store user password as hash

PegasisForever · PegasisForever · commit 0da6438f7de8 · 2020-09-02T06:10:16.000-04:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,3 +18,4 @@ env_logger = "0.7"
 log = "0.4.11"
 json = "0.12.4"
 actix-cors = "0.2.0"
+rust-argon2 = "0.8.2"
diff --git a/src/database/user_db.rs b/src/database/user_db.rs
@@ -62,11 +62,7 @@ impl UserDB {
     pub fn add(self: &UserDB, name: &str, password: &str) -> Result<Arc<User>, UserDBError> {
         match self.find(name) {
             None => {
-                let user = User {
-                    name: String::from(name),
-                    password: String::from(password),
-                };
-                let arc = Arc::new(user);
+                let arc = Arc::new(User::new(name, password));
                 self.list.lock().unwrap().push(arc.clone());
                 Ok(arc)
             }
diff --git a/src/model/user.rs b/src/model/user.rs
@@ -1,36 +1,49 @@
 use serde::Deserialize;
 use std::hash::Hasher;
 use json::{object, JsonValue};
+use argon2::{self, Config};
 
 #[derive(Debug, Clone, Deserialize)]
 pub struct User {
     pub name: String,
-    pub password: String,
+    password_hash: String,
 }
 
+const SALT: &[u8] = "fguU2N7af73!5^rD!!cZE9Z!5CK&f67yFPYRBvHM4%8UbbBNXVW-d+t7*QQwzn4c".as_bytes();
+
 impl User {
+    pub fn new(name: &str, password: &str) -> Self {
+        let config = Config::default();
+        let hash = argon2::hash_encoded(password.as_bytes(), SALT, &config).unwrap();
+
+        Self {
+            name: String::from(name),
+            password_hash: hash,
+        }
+    }
+
     pub fn from_json(json: &JsonValue) -> Self {
         Self {
             name: String::from(json["name"].as_str().unwrap()),
-            password: String::from(json["password"].as_str().unwrap()),
+            password_hash: String::from(json["password_hash"].as_str().unwrap()),
         }
     }
 
     pub fn to_json(self: &Self) -> JsonValue {
         object! {
             name: self.name.clone(),
-            password: self.password.clone(),
+            password_hash: self.password_hash.clone(),
         }
     }
 
     pub fn verify_password(self: &Self, password: &str) -> bool {
-        self.password == password
+        argon2::verify_encoded(&self.password_hash, password.as_bytes()).is_ok()
     }
 }
 
 impl std::cmp::PartialEq for User {
     fn eq(&self, other: &Self) -> bool {
-        self.name == other.name && self.password == other.password
+        self.name == other.name && self.password_hash == other.password_hash
     }
 }
 
@@ -39,6 +52,6 @@ impl std::cmp::Eq for User {}
 impl std::hash::Hash for User {
     fn hash<H: Hasher>(&self, state: &mut H) {
         self.name.hash(state);
-        self.password.hash(state);
+        self.password_hash.hash(state);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,36 +1,49 @@`
`1`	`1`	`use serde::Deserialize;`
`2`	`2`	`use std::hash::Hasher;`
`3`	`3`	`use json::{object, JsonValue};`
	`4`	`+use argon2::{self, Config};`
`4`	`5`
`5`	`6`	`#[derive(Debug, Clone, Deserialize)]`
`6`	`7`	`pub struct User {`
`7`	`8`	`pub name: String,`
`8`		`- pub password: String,`
	`9`	`+ password_hash: String,`
`9`	`10`	`}`
`10`	`11`
	`12`	`+const SALT: &[u8] = "fguU2N7af73!5^rD!!cZE9Z!5CK&f67yFPYRBvHM4%8UbbBNXVW-d+t7*QQwzn4c".as_bytes();`
	`13`	`+`
`11`	`14`	`impl User {`
	`15`	`+ pub fn new(name: &str, password: &str) -> Self {`
	`16`	`+ let config = Config::default();`
	`17`	`+ let hash = argon2::hash_encoded(password.as_bytes(), SALT, &config).unwrap();`
	`18`	`+`
	`19`	`+ Self {`
	`20`	`+ name: String::from(name),`
	`21`	`+ password_hash: hash,`
	`22`	`+ }`
	`23`	`+ }`
	`24`	`+`
`12`	`25`	`pub fn from_json(json: &JsonValue) -> Self {`
`13`	`26`	`Self {`
`14`	`27`	`name: String::from(json["name"].as_str().unwrap()),`
`15`		`- password: String::from(json["password"].as_str().unwrap()),`
	`28`	`+ password_hash: String::from(json["password_hash"].as_str().unwrap()),`
`16`	`29`	`}`
`17`	`30`	`}`
`18`	`31`
`19`	`32`	`pub fn to_json(self: &Self) -> JsonValue {`
`20`	`33`	`object! {`
`21`	`34`	`name: self.name.clone(),`
`22`		`- password: self.password.clone(),`
	`35`	`+ password_hash: self.password_hash.clone(),`
`23`	`36`	`}`
`24`	`37`	`}`
`25`	`38`
`26`	`39`	`pub fn verify_password(self: &Self, password: &str) -> bool {`
`27`		`- self.password == password`
	`40`	`+ argon2::verify_encoded(&self.password_hash, password.as_bytes()).is_ok()`
`28`	`41`	`}`
`29`	`42`	`}`
`30`	`43`
`31`	`44`	`impl std::cmp::PartialEq for User {`
`32`	`45`	`fn eq(&self, other: &Self) -> bool {`
`33`		`- self.name == other.name && self.password == other.password`
	`46`	`+ self.name == other.name && self.password_hash == other.password_hash`
`34`	`47`	`}`
`35`	`48`	`}`
`36`	`49`
`@@ -39,6 +52,6 @@ impl std::cmp::Eq for User {}`
`39`	`52`	`impl std::hash::Hash for User {`
`40`	`53`	`fn hash<H: Hasher>(&self, state: &mut H) {`
`41`	`54`	`self.name.hash(state);`
`42`		`- self.password.hash(state);`
	`55`	`+ self.password_hash.hash(state);`
`43`	`56`	`}`
`44`	`57`	`}`