144 lines
5.1 KiB
Rust
144 lines
5.1 KiB
Rust
use async_std::task;
|
|
use golgi::{sbot::Keystore, Sbot};
|
|
use log::debug;
|
|
use nanorand::{Rng, WyRand};
|
|
use sha3::{Digest, Sha3_256};
|
|
|
|
use crate::{config_manager, error::PeachError, sbot::SbotConfig};
|
|
|
|
/// Returns Ok(()) if the supplied password is correct,
|
|
/// and returns Err if the supplied password is incorrect.
|
|
pub fn verify_password(password: &str) -> Result<(), PeachError> {
|
|
let real_admin_password_hash = config_manager::get_admin_password_hash()?;
|
|
let password_hash = hash_password(password);
|
|
if real_admin_password_hash == password_hash {
|
|
Ok(())
|
|
} else {
|
|
Err(PeachError::PasswordIncorrect)
|
|
}
|
|
}
|
|
|
|
/// Checks if the given passwords are valid, and returns Ok() if they are and
|
|
/// a PeachError otherwise.
|
|
/// Currently this just checks that the passwords are the same,
|
|
/// but could be extended to test if they are strong enough.
|
|
pub fn validate_new_passwords(new_password1: &str, new_password2: &str) -> Result<(), PeachError> {
|
|
if new_password1 == new_password2 {
|
|
Ok(())
|
|
} else {
|
|
Err(PeachError::PasswordMismatch)
|
|
}
|
|
}
|
|
|
|
/// Sets a new password for the admin user
|
|
pub fn set_new_password(new_password: &str) -> Result<(), PeachError> {
|
|
let new_password_hash = hash_password(new_password);
|
|
config_manager::set_admin_password_hash(new_password_hash)?;
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Creates a hash from a password string
|
|
pub fn hash_password(password: &str) -> String {
|
|
let mut hasher = Sha3_256::new();
|
|
// write input message
|
|
hasher.update(password);
|
|
// read hash digest
|
|
let result = hasher.finalize();
|
|
// convert `u8` to `String`
|
|
result[0].to_string()
|
|
}
|
|
|
|
/// Sets a new temporary password for the admin user
|
|
/// which can be used to reset the permanent password
|
|
pub fn set_new_temporary_password(new_password: &str) -> Result<(), PeachError> {
|
|
let new_password_hash = hash_password(new_password);
|
|
config_manager::set_temporary_password_hash(new_password_hash)?;
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Returns Ok(()) if the supplied temp_password is correct,
|
|
/// and returns Err if the supplied temp_password is incorrect
|
|
pub fn verify_temporary_password(password: &str) -> Result<(), PeachError> {
|
|
let temporary_admin_password_hash = config_manager::get_temporary_password_hash()?;
|
|
let password_hash = hash_password(password);
|
|
if temporary_admin_password_hash == password_hash {
|
|
Ok(())
|
|
} else {
|
|
Err(PeachError::PasswordIncorrect)
|
|
}
|
|
}
|
|
|
|
/// Generates a temporary password and sends it via ssb dm
|
|
/// to the ssb id configured to be the admin of the peachcloud device
|
|
pub fn send_password_reset() -> Result<(), PeachError> {
|
|
// initialise random number generator
|
|
let mut rng = WyRand::new();
|
|
// generate a new password of random numbers
|
|
let temporary_password = rng.generate::<u64>().to_string();
|
|
// save this string as a new temporary password
|
|
set_new_temporary_password(&temporary_password)?;
|
|
let domain = config_manager::get_peachcloud_domain()?;
|
|
|
|
// then send temporary password as a private ssb message to admin
|
|
let mut msg = format!(
|
|
"Your new temporary password is: {}
|
|
|
|
If you are on the same WiFi network as your PeachCloud device you can reset your password \
|
|
using this link: http://peach.local/auth/reset",
|
|
temporary_password
|
|
);
|
|
// if there is an external domain, then include remote link in message
|
|
// otherwise dont include it
|
|
let remote_link = match domain {
|
|
Some(domain) => {
|
|
format!(
|
|
"\n\nOr if you are on a different WiFi network, you can reset your password \
|
|
using the the following link: {}/auth/reset",
|
|
domain
|
|
)
|
|
}
|
|
None => "".to_string(),
|
|
};
|
|
msg += &remote_link;
|
|
// finally send the message to the admins
|
|
let ssb_admin_ids = config_manager::get_ssb_admin_ids()?;
|
|
for ssb_admin_id in ssb_admin_ids {
|
|
// use golgi to send a private message on scuttlebutt
|
|
match task::block_on(publish_private_msg(&msg, &ssb_admin_id)) {
|
|
Ok(_) => (),
|
|
Err(e) => return Err(PeachError::Sbot(e)),
|
|
}
|
|
}
|
|
Ok(())
|
|
}
|
|
|
|
async fn publish_private_msg(msg: &str, recipient: &str) -> Result<(), String> {
|
|
// retrieve latest go-sbot configuration parameters
|
|
let sbot_config = SbotConfig::read().ok();
|
|
|
|
let msg = msg.to_string();
|
|
let recipient = vec![recipient.to_string()];
|
|
|
|
// initialise sbot connection with ip:port and shscap from config file
|
|
let mut sbot_client = match sbot_config {
|
|
// TODO: panics if we pass `Some(conf.shscap)` as second arg
|
|
Some(conf) => {
|
|
let ip_port = conf.lis.clone();
|
|
Sbot::init(Keystore::GoSbot, Some(ip_port), None)
|
|
.await
|
|
.map_err(|e| e.to_string())?
|
|
}
|
|
None => Sbot::init(Keystore::GoSbot, None, None)
|
|
.await
|
|
.map_err(|e| e.to_string())?,
|
|
};
|
|
|
|
debug!("Publishing a Scuttlebutt private message with temporary password");
|
|
match sbot_client.publish_private(msg, recipient).await {
|
|
Ok(_) => Ok(()),
|
|
Err(e) => Err(format!("Failed to publish private message: {}", e)),
|
|
}
|
|
}
|