From aedfae1d17d2fd39b3b1f4889723d627fcc79218 Mon Sep 17 00:00:00 2001
From: Greg Burri <greg.burri@gmail.com>
Date: Tue, 22 Nov 2022 17:03:52 +0100
Subject: [PATCH] Sign up/in/out and authentication.
---
backend/sql/version_1.sql | 2 +-
backend/src/db.rs | 301 ++++++++++++++++++++++++++++++++++----
backend/src/hash.rs | 30 ++++
backend/src/main.rs | 1 +
backend/src/user.rs | 11 ++
5 files changed, 318 insertions(+), 27 deletions(-)
create mode 100644 backend/src/user.rs
diff --git a/backend/sql/version_1.sql b/backend/sql/version_1.sql
index 4457863..aaa8a9f 100644
--- a/backend/sql/version_1.sql
+++ b/backend/sql/version_1.sql
@@ -25,7 +25,7 @@ CREATE TABLE [UserLoginToken] (
[last_login_datetime] DATETIME,
[token] TEXT NOT NULL, -- 24 alphanumeric character token. Can be stored in a cookie to be able to authenticate without a password.
- [ip] INTEGER,
+ [ip] TEXT, -- Can be ipv4 or ipv6
[user_agent] TEXT,
FOREIGN KEY([user_id]) REFERENCES [User]([id])
diff --git a/backend/src/db.rs b/backend/src/db.rs
index 4ef37fe..28bf62c 100644
--- a/backend/src/db.rs
+++ b/backend/src/db.rs
@@ -2,14 +2,15 @@ use std::{fmt::Display, fs::{self, File}, path::Path, io::Read};
use itertools::Itertools;
use chrono::{prelude::*, Duration};
-use rusqlite::{params, Params, OptionalExtension};
+use rusqlite::{named_params, OptionalExtension, params, Params};
use r2d2::Pool;
use r2d2_sqlite::SqliteConnectionManager;
use rand::distributions::{Alphanumeric, DistString};
use crate::consts;
-use crate::hash::hash;
+use crate::hash::{hash, verify_password};
use crate::model;
+use crate::user::*;
const CURRENT_DB_VERSION: u32 = 1;
@@ -50,20 +51,22 @@ pub enum SignUpResult {
#[derive(Debug)]
pub enum ValidationResult {
+ UnknownUser,
ValidationExpired,
- OK,
+ Ok(String, i32), // Returns token and user id.
}
#[derive(Debug)]
pub enum SignInResult {
- NotValidToken,
- OK,
+ UserNotFound,
+ PasswordsDontMatch,
+ Ok(String, i32), // Returns token and user id.
}
#[derive(Debug)]
pub enum AuthenticationResult {
NotValidToken,
- OK,
+ Ok(i32), // Returns user id.
}
#[derive(Clone)]
@@ -92,6 +95,13 @@ impl Connection {
Self::create_connection(SqliteConnectionManager::file(file))
}
+ fn create_connection(manager: SqliteConnectionManager) -> Result<Connection> {;
+ let pool = r2d2::Pool::new(manager).unwrap();
+ let connection = Connection { pool };
+ connection.create_or_update()?;
+ Ok(connection)
+ }
+
/// Called after the connection has been established for creating or updating the database.
/// The 'Version' table tracks the current state of the database.
fn create_or_update(&self) -> Result<()> {
@@ -111,7 +121,7 @@ impl Connection {
}
};
- while Connection::update_to_next_version(version, &tx)? {
+ while Self::update_to_next_version(version, &tx)? {
version += 1;
}
@@ -120,13 +130,6 @@ impl Connection {
Ok(())
}
- fn create_connection(manager: SqliteConnectionManager) -> Result<Connection> {;
- let pool = r2d2::Pool::new(manager).unwrap();
- let connection = Connection { pool };
- connection.create_or_update()?;
- Ok(connection)
- }
-
fn update_to_next_version(current_version: u32, tx: &rusqlite::Transaction) -> Result<bool> {
let next_version = current_version + 1;
@@ -191,6 +194,17 @@ impl Connection {
}).map_err(DBError::from)
}
+ pub fn get_user_login_info(&self, token: &str) -> Result<UserLoginInfo> {
+ let con = self.pool.get()?;
+ con.query_row("SELECT [last_login_datetime], [ip], [user_agent] FROM [UserLoginToken] WHERE [token] = ?1", [token], |r| {
+ Ok(UserLoginInfo {
+ last_login_datetime: r.get("last_login_datetime")?,
+ ip: r.get("ip")?,
+ user_agent: r.get("user_agent")?,
+ })
+ }).map_err(DBError::from)
+ }
+
///
pub fn sign_up(&self, password: &str, email: &str) -> Result<SignUpResult> {
self.sign_up_with_given_time(password, email, Utc::now())
@@ -223,20 +237,79 @@ impl Connection {
Ok(SignUpResult::UserCreatedWaitingForValidation(token))
}
- pub fn validation(&self, token: &str, validation_time: Duration) -> Result<ValidationResult> {
- todo!()
+ pub fn validation(&self, token: &str, validation_time: Duration, ip: &str, user_agent: &str) -> Result<ValidationResult> {
+ let mut con = self.pool.get()?;
+ let tx = con.transaction()?;
+ let user_id =
+ match tx.query_row("SELECT [id], [creation_datetime] FROM [User] WHERE [validation_token] = ?1", [token], |r| {
+ Ok((r.get::<&str, i32>("id")?, r.get::<&str, DateTime<Utc>>("creation_datetime")?))
