Shifted user_management into cli::user.

src/cli/user.rs

@@ -1,5 +1,5 @@
-use microrm::{prelude::*, schema::entity::EntityID};
-use crate::{schema, user_management, UIDCError};
+use microrm::{prelude::*, schema::entity::EntityID, cli::CLIError};
+use crate::{schema, user::UserExt, UIDCError};
 
 #[derive(Debug)]
 pub struct UserInterface;
@@ -37,7 +37,37 @@ impl microrm::cli::EntityInterface for UserInterface {
                 })?;
             },
             UserCommands::UpdateAuth { username, password, totp } => {
-                user_management::change_auth(ctx.as_ref(), &username, password > 0, totp > 0)?;
+                let user = query_ctx.with(schema::User::Username, &username).first().get()?.ok_or(Self::Error::no_such_entity("user", username))?;
+
+                if password == 0 && totp == 0 {
+                    println!("No changes requested!");
+                    return Ok(())
+                }
+                if password > 0 {
+                    let raw_pass = rpassword::prompt_password("Enter new user password: ").unwrap();
+                    user.set_new_password(raw_pass.as_bytes())?;
+                }
+                if totp > 0 {
+                    let (new_secret, new_uri) = user.generate_totp_with_uri()?;
+                    println!("Please confirm you can generate tokens with the new secret:");
+                    qr2term::print_qr(new_uri.as_str())
+                        .map_err(|_| UIDCError::Abort("could not display QR code"))?;
+                    let new_challenge = schema::AuthChallenge {
+                        user_id: user.id(),
+                        challenge_type: schema::AuthChallengeType::TOTP.into(),
+                        public: vec![],
+                        secret: new_secret.clone(),
+                        enabled: true,
+                    };
+
+                    loop {
+                        let digits = rpassword::prompt_password("TOTP code: ").unwrap();
+                        if new_challenge.verify_totp_challenge(digits.as_bytes())? {
+                            break;
+                        }
+                    }
+                    user.set_new_totp(new_secret.as_slice())?;
+                }
             },
         }
 

src/main.rs

@@ -13,7 +13,6 @@ mod server;
 mod token;
 mod token_management;
 mod user;
-mod user_management;
 
 pub use error::UIDCError;
 

src/server/session.rs

@@ -1,4 +1,4 @@
-use crate::{schema, user, UIDCError};
+use crate::{schema, user::UserExt, UIDCError};
 use microrm::{prelude::*, schema::Stored};
 use serde::Deserialize;
 use tide::http::Cookie;
@@ -323,8 +323,6 @@ async fn v1_login_post(mut req: Request) -> tide::Result<tide::Response> {
                         .get()?
                         .ok_or(UIDCError::Abort("session auth refers to nonexistent user"))?;
 
-                    let user = user::User::from_schema(&realm, user);
-
                     let verification = user.verify_challenge_by_type(ct, body.challenge.as_bytes());
 
                     match verification {

src/user.rs

@@ -10,11 +10,6 @@ pub enum UserError {
     InvalidInput,
 }
 
-pub struct User<'a> {
-    realm: &'a schema::Realm,
-    user: Stored<schema::User>,
-}
-
 static PBKDF2_ROUNDS: std::num::NonZeroU32 = unsafe { std::num::NonZeroU32::new_unchecked(20000) };
 
 fn generate_totp_digits(secret: &[u8], time_offset: isize) -> Result<u32, UIDCError> {
@@ -39,12 +34,11 @@ fn generate_totp_digits(secret: &[u8], time_offset: isize) -> Result<u32, UIDCEr
     Ok(truncation % 1_000_000)
 }
 
-impl<'a> User<'a> {
-    pub fn from_schema(realm: &'a schema::Realm, user: Stored<schema::User>) -> Self {
-        Self { realm, user }
-    }
+pub trait UserExt {
+    fn stored_user(&self) -> &Stored<schema::User>;
 
-    pub fn change_username(&mut self, new_name: &String) -> Result<(), UIDCError> {
+    /*fn change_username(&mut self, new_name: &String) -> Result<(), UIDCError> {
+        let realm = self.stored_user().realm;
         // check to ensure the new username isn't already in use
         if self.realm.users.with(schema::User::Username, new_name).first().get()?.is_some() {
             Err(UIDCError::Abort("username already in use"))
@@ -53,18 +47,18 @@ impl<'a> User<'a> {
             self.user.sync()?;
             Ok(())
         }
-    }
+    }*/
 
     /// returns Ok(true) if challenge passed, Ok(false) if challenge failed, and
     /// UserError::NoSuchChallenge if challenge not found
-    pub fn verify_challenge_by_type(
+    fn verify_challenge_by_type(
         &self,
         challenge_type: schema::AuthChallengeType,
         response: &[u8],
     ) -> Result<bool, UIDCError> {
         let ct = challenge_type.into();
         let challenge = self
-            .user
+            .stored_user()
             .auth
             .with(schema::AuthChallenge::ChallengeType, &ct)
             .first()
@@ -78,9 +72,8 @@ impl<'a> User<'a> {
         }
     }
 
