//! Several structs representing data about users //! //! This module contains any structs needed to store and retrieve data about users. The //! different varieties have different purposes and come from different places. //! //! [`User`] is the most common for of user struct, and typically comes from calling //! [`Request::user()`](crate::types::Request::user()). This is an enum with several //! variants, and can be specialized into a [`NotSignedInUser`] or a [`RegisteredUser`] if //! the user has presented a certificate. These two subtypes have more specific //! information, like the user's username and active certificate. //! //! [`RegisteredUser`] is particularly signifigant in that this is the struct used to modify //! the data stored for almost all users. This is accomplished through the //! [`as_mut()`](RegisteredUser::as_mut) method. Changes made this way must be persisted //! using [`save()`](RegisteredUser::save()) or by dropping the user. use serde::{Deserialize, Serialize, de::DeserializeOwned}; use sled::Transactional; #[cfg(not(feature = "ring"))] use std::time::{SystemTime, UNIX_EPOCH}; use crate::user_management::UserManager; use crate::user_management::Result; #[cfg(feature = "user_management_advanced")] const ARGON2_CONFIG: argon2::Config = argon2::Config { ad: &[], hash_length: 32, lanes: 1, mem_cost: 4096, secret: &[], thread_mode: argon2::ThreadMode::Sequential, time_cost: 3, variant: argon2::Variant::Argon2id, version: argon2::Version::Version13, }; #[cfg(all(feature = "user_management_advanced", feature = "ring"))] lazy_static::lazy_static! { static ref RANDOM: ring::rand::SystemRandom = ring::rand::SystemRandom::new(); } /// An struct corresponding to the data stored in the user tree /// /// In order to generate a full user obj, you need to perform a lookup with a specific /// certificate. #[derive(Clone, Debug, Deserialize, Serialize)] pub (crate) struct PartialUser { pub data: UserData, pub certificates: Vec<[u8; 32]>, #[cfg(feature = "user_management_advanced")] pub pass_hash: Option<(Vec, [u8; 32])>, } impl PartialUser { /// Write user data to the database /// /// This MUST be called if the user data is modified using the AsMut trait, or else /// changes will not be written to the database fn store(&self, tree: &sled::Tree, username: impl AsRef<[u8]>) -> Result<()> where UserData: Serialize { tree.insert( &username, bincode::serialize(&self)?, )?; Ok(()) } } /// Any information about the connecting user #[derive(Clone, Debug)] pub enum User { /// A user who is connected without using a client certificate. /// /// This could be a user who has an account but just isn't presenting a certificate at /// the minute, a user whose client does not support client certificates, or a user /// who has not yet created a certificate for the site Unauthenticated, /// A user who is connecting with a certificate that isn't connected to an account /// /// This is typically a new user who hasn't set up an account yet, or a user /// connecting with a new certificate that needs to be added to an existing account. NotSignedIn(NotSignedInUser), /// A user connecting with an identified account SignedIn(RegisteredUser), } #[derive(Clone, Debug)] /// Data about a user with a certificate not associated with an account /// /// For more information about the user lifecycle and sign-in stages, see [`User`] pub struct NotSignedInUser { pub (crate) certificate: [u8; 32], pub (crate) manager: UserManager, } impl NotSignedInUser { /// Register a new user with this certificate. /// /// This creates a new user & user data entry in the database with the given username. /// From now on, when this user logs in with this certificate, they will be /// automatically authenticated, and their user data automatically retrieved. /// /// # Errors /// The provided username must be unique, or else an error will be raised. /// /// Additional errors might occur if there is a problem writing to the database pub fn register( self, username: String, ) -> Result> { if self.manager.users.contains_key(username.as_str())? { Err(super::UserManagerError::UsernameNotUnique) } else { info!