1 files changed, 24 insertions, 13 deletions

diff --git a/src/login/app.rs b/src/login/app.rs
index 10609c6..f7fec88 100644
--- a/src/login/app.rs
+++ b/src/login/app.rs
@@ -1,10 +1,10 @@
 use chrono::TimeDelta;
 use sqlx::sqlite::SqlitePool;
 
-use super::repo::auth::Provider as _;
+use super::{extract::IdentitySecret, repo::auth::Provider as _};
 use crate::{
     clock::DateTime,
-    password::StoredHash,
+    password::Password,
     repo::{
         error::NotFound as _,
         login::{Login, Provider as _},
@@ -24,9 +24,9 @@ impl<'a> Logins<'a> {
     pub async fn login(
         &self,
         name: &str,
-        password: &str,
+        password: &Password,
         login_at: &DateTime,
-    ) -> Result<String, LoginError> {
+    ) -> Result<IdentitySecret, LoginError> {
         let mut tx = self.db.begin().await?;
 
         let login = if let Some((login, stored_hash)) = tx.auth().for_name(name).await? {
@@ -38,7 +38,7 @@ impl<'a> Logins<'a> {
                 return Err(LoginError::Rejected);
             }
         } else {
-            let password_hash = StoredHash::new(password)?;
+            let password_hash = password.hash()?;
             tx.logins().create(name, &password_hash).await?
         };
 
@@ -49,8 +49,8 @@ impl<'a> Logins<'a> {
     }
 
     #[cfg(test)]
-    pub async fn create(&self, name: &str, password: &str) -> Result<Login, CreateError> {
-        let password_hash = StoredHash::new(password)?;
+    pub async fn create(&self, name: &str, password: &Password) -> Result<Login, CreateError> {
+        let password_hash = password.hash()?;
 
         let mut tx = self.db.begin().await?;
         let login = tx.logins().create(name, &password_hash).await?;
@@ -59,12 +59,12 @@ impl<'a> Logins<'a> {
         Ok(login)
     }
 
-    pub async fn validate(&self, secret: &str, used_at: &DateTime) -> Result<Login, ValidateError> {
-        // Somewhat arbitrarily, expire after 7 days.
-        let expire_at = used_at.to_owned() - TimeDelta::days(7);
-
+    pub async fn validate(
+        &self,
+        secret: &IdentitySecret,
+        used_at: &DateTime,
+    ) -> Result<Login, ValidateError> {
         let mut tx = self.db.begin().await?;
-        tx.tokens().expire(&expire_at).await?;
         let login = tx
             .tokens()
             .validate(secret, used_at)
@@ -75,7 +75,18 @@ impl<'a> Logins<'a> {
         Ok(login)
     }
 
-    pub async fn logout(&self, secret: &str) -> Result<(), ValidateError> {
+    pub async fn expire(&self, relative_to: &DateTime) -> Result<(), sqlx::Error> {
+        // Somewhat arbitrarily, expire after 7 days.
+        let expire_at = relative_to.to_owned() - TimeDelta::days(7);
+
+        let mut tx = self.db.begin().await?;
+        tx.tokens().expire(&expire_at).await?;
+        tx.commit().await?;
+
+        Ok(())
+    }
+
+    pub async fn logout(&self, secret: &IdentitySecret) -> Result<(), ValidateError> {
         let mut tx = self.db.begin().await?;
         tx.tokens()
             .revoke(secret)