-    pub fn set_new_password(&self, password: &[u8]) -> Result<(), UIDCError> {
-        self.user
-            .auth
+    fn set_new_password(&self, password: &[u8]) -> Result<(), UIDCError> {
+        self.stored_user().auth
             .with(
                 schema::AuthChallenge::ChallengeType,
                 &schema::AuthChallengeType::Password.into(),
@@ -102,8 +95,8 @@ impl<'a> User<'a> {
             &mut generated,
         );
 
-        self.user.auth.insert(schema::AuthChallenge {
-            user_id: self.user.id(),
+        self.stored_user().auth.insert(schema::AuthChallenge {
+            user_id: self.stored_user().id(),
             challenge_type: schema::AuthChallengeType::Password.into(),
             public: salt.into(),
             secret: generated.into(),
@@ -113,7 +106,7 @@ impl<'a> User<'a> {
         Ok(())
     }
 
-    pub fn generate_totp_with_uri(&self) -> Result<(Vec<u8>, String), UIDCError> {
+    fn generate_totp_with_uri(&self) -> Result<(Vec<u8>, String), UIDCError> {
         let rng = ring::rand::SystemRandom::new();
         let secret: [u8; 16] = ring::rand::generate(&rng)
             .expect("Couldn't generate random secret?")
@@ -126,16 +119,16 @@ impl<'a> User<'a> {
 
         let uri = format!(
             "otpauth://totp/uidc:{username}@uidc?secret={uri_secret}&issuer=uidc",
-            username = self.user.username
+            username = self.stored_user().username
         );
 
         Ok((secret.into(), uri))
     }
 
-    pub fn set_new_totp(&self, secret: &[u8]) -> Result<(), UIDCError> {
+    fn set_new_totp(&self, secret: &[u8]) -> Result<(), UIDCError> {
         self.clear_totp()?;
-        self.user.auth.insert(schema::AuthChallenge {
-            user_id: self.user.id(),
+        self.stored_user().auth.insert(schema::AuthChallenge {
+            user_id: self.stored_user().id(),
             challenge_type: schema::AuthChallengeType::TOTP.into(),
             public: vec![],
             secret: secret.into(),
@@ -145,9 +138,8 @@ impl<'a> User<'a> {
         Ok(())
     }
 
-    pub fn clear_totp(&self) -> Result<(), UIDCError> {
-        self.user
-            .auth
+    fn clear_totp(&self) -> Result<(), UIDCError> {
+        self.stored_user().auth
             .with(
                 schema::AuthChallenge::ChallengeType,
                 &schema::AuthChallengeType::TOTP.into(),
@@ -157,6 +149,10 @@ impl<'a> User<'a> {
     }
 }
 
+impl UserExt for Stored<schema::User> {
+    fn stored_user(&self) -> &Stored<schema::User> { self }
+}
+
 impl schema::AuthChallenge {
     pub fn verify_password_challenge(&self, response: &[u8]) -> Result<bool, UIDCError> {
         use ring::pbkdf2;

src/user_management.rs

@@ -1,47 +0,0 @@
-use crate::{schema, UIDCError};
-use microrm::prelude::*;
-
-pub fn change_auth(
-    realm: &schema::Realm,
-    username: &String,
-    change_password: bool,
-    change_totp: bool,
-) -> Result<(), UIDCError> {
-    // check that the user exists
-    let user = realm
-        .users
-        .with(schema::User::Username, username)
-        .first()
-        .get()?
-        .ok_or(UIDCError::Abort("no such user"))?;
-
-    let user_id = user.id();
-    let user = crate::user::User::from_schema(realm, user);
-
-    if change_password {
-        let raw_pass = rpassword::prompt_password("Enter new user password: ").unwrap();
-        user.set_new_password(raw_pass.as_bytes())?;
-    }
-    if change_totp {
-        let (new_secret, new_uri) = user.generate_totp_with_uri()?;
-        println!("Please confirm you can generate tokens with the new secret:");
-        qr2term::print_qr(new_uri.as_str())
-            .map_err(|_| UIDCError::Abort("could not display QR code"))?;
-        let new_challenge = schema::AuthChallenge {
-            user_id,
-            challenge_type: schema::AuthChallengeType::TOTP.into(),
-            public: vec![],
-            secret: new_secret.clone(),
-            enabled: true,
-        };
-
-        loop {
-            let digits = rpassword::prompt_password("TOTP code: ").unwrap();
-            if new_challenge.verify_totp_challenge(digits.as_bytes())? {
-                break;
-            }
-        }
-        user.set_new_totp(new_secret.as_slice())?;
-    }
-    Ok(())
-}