Implement password change functionality

2024-11-22 06:47:56 +01:00 · 2022-07-11 12:27:51 +02:00 · 2022-07-11 12:27:51 +02:00 · 70c94feced
commit 70c94feced
parent 1fc13405e8
2 changed files with 39 additions and 11 deletions
--- a/bffhd/capnp/user.rs
+++ b/bffhd/capnp/user.rs
@ -79,12 +79,21 @@ impl info::Server for User {
 impl manage::Server for User {
    fn pwd(
        &mut self,
-        _params: manage::PwdParams,
+        params: manage::PwdParams,
        _results: manage::PwdResults,
    ) -> Promise<(), ::capnp::Error> {
-        Promise::err(::capnp::Error::unimplemented(
-            "method not implemented".to_string(),
-        ))
+        let params = pry!(params.get());
+        let old_pw = pry!(params.get_old_pwd());
+        let new_pw = pry!(params.get_new_pwd());
+
+        let uid = self.user.get_username();
+        if let Some(mut user) = self.session.users.get_user(uid) {
+            if let Ok(true) = user.check_password(old_pw.as_bytes()) {
+                user.set_pw(new_pw.as_bytes());
+                self.session.users.put_user(uid, &user);
+            }
+        }
+        Promise::ok(())
    }
 }

@ -148,9 +157,17 @@ impl admin::Server for User {

        Promise::ok(())
    }
-    fn pwd(&mut self, _: admin::PwdParams, _: admin::PwdResults) -> Promise<(), ::capnp::Error> {
-        Promise::err(::capnp::Error::unimplemented(
-            "method not implemented".to_string(),
-        ))
+    fn pwd(
+        &mut self,
+        param: admin::PwdParams,
+        _: admin::PwdResults,
+    ) -> Promise<(), ::capnp::Error> {
+        let new_pw = pry!(pry!(param.get()).get_new_pwd());
+        let uid = self.user.get_username();
+        if let Some(mut user) = self.session.users.get_user(uid) {
+            user.set_pw(new_pw.as_bytes());
+            self.session.users.put_user(uid, &user);
+        }
+        Promise::ok(())
    }
 }
--- a/bffhd/users/db.rs
+++ b/bffhd/users/db.rs
@ -27,6 +27,12 @@ pub struct User {
    pub userdata: UserData,
 }

+fn hash_pw(pw: &[u8]) -> argon2::Result<String> {
+    let config = argon2::Config::default();
+    let salt: [u8; 16] = rand::random();
+    argon2::hash_encoded(pw, &salt, &config)
+}
+
 impl User {
    pub fn check_password(&self, pwd: &[u8]) -> miette::Result<bool> {
        if let Some(ref encoded) = self.userdata.passwd {
@ -39,9 +45,7 @@ impl User {
    }

    pub fn new_with_plain_pw(username: &str, password: impl AsRef<[u8]>) -> Self {
-        let config = argon2::Config::default();
-        let salt: [u8; 16] = rand::random();
-        let hash = argon2::hash_encoded(password.as_ref(), &salt, &config)
+        let hash = hash_pw(password.as_ref())
            .expect(&format!("Failed to hash password for {}: ", username));
        tracing::debug!("Hashed pw for {} to {}", username, hash);

@ -53,6 +57,13 @@ impl User {
            },
        }
    }
+
+    pub fn set_pw(&mut self, password: impl AsRef<[u8]>) {
+        self.userdata.passwd = Some(hash_pw(password.as_ref()).expect(&format!(
+            "failed to update hashed password for {}",
+            &self.id
+        )));
+    }
 }

 #[derive(