+ }).optional()? {
+ Some((id, creation_datetime)) => {
+ if Utc::now() - creation_datetime > validation_time {
+ return Ok(ValidationResult::ValidationExpired)
+ }
+ tx.execute("UPDATE [User] SET [validation_token] = NULL WHERE [id] = ?1", [id])?;
+ id
+ },
+ None => {
+ return Ok(ValidationResult::UnknownUser)
+ },
+ };
+ let token = Connection::create_login_token(&tx, user_id, ip, user_agent)?;
+ tx.commit()?;
+ Ok(ValidationResult::Ok(token, user_id))
}
- pub fn sign_in(&self, password: &str, email: String) -> Result<SignInResult> {
- todo!()
+ pub fn sign_in(&self, password: &str, email: &str, ip: &str, user_agent: &str) -> Result<SignInResult> {
+ let mut con = self.pool.get()?;
+ let tx = con.transaction()?;
+ match tx.query_row("SELECT [id], [password] FROM [User] WHERE [email] = ?1", [email], |r| {
+ Ok((r.get::<&str, i32>("id")?, r.get::<&str, String>("password")?))
+ }).optional()? {
+ Some((id, stored_password)) => {
+ if verify_password(password, &stored_password).map_err(DBError::from_dyn_error)? {
+ let token = Connection::create_login_token(&tx, id, ip, user_agent)?;
+ tx.commit()?;
+ Ok(SignInResult::Ok(token, id))
+ } else {
+ Ok(SignInResult::PasswordsDontMatch)
+ }
+ },
+ None => {
+ Ok(SignInResult::UserNotFound)
+ },
+ }
}
- pub fn authentication(&self, token: &str) -> Result<AuthenticationResult> {
- todo!()
+ pub fn authentication(&self, token: &str, ip: &str, user_agent: &str) -> Result<AuthenticationResult> {
+ let mut con = self.pool.get()?;
+ let tx = con.transaction()?;
+ match tx.query_row("SELECT [id], [user_id] FROM [UserLoginToken] WHERE [token] = ?1", [token], |r| {
+ Ok((r.get::<&str, i32>("id")?, r.get::<&str, i32>("user_id")?))
+ }).optional()? {
+ Some((login_id, user_id)) => {
+ tx.execute("UPDATE [UserLoginToken] SET [last_login_datetime] = ?2, [ip] = ?3, [user_agent] = ?4 WHERE [id] = ?1", params![login_id, Utc::now(), ip, user_agent])?;
+ tx.commit()?;
+ Ok(AuthenticationResult::Ok(user_id))
+ },
+ None =>
+ Ok(AuthenticationResult::NotValidToken)
+ }
}
- pub fn logout(&self, token: &str) -> Result<()> {
- todo!()
+ pub fn sign_out(&self, token: &str) -> Result<()> {
+ let mut con = self.pool.get()?;
+ let tx = con.transaction()?;
+ match tx.query_row("SELECT [id] FROM [UserLoginToken] WHERE [token] = ?1", [token], |r| {
+ Ok(r.get::<&str, i32>("id")?)
+ }).optional()? {
+ Some(login_id) => {
+ tx.execute("DELETE FROM [UserLoginToken] WHERE [id] = ?1", params![login_id])?;
+ tx.commit()?
+ },
+ None => (),
+ }
+ Ok(())
}
/// Execute a given SQL file.
@@ -252,6 +325,13 @@ impl Connection {
let con = self.pool.get()?;
con.execute(sql, params).map_err(DBError::from)
}
+
+ // Return the token.
