diff options
Diffstat (limited to 'lockchain-core/src')
-rw-r--r-- | lockchain-core/src/init.rs | 3 | ||||
-rw-r--r-- | lockchain-core/src/users/mod.rs | 6 | ||||
-rw-r--r-- | lockchain-core/src/users/tokens.rs | 43 |
3 files changed, 25 insertions, 27 deletions
diff --git a/lockchain-core/src/init.rs b/lockchain-core/src/init.rs index 0e666bb..1880599 100644 --- a/lockchain-core/src/init.rs +++ b/lockchain-core/src/init.rs @@ -1,7 +1,8 @@ -use traits::{Body, Vault}; use errors::VaultError; +use traits::{Body, Vault}; /// Describes the internal permission layout of a vault +#[derive(Debug, Serialize, Deserialize, Clone)] pub enum VaultType { /// Create an all-powerful root user which can access everything Administrated { diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs index 4086fac..392e008 100644 --- a/lockchain-core/src/users/mod.rs +++ b/lockchain-core/src/users/mod.rs @@ -14,17 +14,17 @@ //! data to load and store them into a metadata store. mod auth; -mod user; mod rights; mod tokens; +mod user; mod secrets; mod userstore; pub use self::auth::pam_authenticate; -pub use self::tokens::Token; +pub use self::tokens::{Request, Token}; pub use self::user::User; pub use self::userstore::UserStore; -pub use errors::AuthError; pub use self::rights::{Access, Role}; +pub use errors::AuthError; diff --git a/lockchain-core/src/users/tokens.rs b/lockchain-core/src/users/tokens.rs index f7226ef..e2b0747 100644 --- a/lockchain-core/src/users/tokens.rs +++ b/lockchain-core/src/users/tokens.rs @@ -1,41 +1,38 @@ -use crypto::random; - -const TOK_SIZE: usize = 64; +use crypto::{random, Key, KeyType}; /// An authentication token that can be compared in constant time -/// +/// /// ``` /// use lockchain_core::users::auth::Token; /// let t1 = Token::new(); /// let t2 = Token::new(); -/// +/// /// // Will fail, but no expose failure length /// assert_eq!(t1, t2); /// ``` +#[derive(PartialEq, Eq, Serialize, Deserialize)] pub struct Token { - tok: [u8; TOK_SIZE], + inner: Key, } impl Token { pub fn new() -> Self { - let v = random::bytes(TOK_SIZE); - let mut tok = [0; TOK_SIZE]; - tok.copy_from_slice(v.as_slice()); - - Self { tok } - } -} - -impl PartialEq for Token { - fn eq(&self, other: &Self) -> bool { - let mut ret = true; - for i in 0..TOK_SIZE { - if self.tok[i] != other.tok[i] { - ret = false; - } + Self { + inner: Key::new(KeyType::Aes128), } - ret } } -impl Eq for Token {} +/// A request wrapper around a username and token +/// +/// This structure is accepted by most Vault-trait +/// functions to reduce the number of paramters required.auth +/// +/// Because `Request` objects are short-lived and numerous, +/// they only deal with references to the original +/// username and token data. +#[derive(PartialEq, Eq, Serialize, Deserialize)] +pub struct Request<'outer> { + username: &'outer str, + token: Token, +} |