| 233 | 244 | } |
| @@ -239,11 +250,13 @@ impl AuthBackend for UserAuth { | ||
| 239 | 250 | username: user.username, |
| 240 | 251 | instance: self.this_instance.clone(), |
| 241 | 252 | }, |
| 242 | &request.issued_for.unwrap_or_else(|| self.this_instance.clone()), | |
| 253 | &source, | |
| 243 | 254 | ) |
| 244 | 255 | .await; |
| 245 | 256 | |
| 246 | Ok(AuthenticationTokenResponse { token: UserAuthenticationToken::from(token) }) | |
| 257 | Ok(AuthenticationTokenResponse { | |
| 258 | token: UserAuthenticationToken::from(token), | |
| 259 | }) | |
| 247 | 260 | } |
| 248 | 261 | } |
| 249 | 262 | |
| @@ -260,5 +273,5 @@ struct UserRow { | ||
| 260 | 273 | #[derive(Debug, thiserror::Error)] |
| 261 | 274 | pub enum AuthenticationError { |
| 262 | 275 | #[error("invalid password")] |
| 263 | InvalidPassword | |
| 264 | } | |
| 264 | \ No newline at end of file | |
| 276 | InvalidPassword, | |
| 277 | } | |
giterated-daemon/src/connection/authentication.rs
| @@ -105,11 +105,6 @@ async fn authentication_token_request( | ||
| 105 | 105 | private_key, |
| 106 | 106 | }; |
| 107 | 107 | |
| 108 | let request = AuthenticationTokenRequest { | |
| 109 | issued_for: Some(issued_for), | |
| 110 | ..request | |
| 111 | }; | |
| 112 | ||
| 113 | 108 | let response = giterated_api::request::request_local(request) |
| 114 | 109 | .authenticate(authenticator) |
| 115 | 110 | .execute_expect::<AuthenticationTokenResponse>(&connection) |
| @@ -127,7 +122,10 @@ async fn authentication_token_request( | ||
| 127 | 122 | |
| 128 | 123 | let mut user_backend = connection_state.user_backend.lock().await; |
| 129 | 124 | |
| 130 | let response = user_backend.login(request).await.map_err(|e| AuthenticationConnectionError::TokenIssuance(e))?; | |
| 125 | let response = user_backend | |
| 126 | .login(instance.inner(), request) | |
| 127 | .await | |
| 128 | .map_err(|e| AuthenticationConnectionError::TokenIssuance(e))?; | |
| 131 | 129 | |
| 132 | 130 | connection_state |
| 133 | 131 | .send(response) |
giterated-daemon/src/main.rs
| @@ -60,7 +60,8 @@ async fn main() -> Result<(), Error> { | ||
| 60 | 60 | .as_str() |
| 61 | 61 | .unwrap(), |
| 62 | 62 | ), |
| 63 | instance: Instance::from_str(config["giterated"]["instance"].as_str().unwrap()).unwrap(), | |
| 63 | instance: Instance::from_str(config["giterated"]["instance"].as_str().unwrap()) | |
| 64 | .unwrap(), | |
| 64 | 65 | })); |
| 65 | 66 | |
| 66 | 67 | let token_granter = Arc::new(Mutex::new(AuthenticationTokenGranter { |
giterated-models/src/messages/authentication.rs
| @@ -41,7 +41,6 @@ pub struct RegisterAccountResponse { | ||
| 41 | 41 | #[derive(Clone, Debug, Serialize, Deserialize)] |
| 42 | 42 | pub struct AuthenticationTokenRequest { |
| 43 | 43 | pub instance: Instance, |
| 44 | pub issued_for: Option<Instance>, | |
| 45 | 44 | pub username: String, |
| 46 | 45 | pub password: String, |
| 47 | 46 | } |