peach-workspace/peach-lib/src/password_utils.rs

use async_std::task;
use golgi::Sbot;
use log::debug;
use nanorand::{Rng, WyRand};
use sha3::{Digest, Sha3_256};

use crate::{config_manager, error::PeachError, sbot::SbotConfig};

/// Returns Ok(()) if the supplied password is correct,
/// and returns Err if the supplied password is incorrect.
pub fn verify_password(password: &str) -> Result<(), PeachError> {
    let real_admin_password_hash = config_manager::get_admin_password_hash()?;
    let password_hash = hash_password(password);
    if real_admin_password_hash == password_hash {
        Ok(())
    } else {
        Err(PeachError::PasswordIncorrect)
    }
}

/// Checks if the given passwords are valid, and returns Ok() if they are and
/// a PeachError otherwise.
/// Currently this just checks that the passwords are the same,
/// but could be extended to test if they are strong enough.
pub fn validate_new_passwords(new_password1: &str, new_password2: &str) -> Result<(), PeachError> {
    if new_password1 == new_password2 {
        Ok(())
    } else {
        Err(PeachError::PasswordMismatch)
    }
}

/// Sets a new password for the admin user
pub fn set_new_password(new_password: &str) -> Result<(), PeachError> {
    let new_password_hash = hash_password(new_password);
    config_manager::set_admin_password_hash(new_password_hash)?;

    Ok(())
}

/// Creates a hash from a password string
pub fn hash_password(password: &str) -> String {
    let mut hasher = Sha3_256::new();
    // write input message
    hasher.update(password);
    // read hash digest
    let result = hasher.finalize();
    // convert `u8` to `String`
    result[0].to_string()
}

/// Sets a new temporary password for the admin user
/// which can be used to reset the permanent password
pub fn set_new_temporary_password(new_password: &str) -> Result<(), PeachError> {
    let new_password_hash = hash_password(new_password);
    config_manager::set_temporary_password_hash(new_password_hash)?;

    Ok(())
}

/// Returns Ok(()) if the supplied temp_password is correct,
/// and returns Err if the supplied temp_password is incorrect
pub fn verify_temporary_password(password: &str) -> Result<(), PeachError> {
    let temporary_admin_password_hash = config_manager::get_temporary_password_hash()?;
    let password_hash = hash_password(password);
    if temporary_admin_password_hash == password_hash {
        Ok(())
    } else {
        Err(PeachError::PasswordIncorrect)
    }
}

/// Generates a temporary password and sends it via ssb dm
/// to the ssb id configured to be the admin of the peachcloud device
pub fn send_password_reset() -> Result<(), PeachError> {
    // initialise random number generator
    let mut rng = WyRand::new();
    // generate a new password of random numbers
    let temporary_password = rng.generate::<u64>().to_string();
    // save this string as a new temporary password
    set_new_temporary_password(&temporary_password)?;
    let domain = config_manager::get_peachcloud_domain()?;

    // then send temporary password as a private ssb message to admin
    let mut msg = format!(
        "Your new temporary password is: {}

If you are on the same WiFi network as your PeachCloud device you can reset your password \
using this link: http://peach.local/auth/reset",
        temporary_password
    );
    // if there is an external domain, then include remote link in message
    // otherwise dont include it
    let remote_link = match domain {
        Some(domain) => {
            format!(
                "\n\nOr if you are on a different WiFi network, you can reset your password \
            using the the following link: {}/auth/reset",
                domain
            )
        }
        None => "".to_string(),
    };
    msg += &remote_link;
    // finally send the message to the admins
    let ssb_admin_ids = config_manager::get_ssb_admin_ids()?;
    for ssb_admin_id in ssb_admin_ids {
        // use golgi to send a private message on scuttlebutt
        match task::block_on(publish_private_msg(&msg, &ssb_admin_id)) {
            Ok(_) => (),
            Err(e) => return Err(PeachError::Sbot(e)),
        }
    }
    Ok(())
}

async fn publish_private_msg(msg: &str, recipient: &str) -> Result<(), String> {
    // retrieve latest go-sbot configuration parameters
    let sbot_config = SbotConfig::read().ok();

    let msg = msg.to_string();
    let recipient = vec![recipient.to_string()];

