From 6a6cfcd2df56938aa356e20e4728552a8c2ee8aa Mon Sep 17 00:00:00 2001 From: alpaylan Date: Wed, 14 Apr 2021 16:36:42 +0300 Subject: embed user passwds to the code structs. --- src/handlers.rs | 2 +- src/schema.rs | 41 +++++++++++++++++++++++++++++++++-------- tests/route_tests.rs | 4 +++- tests/schema_tests.rs | 28 ++++++++++++++++++---------- 4 files changed, 55 insertions(+), 20 deletions(-) diff --git a/src/handlers.rs b/src/handlers.rs index e34abbe..b9df931 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -39,7 +39,7 @@ pub async fn authenticate_user( debug!("POST request to /register, authenticate_user"); let provided_id = request.student_id.clone(); - let priv_student_id = match MetuId::new(request.student_id) { + let priv_student_id = match MetuId::new(request.student_id, request.passwd) { Some(id) => id, None => { let res_json = warp::reply::json(&GradeCoinResponse { diff --git a/src/schema.rs b/src/schema.rs index 55e46c0..65150c1 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -132,22 +132,47 @@ pub struct User { #[derive(Serialize, Deserialize, Debug, PartialEq)] pub struct MetuId { id: String, + passwd: String, } // TODO: this will arrive encrypted <13-04-21, yigit> // #[derive(Serialize, Deserialize, Debug, PartialEq)] pub struct AuthRequest { pub student_id: String, + pub passwd: String, pub public_key: String, } lazy_static! { - static ref OUR_STUDENTS: HashSet<&'static str> = { + static ref OUR_STUDENTS: HashSet<(&'static str, &'static str)> = { [ - "e254275", "e223687", "e211024", "e209888", "e223725", "e209362", "e209898", "e230995", - "e223743", "e223747", "e223749", "e223751", "e188126", "e209913", "e203608", "e233013", - "e216982", "e217185", "e223780", "e194931", "e223783", "e254550", "e217203", "e217477", - "e223786", "e231060", "e223795", + ("e254275", "DtNX1qk4YF4saRH"), + ("e223687", "cvFEs4XLjuGBD1v"), + ("e211024", "voQAcxiKJmEXYRT"), + ("e209888", "O75dli6AQtz2tUi"), + ("e223725", "xXuTD3Y4tyrv2Jz"), + ("e209362", "N7wGm5XU5zVWOWu"), + ("e209898", "aKBFfB8fZMq8pVn"), + ("e230995", "TgcHGlqeFhQGx42"), + ("e223743", "YVWVSWuIHplJk9C"), + ("e223747", "8LAeHrsjnwXh59Q"), + ("e223749", "HMFeJqVOzwCPHbc"), + ("e223751", "NjMsxmtmy2VOwMW"), + ("e188126", "QibuPdV2gXfsVJW"), + ("e209913", "kMxJvl2vHSWCy4A"), + ("e203608", "mfkkR0MWurk6Rp1"), + ("e233013", "GCqHxdOaDj2pWXx"), + ("e216982", "2Z0xmgCStnj5qg5"), + ("e217185", "BcaZNlzlhPph7A3"), + ("e223780", "2KvVxKUQaA9H4sn"), + ("e194931", "hsC0Wb8PQ5vzwdQ"), + ("e223783", "ETUJA3kt1QYvJai"), + ("e254550", "rPRjX0A4NefvKWi"), + ("e217203", "lN3IWhGyCrGfkk5"), + ("e217477", "O9xlMaa7LanC82w"), + ("e223786", "UxI6czykJfp9T9N"), + ("e231060", "VJgziofQQPCoisH"), + ("e223795", "pmcTCKox99NFsqp"), ] .iter() .cloned() @@ -162,9 +187,9 @@ impl fmt::Display for MetuId { } impl MetuId { - pub fn new(id: String) -> Option { - if OUR_STUDENTS.contains(&*id) { - Some(MetuId { id: id }) + pub fn new(id: String, pwd: String) -> Option { + if OUR_STUDENTS.contains(&(&*id, &*pwd)) { + Some(MetuId { id: id, passwd: pwd }) } else { None } diff --git a/tests/route_tests.rs b/tests/route_tests.rs index 7c0651f..5c2d891 100644 --- a/tests/route_tests.rs +++ b/tests/route_tests.rs @@ -12,7 +12,7 @@ mod tests { db.users.write().insert( "mock_transaction_source".to_owned(), User { - user_id: MetuId::new("e254275".to_owned()).unwrap(), + user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(), public_key: "-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nU0G4WjkmcQUx0hq6LQ uV5Q+ACmUFL/OjoYMDwC/O/6pCd1UZgCfgHN2xEffDPznzcTn8OiFRxr4oWyBiny @@ -56,6 +56,7 @@ sQIDAQAB fn priviliged_mocked_user() -> AuthRequest { AuthRequest { student_id: String::from("e254275"), + passwd: String::from("DtNX1qk4YF4saRH"), public_key: "NOT IMPLEMENTED".to_owned(), } } @@ -64,6 +65,7 @@ sQIDAQAB fn unpriviliged_mocked_user() -> AuthRequest { AuthRequest { student_id: String::from("foobarbaz"), + passwd: String::from("DtNX1qk4YF4saRH"), public_key: "NOT IMPLEMENTED".to_owned(), } } diff --git a/tests/schema_tests.rs b/tests/schema_tests.rs index c1880b9..4240a5f 100644 --- a/tests/schema_tests.rs +++ b/tests/schema_tests.rs @@ -192,7 +192,7 @@ mod tests { #[test] fn user_serialize_correctly() { let user = User { - user_id: MetuId::new("e254275".to_owned()).unwrap(), + user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(), public_key: "public_key".to_owned(), balance: 0 }; @@ -202,9 +202,11 @@ mod tests { &[ Token::Struct{name: "User", len: 3}, Token::String("user_id"), - Token::Struct {name: "MetuId", len: 1}, + Token::Struct {name: "MetuId", len: 2}, Token::String("id"), Token::String("e254275"), + Token::String("passwd"), + Token::String("DtNX1qk4YF4saRH"), Token::StructEnd, Token::String("public_key"), Token::String("public_key"), @@ -218,11 +220,11 @@ mod tests { #[test] fn user_deserialize_correctly() { let expected_user = User { - user_id: MetuId::new("e254275".to_owned()).unwrap(), + user_id: MetuId::new("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(), public_key: "public_key".to_owned(), balance: 0 }; - let data = r#"{"user_id":{"id":"e254275"},"public_key":"public_key","balance":0}"#; + let data = r#"{"user_id":{"id":"e254275","passwd":"DtNX1qk4YF4saRH"},"public_key":"public_key","balance":0}"#; let user: User = serde_json::from_str(data).unwrap(); assert_eq!(user, expected_user); @@ -231,14 +233,16 @@ mod tests { #[test] fn metu_id_serialize_correctly() { - let metu_id = MetuId::new ("e254275".to_owned()).unwrap(); + let metu_id = MetuId::new ("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(); assert_tokens( &metu_id, &[ - Token::Struct{name: "MetuId", len: 1}, + Token::Struct{name: "MetuId", len: 2}, Token::String("id"), Token::String("e254275"), + Token::String("passwd"), + Token::String("DtNX1qk4YF4saRH"), Token::StructEnd, ] ) @@ -246,8 +250,8 @@ mod tests { #[test] fn metu_id_deserialize_correctly() { - let expected_metu_id = MetuId::new ("e254275".to_owned()).unwrap(); - let data = r#"{"id":"e254275"}"#; + let expected_metu_id = MetuId::new ("e254275".to_owned(), "DtNX1qk4YF4saRH".to_owned()).unwrap(); + let data = r#"{"id":"e254275","passwd":"DtNX1qk4YF4saRH"}"#; let metu_id: MetuId = serde_json::from_str(data).unwrap(); assert_eq!(metu_id, expected_metu_id); @@ -257,15 +261,18 @@ mod tests { fn auth_request_serialize_correctly() { let auth_request = AuthRequest { student_id: "e254275".to_owned(), + passwd: "DtNX1qk4YF4saRH".to_owned(), public_key: "public_key".to_owned() }; assert_tokens( &auth_request, &[ - Token::Struct{name: "AuthRequest", len: 2}, + Token::Struct{name: "AuthRequest", len: 3}, Token::String("student_id"), Token::String("e254275"), + Token::String("passwd"), + Token::String("DtNX1qk4YF4saRH"), Token::String("public_key"), Token::String("public_key"), Token::StructEnd, @@ -277,9 +284,10 @@ mod tests { fn auth_request_deserialize_correctly() { let expected_auth_request = AuthRequest { student_id: "e254275".to_owned(), + passwd: "DtNX1qk4YF4saRH".to_owned(), public_key: "public_key".to_owned() }; - let data = r#"{"student_id":"e254275","public_key":"public_key"}"#; + let data = r#"{"student_id":"e254275","passwd":"DtNX1qk4YF4saRH","public_key":"public_key"}"#; let auth_request: AuthRequest = serde_json::from_str(data).unwrap(); assert_eq!(auth_request, expected_auth_request); -- cgit v1.2.3-70-g09d2