("User {} registered!", username); let mut newser = RegisteredUser::new( username, Some(self.certificate), self.manager, PartialUser { data: UserData::default(), certificates: Vec::with_capacity(1), #[cfg(feature = "user_management_advanced")] pass_hash: None, }, ); // As a nice bonus, calling add_certificate with a user not yet in the // database creates the user and adds the certificate in a single transaction. // Because of this, we can delegate here ^^ newser.add_certificate(self.certificate)?; Ok(newser) } } #[cfg(feature = "user_management_advanced")] /// Attach this certificate to an existing user /// /// Try to add this certificate to another user using a username and password. If /// successful, the user this certificate is attached to will be able to automatically /// log in with either this certificate or any of the certificates they already had /// registered. /// /// This method can check the user's password to ensure that they match before /// registering. If you want to skip this verification, perhaps because you've /// already verified that this user owns this account, then you can pass [`None`] as /// the password to skip the password check. /// /// This method returns the new RegisteredUser instance representing the now-attached /// user, or [`None`] if the username and password didn't match. /// /// Because this method both performs a bcrypt verification and a database access, it /// should be considered expensive. /// /// If you already have a [`RegisteredUser`] that you would like to attach a /// certificate to, consider using [`RegisteredUser::add_certificate()`] /// /// # Errors /// This will error if the user has yet to set a password. /// /// Additional errors might occur if an error occurs during database lookup and /// deserialization pub fn attach( self, username: &str, password: Option<&[u8]>, ) -> Result>> { if let Some(mut user) = self.manager.lookup_user(username)? { // Perform password check, if caller wants if let Some(password) = password { if !user.check_password(password)? { return Ok(None); } } info!("User {} attached certificate with fingerprint {:x?}", username, &self.certificate[..]); user.add_certificate(self.certificate)?; user.active_certificate = Some(self.certificate); Ok(Some(user)) } else { Ok(None) } } } #[derive(Clone, Debug)] /// Data about a logged in user /// /// For more information about the user lifecycle and sign-in stages, see [`User`] pub struct RegisteredUser { username: String, active_certificate: Option<[u8; 32]>, manager: UserManager, inner: PartialUser, /// Indicates that [`RegisteredUser::as_mut()`] has been called, but [`RegisteredUser::save()`] has not has_changed: bool, } impl RegisteredUser { /// Create a new user from parts pub (crate) fn new( username: String, active_certificate: Option<[u8; 32]>, manager: UserManager, inner: PartialUser ) -> Self { Self { username, active_certificate, manager, inner, has_changed: false, } } /// Update the active certificate /// /// This is not to be confused with [`RegisteredUser::add_certificate`], which /// performs the database operations needed to register a new certificate to a user. /// This literally just marks the active certificate. pub (crate) fn with_cert(mut self, cert: [u8; 32]) -> Self { self.active_certificate = Some(cert); self } /// Get the fingerprint of the certificate that the user is currently using. /// /// If this user was retrieved by a [`UserManager::lookup_user()`], this will be /// [`None`]. In all other cases, this will be [`Some`]. pub fn active_certificate(&self) -> Option<&[u8; 32]> { self.active_certificate.as_ref() } /// Produce a list of all certificate fingerprints registered to this account pub fn all_certificates(&self) -> &Vec<[u8; 32]> { &self.inner.certificates } /// Get the user's current username. /// /// NOTE: This is not guaranteed not to change. pub fn username(&self) -> &String { &self.username } #[cfg(feature = "user_management_advanced")] /// Check a password against the user's password hash /// /// # Errors /// An error is raised if the user has yet to set a password, or if the user's /// password hash is somehow malformed. pub fn check_password( &self, try_password: impl AsRef<[u8]> ) -> Result { if let Some((hash, salt)) = &self.inner.pass_hash { Ok(argon2::verify_raw( try_password.as_ref(), salt, hash.as_ref(), &ARGON2_CONFIG, )?) } else { Err(super::UserManagerError::PasswordNotSet) } } #[cfg(feature = "user_management_advanced")] /// Set's the password for this user /// /// By default, users have no password, meaning the cannot add any certificates beyond /// the one they created their account with. However, by setting their password, /// users are able to add more devices to their account, and recover their account if /// it's lost. Note that this will completely overwrite the users old password. /// /// Use [`RegisteredUser::check_password()`] and [`NotSignedInUser::attach()`] to check /// the password against another one, or to link a new certificate. /// /// Because this method uses a key derivation algorithm, this should be considered a /// very expensive operation. pub fn set_password( &mut self, password: impl AsRef<[u8]>, ) -> Result<()> { #[cfg_attr(feature = "ring", allow(unused_mut))] let mut salt: [u8; 32]; // For a simple salt, system time nanos and a bit of PCG is plenty secure enough, // but if we have ring anyway, may as well use it #[cfg(feature = "ring")] { salt = ring::rand::generate(&*RANDOM) .expect("Error generating random salt") .expose(); } #[cfg(not(feature = "ring"))] { let mut random = (SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_nanos() | 0xffff) as u16; random = random.wrapping_mul(0xd09d); salt = [0; 32]; for byte in salt.as_mut() { *byte = pcg8(&mut random) } } self.inner.pass_hash = Some(( argon2::hash_raw( password.as_ref(), salt.as_ref(), &ARGON2_CONFIG, )?, salt, )); self.has_changed = true; Ok(()) } /// Write any updates to the user to the database. /// /// Updates caused by calling methods directly on the user do not need to be saved. /// This is only for changes made to the UserData. pub fn save(&mut self) -> Result<()> where UserData: Serialize { self.inner.store(&self.manager.users, &self.username)?; self.has_changed = false; Ok(()) } /// Register a new certificate to this user /// /// This adds a new certificate to this user for use in logins. This requires a /// couple database accesses, one in order to link the user to the certificate, and /// one in order to link the certificate to the user. /// /// If you have a [`NotSignedInUser`] and are looking for a way to link them to an /// existing user, consider [`NotSignedInUser::attach()`], which contains facilities for /// password checking and automatically performs the user lookup. pub fn add_certificate(&mut self, certificate: [u8; 32]) -> Result<()> { self.inner.certificates.push(certificate); let inner_serialized = bincode::serialize(&self.inner)?; (&self.manager.users, &self.manager.certificates) .transaction(|(tx_usr, tx_crt)| { tx_usr.insert( self.username.as_str(), inner_serialized.clone(), )?; tx_crt.insert( &certificate, self.username.as_bytes(), )?; Ok(()) })?; Ok(()) } /// Permanently delete this user and all their data /// /// Permanently remove all traces of this user from the database, including: /// * User data associated with their account /// * Any certificates linked to their account /// * Their username (which is freed for other users to take) /// * Their password hash /// * ~~Any happy memories you have with them~~ /// /// If you're not using [`UserManagementRoutes`], it's strongly recommended that you /// expose some way for users to delete their accounts, in order to appropriately /// respect their privacy and their right to their data. /// /// If you *are* using [`UserManagementRoutes`], your users already have a way of /// deleting their accounts! Just direct them to `/account`. /// /// # Errors /// Can error if the a database error occurs pub fn delete(self) -> Result<()> { let certificates = self.all_certificates(); (&self.manager.users, &self.manager.certificates).transaction(|(tx_usr, tx_crt)| { tx_usr.remove( self.username.as_str(), )?; for cert in certificates { tx_crt.remove( cert, )?; } Ok(()) })?; Ok(()) } #[cfg(feature = "user_management_advanced")] /// Check if the user has a password set /// /// Since authentication is done using client certificates, users aren't required to /// set a password up front. In some cases, it may be useful to know if a user has or /// has not set a password yet. /// /// This returns `true` if the user has a password set, or `false` otherwise pub fn has_password(&self) -> bool { self.inner.pass_hash.is_some() } /// Get an immutable reference to the data associated with this user pub fn data(&self) -> &UserData { &self.inner.data } /// Get a mutable reference to the data associated with this user /// /// This automatically flags the user data as needing to be saved to the database, /// which automatically performs the action when this user falls out of scope. If /// need be, you can push these changes to the database sooner by calling [`save()`] /// /// [`save()`]: Self::save() pub fn mut_data(&mut self) -> &mut UserData { self.has_changed = true; &mut self.inner.data } } impl std::ops::Drop for RegisteredUser { fn drop(&mut self) { if self.has_changed { if let Err(e) = self.save() { error!("Failed to save user data to database: {:?}", e); } } } } impl AsRef for RegisteredUser { fn as_ref(&self) -> &UserData { self.data() } } impl AsMut for RegisteredUser { fn as_mut(&mut self) -> &mut UserData { self.mut_data() } } #[cfg(all(feature = "user_management_advanced", not(feature = "ring")))] /// Inexpensive but low quality random fn pcg8(state: &mut u16) -> u8 { const MUL: u16 = 0xfb85; const ADD: u16 = 0xfabb; let mut x = *state; *state = state.wrapping_mul(MUL).wrapping_add(ADD); let count = x >> 13; x ^= x >> 5; ((x >> 5) as u8).rotate_right(count as u32) }