    // initialise sbot connection with ip:port and shscap from config file
    let mut sbot_client = match sbot_config {
        // TODO: panics if we pass `Some(conf.shscap)` as second arg
        Some(conf) => {
            let ip_port = conf.lis.clone();
            Sbot::init(Some(ip_port), None)
                .await
                .map_err(|e| e.to_string())?
        }
        None => Sbot::init(None, None).await.map_err(|e| e.to_string())?,
    };

    debug!("Publishing a Scuttlebutt private message with temporary password");
    match sbot_client.publish_private(msg, recipient).await {
        Ok(_) => Ok(()),
        Err(e) => Err(format!("Failed to publish private message: {}", e)),
    }
}
fix and improve all login and password-related workflows 2022-03-04 08:53:49 +00:00			`use async_std::task;`
			`use golgi::Sbot;`
			`use log::debug;`
trying to resolve conflict for nanorand pr 2021-12-07 12:08:21 +00:00			`use nanorand::{Rng, WyRand};`
replace outdated crypto crate 2022-01-04 13:23:41 +00:00			`use sha3::{Digest, Sha3_256};`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00
fix and improve all login and password-related workflows 2022-03-04 08:53:49 +00:00			`use crate::{config_manager, error::PeachError, sbot::SbotConfig};`
First workspace commit 2021-08-06 17:58:40 +00:00
			`/// Returns Ok(()) if the supplied password is correct,`
			`/// and returns Err if the supplied password is incorrect.`
			`pub fn verify_password(password: &str) -> Result<(), PeachError> {`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00			`let real_admin_password_hash = config_manager::get_admin_password_hash()?;`
satisfy clippy nightly warnings 2022-01-12 11:15:04 +00:00			`let password_hash = hash_password(password);`
Add rocket authentication to all routes 2021-11-08 15:38:10 +00:00			`if real_admin_password_hash == password_hash {`
First workspace commit 2021-08-06 17:58:40 +00:00			`Ok(())`
			`} else {`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00			`Err(PeachError::PasswordIncorrect)`
First workspace commit 2021-08-06 17:58:40 +00:00			`}`
			`}`

			`/// Checks if the given passwords are valid, and returns Ok() if they are and`
			`/// a PeachError otherwise.`
			`/// Currently this just checks that the passwords are the same,`
			`/// but could be extended to test if they are strong enough.`
			`pub fn validate_new_passwords(new_password1: &str, new_password2: &str) -> Result<(), PeachError> {`
			`if new_password1 == new_password2 {`
			`Ok(())`
			`} else {`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00			`Err(PeachError::PasswordMismatch)`
First workspace commit 2021-08-06 17:58:40 +00:00			`}`
			`}`

Clean up comments 2021-11-10 11:21:17 +00:00			`/// Sets a new password for the admin user`
First workspace commit 2021-08-06 17:58:40 +00:00			`pub fn set_new_password(new_password: &str) -> Result<(), PeachError> {`
satisfy clippy nightly warnings 2022-01-12 11:15:04 +00:00			`let new_password_hash = hash_password(new_password);`
Working on refactor to use hashmaps 2022-05-09 13:53:03 +00:00			`config_manager::set_admin_password_hash(new_password_hash)?;`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00
			`Ok(())`
First workspace commit 2021-08-06 17:58:40 +00:00			`}`

Add rocket authentication to all routes 2021-11-08 15:38:10 +00:00			`/// Creates a hash from a password string`
Use empty struct for Authenticated 2021-11-08 16:01:38 +00:00			`pub fn hash_password(password: &str) -> String {`
replace outdated crypto crate 2022-01-04 13:23:41 +00:00			`let mut hasher = Sha3_256::new();`
			`// write input message`
			`hasher.update(password);`
			`// read hash digest`
			`let result = hasher.finalize();`
			// convert `u8` to `String`
			`result[0].to_string()`
Add rocket authentication to all routes 2021-11-08 15:38:10 +00:00			`}`

Clean up comments 2021-11-10 11:21:17 +00:00			`/// Sets a new temporary password for the admin user`
First workspace commit 2021-08-06 17:58:40 +00:00			`/// which can be used to reset the permanent password`
			`pub fn set_new_temporary_password(new_password: &str) -> Result<(), PeachError> {`
satisfy clippy nightly warnings 2022-01-12 11:15:04 +00:00			`let new_password_hash = hash_password(new_password);`
Working on refactor to use hashmaps 2022-05-09 13:53:03 +00:00			`config_manager::set_temporary_password_hash(new_password_hash)?;`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00
			`Ok(())`
First workspace commit 2021-08-06 17:58:40 +00:00			`}`