+ fn create_login_token(tx: &rusqlite::Transaction, user_id: i32, ip: &str, user_agent: &str) -> Result<String> {
+ let token = generate_token();
+ tx.execute("INSERT INTO [UserLoginToken] ([user_id], [last_login_datetime], [token], [ip], [user_agent]) VALUES (?1, ?2, ?3, ?4, ?5)", params![user_id, Utc::now(), token, ip, user_agent])?;
+ Ok(token)
+ }
}
fn load_sql_file<P: AsRef<Path> + Display>(sql_file: P) -> Result<String> {
@@ -301,16 +381,185 @@ mod tests {
#[test]
fn sign_up_to_an_unvalidated_already_existing_user() -> Result<()> {
- todo!()
+ let connection = Connection::new_in_memory()?;
+ let token = generate_token();
+ connection.execute_sql("
+ INSERT INTO [User] ([id], [email], [name], [password], [creation_datetime], [validation_token])
+ VALUES (
+ 1,
+ 'paul@test.org',
+ 'paul',
+ '$argon2id$v=19$m=4096,t=3,p=1$1vtXcacYjUHZxMrN6b2Xng$wW8Z59MIoMcsIljnjHmxn3EBcc5ymEySZPUVXHlRxcY',
+ 0,
+ :token
+ );", named_params! { ":token": token })?;
+ match connection.sign_up("12345", "paul@test.org")? {
+ SignUpResult::UserCreatedWaitingForValidation(_) => (), // Nominal case.
+ other => panic!("{:?}", other),
+ }
+ Ok(())
}
+ #[test]
fn sign_up_then_send_validation_at_time() -> Result<()> {
- todo!()
+ let connection = Connection::new_in_memory()?;
+ let validation_token =
+ match connection.sign_up("12345", "paul@test.org")? {
+ SignUpResult::UserCreatedWaitingForValidation(token) => token, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+ match connection.validation(&validation_token, Duration::hours(1), "127.0.0.1", "Mozilla/5.0")? {
+ ValidationResult::Ok(_, _) => (), // Nominal case.
+ other => panic!("{:?}", other),
+ }
+ Ok(())
}
+ #[test]
fn sign_up_then_send_validation_too_late() -> Result<()> {
- todo!()
+ let connection = Connection::new_in_memory()?;
+ let validation_token =
+ match connection.sign_up_with_given_time("12345", "paul@test.org", Utc::now() - Duration::days(1))? {
+ SignUpResult::UserCreatedWaitingForValidation(token) => token, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+ match connection.validation(&validation_token, Duration::hours(1), "127.0.0.1", "Mozilla/5.0")? {
+ ValidationResult::ValidationExpired => (), // Nominal case.
+ other => panic!("{:?}", other),
+ }
+ Ok(())
+ }
+
+ #[test]
+ fn sign_up_then_send_validation_with_bad_token() -> Result<()> {
+ let connection = Connection::new_in_memory()?;
+ let _validation_token =
+ match connection.sign_up("12345", "paul@test.org")? {
+ SignUpResult::UserCreatedWaitingForValidation(token) => token, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+ let random_token = generate_token();
+ match connection.validation(&random_token, Duration::hours(1), "127.0.0.1", "Mozilla/5.0")? {
+ ValidationResult::UnknownUser => (), // Nominal case.
+ other => panic!("{:?}", other),
+ }
+ Ok(())
}
- //fn sign_up_then_send_validation_then_sign_in()
+ #[test]
+ fn sign_up_then_send_validation_then_sign_in() -> Result<()> {
+ let connection = Connection::new_in_memory()?;
+
+ let password = "12345";
+ let email = "paul@test.org";
+
+ // Sign up.
+ let validation_token =
+ match connection.sign_up(password, email)? {
+ SignUpResult::UserCreatedWaitingForValidation(token) => token, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+
+ // Validation.
+ match connection.validation(&validation_token, Duration::hours(1), "127.0.0.1", "Mozilla/5.0")? {
+ ValidationResult::Ok(_, _) => (),
+ other => panic!("{:?}", other),
+ };
+
+ // Sign in.
+ match connection.sign_in(password, email, "127.0.0.1", "Mozilla/5.0")? {
+ SignInResult::Ok(_, _) => (), // Nominal case.
+ other => panic!("{:?}", other),
+ }
+
+ Ok(())
+ }
+
+ #[test]
+ fn sign_up_then_send_validation_then_authentication() -> Result<()> {
+ let connection = Connection::new_in_memory()?;
+
+ let password = "12345";
+ let email = "paul@test.org";
+
+ // Sign up.
+ let validation_token =
+ match connection.sign_up(password, email)? {
+ SignUpResult::UserCreatedWaitingForValidation(token) => token, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+
+ // Validation.
+ let (authentication_token, user_id) = match connection.validation(&validation_token, Duration::hours(1), "127.0.0.1", "Mozilla")? {
+ ValidationResult::Ok(token, user_id) => (token, user_id),
+ other => panic!("{:?}", other),
+ };
+
+ // Check user login information.
+ let user_login_info_1 = connection.get_user_login_info(&authentication_token)?;
+ assert_eq!(user_login_info_1.ip, "127.0.0.1");
+ assert_eq!(user_login_info_1.user_agent, "Mozilla");
+
+ // Authentication.
