websession 0.12.1

Web Session Support for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267

#![crate_type = "lib"]
#![crate_name = "websession"]
#![forbid(unsafe_code)]

//! # Websession
//!
//! Websession provides session and user support for web applications.  It
//! provides support for storing user information in a plain text file or in
//! memory.  Implement the [BackingStore](backingstore/index.html) trait to
//! support other storage, such as a database.
//!
//! ## Example
//!
//! See the tests for examples of use.

extern crate fs2;
extern crate pwhash;
extern crate sha2;
extern crate uuid;
#[macro_use]
extern crate log;

pub mod backingstore;
pub mod connectionsignature;
pub mod sessionpolicy;
pub mod sessions;
pub mod token;

pub use self::connectionsignature::ConnectionSignature;

use self::backingstore::{BackingStore, BackingStoreError};
pub use self::sessionpolicy::SessionPolicy;
use self::sessions::SessionManager;
use std::collections::HashMap;
use std::error::Error;
use std::sync::Mutex;
use std::time::Duration;
use std::vec::IntoIter;
use std::{fmt, io};

#[derive(Debug)]
pub enum AuthError {
    /// Session has expired
    Expired,
    /// User isn't authorized
    Unauthorized,
    /// Internal error: the mutex is poisoned
    Mutex,
    /// I/O error in the backing store
    IO(io::Error),
    /// Error in the underlying `pwhash` implementation
    Hash(pwhash::error::Error),
    /// Data integrity error (including rejections from the backing store or underlying data structures)
    MissingData,
}

impl From<BackingStoreError> for AuthError {
    fn from(err: BackingStoreError) -> AuthError {
        match err {
            BackingStoreError::NoSuchUser => AuthError::Unauthorized,
            BackingStoreError::Locked => AuthError::Unauthorized,
            BackingStoreError::UserExists => AuthError::Unauthorized,
            BackingStoreError::Mutex => AuthError::Mutex,
            BackingStoreError::IO(i) => AuthError::IO(i),
            BackingStoreError::Hash(h) => AuthError::Hash(h),
            BackingStoreError::MissingData => AuthError::MissingData,
            BackingStoreError::InvalidCredentials => AuthError::MissingData,
        }
    }
}

impl Error for AuthError {
    fn cause(&self) -> Option<&dyn (Error)> {
        match *self {
            AuthError::Hash(ref e) => Some(e),
            AuthError::IO(ref e) => Some(e),
            _ => None,
        }
    }
}

impl fmt::Display for AuthError {
    fn fmt(&self, out: &mut fmt::Formatter) -> fmt::Result {
        write!(out, "{}", self.to_string())
    }
}

/// The Authenticator is the main interface to Websession. It is responsible for
/// tracking session IDs, and the users associated with the ID, if any. It also
/// provides pass through support to the [BackingStore](backingstore/index.html)
/// for user management.
#[derive(Debug)]
pub struct Authenticator {
    sess_mgr: SessionManager,
    backing_store: Box<dyn BackingStore + Send + Sync>,
    // Do we need this, or does the app just hang onto this for us?
    // cookie_name: String,
    mapping: Mutex<HashMap<String, String>>,
}

impl Authenticator {
    // Add `cookie_name: &str` as the last argument if we need it.
    /// Create a new Authenticator.  `expiration` is how long a session should
    /// live w/o activity.  Activity resets the clock on a session.
    pub fn new(
        backing_store: Box<dyn BackingStore + Send + Sync>,
        expiration: Duration,
        policy: SessionPolicy,
    ) -> Authenticator {
        Authenticator {
            sess_mgr: SessionManager::new(expiration, policy),
            backing_store,
            // cookie_name: cookie_name.to_string(),
            mapping: Mutex::new(HashMap::new()),
        }
    }

    /// Verify that the provided `credentials` apply to the given `user`.
    /// Doesn't change any signatures associated with the user.
    pub fn verify(&self, user: &str, credentials: &str) -> Result<bool, AuthError> {
        self.backing_store
            .verify(user, credentials)
            .map_err(AuthError::from)
    }

    // should check policy
    /// Verify that the provided `credentials` apply to the given `user`.  If
    /// they do, associate the user with the given `signature`.  Credentials are
    /// as provided by the user; plain text in the case of passwords.
    pub fn login(
        &self,
        user: &str,
        credentials: &str,
        signature: &ConnectionSignature,
    ) -> Result<(), AuthError> {
        match self.sess_mgr.is_expired(signature) {
            Ok(true) => {
                self.sess_mgr.stop(signature);
                Err(AuthError::Expired)
            }
            Ok(false) => match self.verify(user, credentials) {
                Ok(true) => {
                    self.mapping
                        .lock()
                        .map_err(|_| AuthError::Mutex)?
                        .insert(signature.token.to_string(), user.to_string());
                    Ok(())
                }
                Ok(false) => Err(AuthError::Unauthorized),
                Err(e) => Err(e),
            },
            Err(e) => Err(e),
        }
    }

