diff options
Diffstat (limited to 'lockchain-core/src/users/mod.rs')
-rw-r--r-- | lockchain-core/src/users/mod.rs | 32 |
1 files changed, 10 insertions, 22 deletions
diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs index 338cc5e..e9205d1 100644 --- a/lockchain-core/src/users/mod.rs +++ b/lockchain-core/src/users/mod.rs @@ -14,10 +14,19 @@ //! data to load and store them into a metadata store. mod auth; +mod rights; mod tokens; +mod keystore; + +mod store; +mod secrets; + pub use self::auth::pam_authenticate; +pub use self::keystore::KeyStore; pub use self::tokens::Token; + pub use errors::AuthError; +pub use self::rights::{Access, Role}; use crypto::{encoding, hashing, random}; use std::collections::HashMap; @@ -26,27 +35,6 @@ use { traits::{AutoEncoder, Base64AutoEncoder}, }; -/// Specifies access to a resource -#[derive(Hash, Serialize, Deserialize, Clone, PartialEq, Eq)] -pub enum Access { - /// Allows access to vault metadata & index files - Vault(Role), - /// Allows access to a record resource inside a vault - Record(Role, String), -} - -impl AutoEncoder for Access {} - -/// Specifies the capabilities of a user -#[derive(Hash, Serialize, Deserialize, Clone, PartialEq, Eq)] -pub enum Role { - Reader, - Editor, - Admin, -} - -impl AutoEncoder for Role {} - /// A generic user representation /// /// A user has an identify check built in that can verify a passphrase @@ -83,7 +71,7 @@ impl User { self.pw_hash == encoding::base64_encode(&hashing::blake2(pw, &self.name).to_vec()) } /// Provides a hook to use second-factor authentication to authorise - /// + /// /// This is meant to be used with an external Yubikey pub fn second_auth_verify(&mut self) -> bool { unimplemented!() |