+ let _user_id =
+ match connection.authentication(&authentication_token, "192.168.1.1", "Chrome")? {
+ AuthenticationResult::Ok(user_id) => user_id, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+
+ // Check user login information.
+ let user_login_info_2 = connection.get_user_login_info(&authentication_token)?;
+ assert_eq!(user_login_info_2.ip, "192.168.1.1");
+ assert_eq!(user_login_info_2.user_agent, "Chrome");
+
+ Ok(())
+ }
+
+ #[test]
+ fn sign_up_then_send_validation_then_sign_out_then_sign_in() -> Result<()> {
+ let connection = Connection::new_in_memory()?;
+
+ let password = "12345";
+ let email = "paul@test.org";
+
+ // Sign up.
+ let validation_token =
+ match connection.sign_up(password, email)? {
+ SignUpResult::UserCreatedWaitingForValidation(token) => token, // Nominal case.
+ other => panic!("{:?}", other),
+ };
+
+ // Validation.
+ let (authentication_token_1, user_id_1) =
+ match connection.validation(&validation_token, Duration::hours(1), "127.0.0.1", "Mozilla")? {
+ ValidationResult::Ok(token, user_id) => (token, user_id),
+ other => panic!("{:?}", other),
+ };
+
+ // Check user login information.
+ let user_login_info_1 = connection.get_user_login_info(&authentication_token_1)?;
+ assert_eq!(user_login_info_1.ip, "127.0.0.1");
+ assert_eq!(user_login_info_1.user_agent, "Mozilla");
+
+ // Sign out.
+ connection.sign_out(&authentication_token_1)?;
+
+ // Sign in.
+ let (authentication_token_2, user_id_2) =
+ match connection.sign_in(password, email, "192.168.1.1", "Chrome")? {
+ SignInResult::Ok(token, user_id) => (token, user_id),
+ other => panic!("{:?}", other),
+ };
+
+ assert_eq!(user_id_1, user_id_2);
+ assert_ne!(authentication_token_1, authentication_token_2);
+
+ // Check user login information.
+ let user_login_info_2 = connection.get_user_login_info(&authentication_token_2)?;
+
+ assert_eq!(user_login_info_2.ip, "192.168.1.1");
+ assert_eq!(user_login_info_2.user_agent, "Chrome");
+
+ Ok(())
+ }
}
diff --git a/backend/src/hash.rs b/backend/src/hash.rs
index 3dd45a9..ecdaf45 100644
--- a/backend/src/hash.rs
+++ b/backend/src/hash.rs
@@ -13,4 +13,34 @@ pub fn hash(password: &str) -> Result<String, Box<dyn std::error::Error>> {
let salt = SaltString::generate(&mut OsRng);
let argon2 = Argon2::default();
argon2.hash_password(password.as_bytes(), &salt).map(|h| h.to_string()).map_err(|e| e.into())
+}
+
+pub fn verify_password(password: &str, hashed_password: &str) -> Result<bool, Box<dyn std::error::Error>> {
+ let argon2 = Argon2::default();
+ let parsed_hash = PasswordHash::new(hashed_password)?;
+ Ok(argon2.verify_password(password.as_bytes(), &parsed_hash).is_ok())
+}
+
+#[cfg(test)]
+mod test {
+ use super::*;
+
+ #[test]
+ fn simple_case() -> Result<(), Box<dyn std::error::Error>> {
+ let password = "12345";
+ let hash = hash(password)?;
+ println!("hash: {}", &hash);
+ assert!(verify_password(password, &hash)?);
+ assert!(!verify_password("54321", &hash)?);
+ Ok(())
+ }
+
+ #[test]
+ fn password_with_special_characters() -> Result<(), Box<dyn std::error::Error>> {
+ let password = "éà ä_\\ðºð®ð¨ð";
+ let hash = hash(password)?;
+ println!("hash: {}", &hash);
+ assert!(verify_password(password, &hash)?);
+ Ok(())
+ }
}
\ No newline at end of file
diff --git a/backend/src/main.rs b/backend/src/main.rs
index 1fbfbc5..98bebc9 100644
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -13,6 +13,7 @@ mod consts;
mod db;
mod hash;
mod model;
+mod user;
#[derive(Template)]
#[template(path = "home.html")]
diff --git a/backend/src/user.rs b/backend/src/user.rs
new file mode 100644
index 0000000..f6b308f
--- /dev/null
+++ b/backend/src/user.rs
@@ -0,0 +1,11 @@
+use chrono::prelude::*;
+
+pub struct User {
+
+}
+
+pub struct UserLoginInfo {
+ pub last_login_datetime: DateTime<Utc>,
+ pub ip: String,
+ pub user_agent: String,
+}
\ No newline at end of file
--
2.49.0