diff options
Diffstat (limited to 'logic/src/login.rs')
| -rw-r--r-- | logic/src/login.rs | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/logic/src/login.rs b/logic/src/login.rs index f79fafc..0d616ff 100644 --- a/logic/src/login.rs +++ b/logic/src/login.rs @@ -21,52 +21,3 @@ pub fn create_admin_account() -> Result<()> { } Ok(()) } - -pub fn login_logic( - username: &str, - password: &str, - expire: Option<i64>, - drop_permissions: Option<HashSet<UserPermission>>, -) -> Result<String> { - // hashing the password regardless if the accounts exists to better resist timing attacks - let password = hash_password(username, password); - - let mut user = DATABASE - .get_user(username)? - .ok_or(anyhow!("invalid password"))?; - - if user.password != password { - Err(anyhow!("invalid password"))? - } - - if let Some(ep) = drop_permissions { - // remove all grant perms that are in `ep` - user.permissions - .0 - .retain(|p, val| if *val { !ep.contains(p) } else { true }) - } - - Ok(create( - user.name, - user.permissions, - Duration::from_days( - CONF.login_expire - .min(expire.unwrap_or(i64::MAX)) - .try_into() - .unwrap(), - ), - )) -} - -pub fn hash_password(username: &str, password: &str) -> Vec<u8> { - Argon2::default() - .hash_password( - format!("{username}\0{password}").as_bytes(), - <&str as TryInto<Salt>>::try_into("IYMa13osbNeLJKnQ1T8LlA").unwrap(), - ) - .unwrap() - .hash - .unwrap() - .as_bytes() - .to_vec() -} |