diff options
| author | Owen Jacobson <owen@grimoire.ca> | 2025-03-23 15:58:33 -0400 |
|---|---|---|
| committer | Owen Jacobson <owen@grimoire.ca> | 2025-03-23 16:25:22 -0400 |
| commit | 2420f1e75d54a5f209b0267715f078a369d81eb1 (patch) | |
| tree | 20edd531a3f2f765a23fef8e7a508c91bc7dc294 /src/user/password.rs | |
| parent | 7e15690d54ff849596401b43d163df9353062850 (diff) | |
Rename the `login` module to `user`.
Diffstat (limited to 'src/user/password.rs')
| -rw-r--r-- | src/user/password.rs | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/src/user/password.rs b/src/user/password.rs new file mode 100644 index 0000000..e1d164e --- /dev/null +++ b/src/user/password.rs @@ -0,0 +1,65 @@ +use std::fmt; + +use argon2::Argon2; +use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString}; +use rand_core::OsRng; + +use crate::normalize::nfc; + +#[derive(sqlx::Type)] +#[sqlx(transparent)] +pub struct StoredHash(String); + +impl StoredHash { + pub fn verify(&self, password: &Password) -> Result<bool, password_hash::Error> { + let hash = PasswordHash::new(&self.0)?; + + match Argon2::default().verify_password(password.as_bytes(), &hash) { + // Successful authentication, not an error + Ok(()) => Ok(true), + // Unsuccessful authentication, also not an error + Err(password_hash::errors::Error::Password) => Ok(false), + // Password validation failed for some other reason, treat as an error + Err(err) => Err(err), + } + } +} + +impl fmt::Debug for StoredHash { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_tuple("StoredHash").field(&"********").finish() + } +} + +#[derive(Clone, serde::Deserialize)] +#[serde(transparent)] +pub struct Password(nfc::String); + +impl Password { + pub fn hash(&self) -> Result<StoredHash, password_hash::Error> { + let Self(password) = self; + let salt = SaltString::generate(&mut OsRng); + let argon2 = Argon2::default(); + let hash = argon2 + .hash_password(password.as_bytes(), &salt)? + .to_string(); + Ok(StoredHash(hash)) + } + + fn as_bytes(&self) -> &[u8] { + let Self(value) = self; + value.as_bytes() + } +} + +impl fmt::Debug for Password { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + f.debug_tuple("Password").field(&"********").finish() + } +} + +impl From<String> for Password { + fn from(password: String) -> Self { + Password(password.into()) + } +} |