Skip to content

Commit

Permalink
unwrap the Argon2Params in AppState (#604)
Browse files Browse the repository at this point in the history
  • Loading branch information
sebadob authored Nov 8, 2024
1 parent 0578be3 commit 68452f1
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 27 deletions.
6 changes: 3 additions & 3 deletions src/api/src/generic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -385,9 +385,9 @@ pub async fn get_login_time(
.unwrap_or(2000);

let argon2_params = Argon2ParamsResponse {
m_cost: data.argon2_params.params.m_cost(),
t_cost: data.argon2_params.params.t_cost(),
p_cost: data.argon2_params.params.p_cost(),
m_cost: data.argon2_params.m_cost(),
t_cost: data.argon2_params.t_cost(),
p_cost: data.argon2_params.p_cost(),
};
let resp = LoginTimeResponse {
argon2_params,
Expand Down
14 changes: 2 additions & 12 deletions src/models/src/app_state.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ pub type DbTxn<'a> = sqlx::Transaction<'a, sqlx::Postgres>;
#[derive(Debug, Clone)]
pub struct AppState {
pub public_url: String,
pub argon2_params: Argon2Params,
pub argon2_params: argon2::Params,
pub issuer: String,
pub listen_addr: String,
pub listen_scheme: ListenScheme,
Expand Down Expand Up @@ -97,13 +97,12 @@ impl AppState {
.unwrap_or_else(|_| String::from("8"))
.parse::<u32>()
.expect("Could not parse ARGON2_P_COST value");
let params = argon2::Params::new(argon2_m_cost, argon2_t_cost, argon2_p_cost, None)
let argon2_params = argon2::Params::new(argon2_m_cost, argon2_t_cost, argon2_p_cost, None)
.expect("Unable to build Argon2id params");
debug!(
"Argon2id Params: m_cost: {}, t_cost: {}, p_cost: {}",
argon2_m_cost, argon2_t_cost, argon2_p_cost
);
let argon2_params = Argon2Params { params };

let refresh_grace_time = env::var("REFRESH_TOKEN_GRACE_TIME")
.unwrap_or_else(|_| String::from('5'))
Expand Down Expand Up @@ -249,12 +248,3 @@ impl AppState {
// Ok(pool)
// }
}

/// Holds the `argon2::Params` for the application.
///
/// This has been simplified a lot by now and it may be unwrapped and inserted into the
/// [AppState](AppState) directly later on. Needs some refactoring though.
#[derive(Debug, Clone)]
pub struct Argon2Params {
pub params: argon2::Params,
}
2 changes: 1 addition & 1 deletion src/models/src/database.rs
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ impl DB {

// migrate dynamic DB data
if !*DEV_MODE {
init_prod::migrate_init_prod(app_state.argon2_params.params.clone(), &app_state.issuer)
init_prod::migrate_init_prod(app_state.argon2_params.clone(), &app_state.issuer)
.await?;
}

Expand Down
20 changes: 9 additions & 11 deletions src/models/src/entity/users.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use crate::app_state::{AppState, Argon2Params, DbTxn};
use crate::app_state::{AppState, DbTxn};
use crate::database::{Cache, DB};
use crate::email::{send_email_change_info_new, send_email_confirm_change, send_pwd_reset};
use crate::entity::colors::ColorEntity;
Expand Down Expand Up @@ -1524,7 +1524,7 @@ impl User {
}
}

pub fn is_argon2_uptodate(&self, params: &Argon2Params) -> Result<bool, ErrorResponse> {
pub fn is_argon2_uptodate(&self, params: &argon2::Params) -> Result<bool, ErrorResponse> {
if self.password.is_none() {
error!(
"Trying to validate argon2 params with not set password for user '{:?}'",
Expand All @@ -1540,9 +1540,9 @@ impl User {
let curr_params =
argon2::Params::try_from(&hash).expect("Could not extract params from hash");

if curr_params.m_cost() == params.params.m_cost()
&& curr_params.t_cost() == params.params.t_cost()
&& curr_params.p_cost() == params.params.p_cost()
if curr_params.m_cost() == params.m_cost()
&& curr_params.t_cost() == params.t_cost()
&& curr_params.p_cost() == params.p_cost()
{
return Ok(true);
}
Expand Down Expand Up @@ -1891,21 +1891,19 @@ mod tests {

// argon2 params
// defaults: argon2_m_cost = 16384, argon2_t_cost = 3, argon2_p_cost = 2
let mut wrapped_params = Argon2Params {
params: argon2::Params::new(16384, 3, 2, None).unwrap(),
};
let mut wrapped_params = argon2::Params::new(16384, 3, 2, None)?;
let res = user.is_argon2_uptodate(&wrapped_params)?;
assert_eq!(res, true);

wrapped_params.params = argon2::Params::new(8192, 3, 2, None).unwrap();
wrapped_params = argon2::Params::new(8192, 3, 2, None)?;
let res = user.is_argon2_uptodate(&wrapped_params)?;
assert_eq!(res, false);

wrapped_params.params = argon2::Params::new(16384, 4, 2, None).unwrap();
wrapped_params = argon2::Params::new(16384, 4, 2, None)?;
let res = user.is_argon2_uptodate(&wrapped_params)?;
assert_eq!(res, false);

wrapped_params.params = argon2::Params::new(16384, 3, 5, None).unwrap();
wrapped_params = argon2::Params::new(16384, 3, 5, None)?;
let res = user.is_argon2_uptodate(&wrapped_params)?;
assert_eq!(res, false);

Expand Down

0 comments on commit 68452f1

Please sign in to comment.