password-encryptor 2.0.0

A helper crate for encrypting and validating password
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131

mod error;

use error::{Error, Result};
use hmac::{Hmac, Mac};
use sha2::Sha512;


#[derive(Clone)]
pub struct EncryptionData<'a> {
    pub content: &'a str,
    pub salt: &'a str,
}

#[derive(Clone)]
pub struct PasswordEncryptor {
    key: Vec<u8>,
    encryption_prefix: Option<String>,
}

impl PasswordEncryptor {
    pub fn new(key: Vec<u8>, encryption_prefix: Option<String>) -> Self {
        Self {
            key,
            encryption_prefix,
        }
    }
}

impl PasswordEncryptor {
    fn encrypt_into_base64url(
        &self,
        key: &[u8],
        encryption_data: &EncryptionData,
    ) -> Result<String> {
        let EncryptionData { content, salt } = encryption_data;

        let mut hmac_sha512 =
            Hmac::<Sha512>::new_from_slice(key).map_err(|_| Error::KeyFailHmac)?;

        hmac_sha512.update(content.as_bytes());
        hmac_sha512.update(salt.as_bytes());

        let hmac_result = hmac_sha512.finalize();
        let result_bytes = hmac_result.into_bytes();

        let result = base64_url::encode(&result_bytes);

        Ok(result)
    }

    pub fn encrypt_password(&self, encryption_data: &EncryptionData) -> Result<String> {
        let encrypted = self.encrypt_into_base64url(&self.key, encryption_data)?;
        let final_prefix = self.encryption_prefix.clone().unwrap_or("".to_string());
        Ok(format!("{final_prefix}{encrypted}"))
    }

    pub fn validate_password(
        &self,
        encryption_data: &EncryptionData,
        encrypted_password: &str,
    ) -> Result<()> {
        let inner_encrypted_password = self.encrypt_password(encryption_data)?;
        if inner_encrypted_password == encrypted_password {
            Ok(())
        } else {
            Err(Error::PasswordsDontMatch)
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_successful_encryption() {
        let encryptor = PasswordEncryptor::new(vec![1,2,3], None);
        let data = EncryptionData {
            content: "password123",
            salt: "salt",
        };

        let encrypted = encryptor.encrypt_password(&data).unwrap();
        assert!(!encrypted.is_empty())
    }

    #[test]
    fn test_validation_success() {
        let encryptor = PasswordEncryptor::new(vec![1,2,3], None);
        let data = EncryptionData {
            content: "password123",
            salt: "salt",
        };

        let encrypted = encryptor.encrypt_password(&data).unwrap();
        assert!(encryptor.validate_password(&data, &encrypted).is_ok());
    }

    #[test]
    fn test_validation_failure() {
        let encryptor = PasswordEncryptor::new(vec![1,2,3], Some("prefix_".to_string()));
        let data = EncryptionData {
            content: "password123",
            salt: "salt",
        };

        assert!(encryptor
            .validate_password(&data, "wrong_password")
            .is_err());
    }

    #[test]
    fn test_password_mismatch_error() {
        let encryptor = PasswordEncryptor::new(vec![1,2,3], Some("prefix_".to_string()));
        let data = EncryptionData {
            content: "password123",
            salt: "salt",
        };

        let wrong_data = EncryptionData {
            content: "wrong_password",
            salt: "salt",
        };

        let encrypted = encryptor.encrypt_password(&data).unwrap();
        match encryptor.validate_password(&wrong_data, &encrypted) {
            Err(Error::PasswordsDontMatch) => (),
            _ => panic!("Expected PasswordsDontMatch error"),
        }
    }
}