			`/// Returns Ok(()) if the supplied temp_password is correct,`
			`/// and returns Err if the supplied temp_password is incorrect`
			`pub fn verify_temporary_password(password: &str) -> Result<(), PeachError> {`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00			`let temporary_admin_password_hash = config_manager::get_temporary_password_hash()?;`
satisfy clippy nightly warnings 2022-01-12 11:15:04 +00:00			`let password_hash = hash_password(password);`
Add rocket authentication to all routes 2021-11-08 15:38:10 +00:00			`if temporary_admin_password_hash == password_hash {`
First workspace commit 2021-08-06 17:58:40 +00:00			`Ok(())`
			`} else {`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00			`Err(PeachError::PasswordIncorrect)`
First workspace commit 2021-08-06 17:58:40 +00:00			`}`
			`}`

Clean up comments 2021-11-10 11:21:17 +00:00			`/// Generates a temporary password and sends it via ssb dm`
First workspace commit 2021-08-06 17:58:40 +00:00			`/// to the ssb id configured to be the admin of the peachcloud device`
			`pub fn send_password_reset() -> Result<(), PeachError> {`
trying to resolve conflict for nanorand pr 2021-12-07 12:08:21 +00:00			`// initialise random number generator`
			`let mut rng = WyRand::new();`
			`// generate a new password of random numbers`
			`let temporary_password = rng.generate::<u64>().to_string();`
First workspace commit 2021-08-06 17:58:40 +00:00			`// save this string as a new temporary password`
			`set_new_temporary_password(&temporary_password)?;`
remove snafu context and improve error handling 2021-11-25 07:58:00 +00:00			`let domain = config_manager::get_peachcloud_domain()?;`
First workspace commit 2021-08-06 17:58:40 +00:00
			`// then send temporary password as a private ssb message to admin`
			`let mut msg = format!(`
			`"Your new temporary password is: {}`

			`If you are on the same WiFi network as your PeachCloud device you can reset your password \`
add temporary password reset routes 2022-03-24 07:05:26 +00:00			`using this link: http://peach.local/auth/reset",`
First workspace commit 2021-08-06 17:58:40 +00:00			`temporary_password`
			`);`
			`// if there is an external domain, then include remote link in message`
			`// otherwise dont include it`
			`let remote_link = match domain {`
			`Some(domain) => {`
			`format!(`
			`"\n\nOr if you are on a different WiFi network, you can reset your password \`
add temporary password reset routes 2022-03-24 07:05:26 +00:00			`using the the following link: {}/auth/reset",`
First workspace commit 2021-08-06 17:58:40 +00:00			`domain`
			`)`
			`}`
			`None => "".to_string(),`
			`};`
			`msg += &remote_link;`
			`// finally send the message to the admins`
Working on refactor to use hashmaps 2022-05-09 13:53:03 +00:00			`let ssb_admin_ids = config_manager::get_ssb_admin_ids()?;`
			`for ssb_admin_id in ssb_admin_ids {`
fix and improve all login and password-related workflows 2022-03-04 08:53:49 +00:00			`// use golgi to send a private message on scuttlebutt`
			`match task::block_on(publish_private_msg(&msg, &ssb_admin_id)) {`
			`Ok(_) => (),`
			`Err(e) => return Err(PeachError::Sbot(e)),`
			`}`
First workspace commit 2021-08-06 17:58:40 +00:00			`}`
			`Ok(())`
			`}`
fix and improve all login and password-related workflows 2022-03-04 08:53:49 +00:00
			`async fn publish_private_msg(msg: &str, recipient: &str) -> Result<(), String> {`
			`// retrieve latest go-sbot configuration parameters`
			`let sbot_config = SbotConfig::read().ok();`

			`let msg = msg.to_string();`
			`let recipient = vec![recipient.to_string()];`

			`// initialise sbot connection with ip:port and shscap from config file`
			`let mut sbot_client = match sbot_config {`
			// TODO: panics if we pass `Some(conf.shscap)` as second arg
			`Some(conf) => {`
			`let ip_port = conf.lis.clone();`
			`Sbot::init(Some(ip_port), None)`
			`.await`
			`.map_err(\|e\| e.to_string())?`
			`}`
			`None => Sbot::init(None, None).await.map_err(\|e\| e.to_string())?,`
			`};`

			`debug!("Publishing a Scuttlebutt private message with temporary password");`
			`match sbot_client.publish_private(msg, recipient).await {`
			`Ok(_) => Ok(()),`
			`Err(e) => Err(format!("Failed to publish private message: {}", e)),`
			`}`
			`}`