| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- use crate::{schema, UIDCError};
- use microrm::prelude::*;
- pub fn change_auth(
- realm: &schema::Realm,
- username: &String,
- change_password: bool,
- change_totp: bool,
- ) -> Result<(), UIDCError> {
- // check that the user exists
- let user = realm
- .users
- .with(schema::User::Username, username)
- .first()
- .get()?
- .ok_or(UIDCError::Abort("no such user"))?;
- let user_id = user.id();
- let user = crate::user::User::from_schema(realm, user);
- if change_password {
- let raw_pass = rpassword::prompt_password("Enter new user password: ").unwrap();
- user.set_new_password(raw_pass.as_bytes())?;
- }
- if change_totp {
- let (new_secret, new_uri) = user.generate_totp_with_uri()?;
- println!("Please confirm you can generate tokens with the new secret:");
- qr2term::print_qr(new_uri.as_str())
- .map_err(|_| UIDCError::Abort("could not display QR code"))?;
- let new_challenge = schema::AuthChallenge {
- user_id,
- challenge_type: schema::AuthChallengeType::TOTP.into(),
- public: vec![],
- secret: new_secret.clone(),
- enabled: true,
- };
- loop {
- let digits = rpassword::prompt_password("TOTP code: ").unwrap();
- if new_challenge.verify_totp_challenge(digits.as_bytes())? {
- break;
- }
- }
- user.set_new_totp(new_secret.as_slice())?;
- }
- Ok(())
- }
|