    /// Remove any association of a user to the given `signature`, and remove
    /// the session.
    pub fn logout(&self, signature: &ConnectionSignature) {
        let id = signature.token.to_string();
        match self.mapping.lock() {
            Ok(mut hashmap) => hashmap.remove(&id),
            Err(poisoned) => poisoned.into_inner().remove(&id), // XXX log this
        };
        self.sess_mgr.stop(signature);
    }

    /// Get the `user` associated with the session, if any.
    pub fn get_user(&self, signature: &ConnectionSignature) -> Result<Option<String>, AuthError> {
        match self.sess_mgr.is_expired(signature) {
            Ok(true) => Err(AuthError::Expired),
            Ok(false) => match self.mapping.lock() {
                Ok(hashmap) => Ok(hashmap.get(&signature.token.to_string()).cloned()),
                Err(_) => Err(AuthError::Mutex),
            },
            Err(e) => Err(e),
        }
    }

    /// Encrypt the credentials as expected by the backing store.
    pub fn encrypt_credentials(&self, plain_cred: &str) -> Result<String, AuthError> {
        Ok(self.backing_store.encrypt_credentials(plain_cred)?)
    }

    /// Update the user's credentials, e.g. password.  Credentials should
    /// already be encrypted/hashed, or the user will not be able to log in (and
    /// plain text will be stored in the backing store).
    pub fn update_credentials(&self, user: &str, enc_creds: &str) -> Result<(), AuthError> {
        Ok(self.backing_store.update_credentials(user, enc_creds)?)
    }

    /// Update the user's credentials, e.g. password.  Credentials should be in
    /// plain text, which will then be encrypted according to the BackingStore's
    /// implementation.
    pub fn update_credentials_plain(&self, user: &str, plain_creds: &str) -> Result<(), AuthError> {
        Ok(self
            .backing_store
            .update_credentials_plain(user, plain_creds)?)
    }

    // These doesn't take a ConnectionSignature because maybe we want to
    // manipulate a user other than ourself.
    /// Disable a user's ability to login.  The password will not be changed,
    /// but all login attempts will fail.
    pub fn lock_user(&self, user: &str) -> Result<(), AuthError> {
        match self.mapping.lock() {
            Ok(mut hashmap) => hashmap.retain(|_, ref v| user != *v),
            Err(mut poisoned) => poisoned.get_mut().retain(|_, ref v| user != *v),
        };
        self.backing_store.lock(user).map_err(AuthError::from)
    }

    /// Check if the user's account is locked.
    pub fn is_locked(&self, user: &str) -> Result<bool, AuthError> {
        self.backing_store.is_locked(user).map_err(AuthError::from)
    }

    /// Re-enable the user's account.  The old password will remain valid.
    pub fn unlock(&self, user: &str) -> Result<(), AuthError> {
        self.backing_store.unlock(user).map_err(AuthError::from)
    }

    /// Create a new user with the given credentials.  Credentials should
    /// already be encrypted/hashed, or the user will not be able to log in
    /// (and plain text will end up stored in the backing store).
    pub fn create_preencrypted(&self, user: &str, enc_creds: &str) -> Result<(), AuthError> {
        Ok(self.backing_store.create_preencrypted(user, enc_creds)?)
    }

    /// Create a new user with the given credentials.  Credentials should be in
    /// plain text, which will then be encrypted according to the BackingStore's
    /// implementation.
    pub fn create_plain(&self, user: &str, plain_creds: &str) -> Result<(), AuthError> {
        Ok(self.backing_store.create_plain(user, plain_creds)?)
    }

    /// Delete the given user.  Any stored credentials will be deleted too, and
    /// will need to be provided again if the user is later re-created.
    pub fn delete(&self, user: &str) -> Result<(), AuthError> {
        self.backing_store.delete(user).map_err(AuthError::from)
    }

    /// This is the main driver.  It returns a signature that contains the
    /// current value for the cookie, or an error if something went wrong.  The
    /// returned signature may be different from the one provided.
    pub fn run(&self, signature: ConnectionSignature) -> Result<ConnectionSignature, AuthError> {
        self.sess_mgr.start(signature).map_err(AuthError::from)
    }

    /// Return a Vec of usernames.
    pub fn users(&self) -> Result<Vec<String>, AuthError> {
        self.backing_store.users().map_err(AuthError::from)
    }

    /// Return an iterator over users.
    pub fn users_iter(&self) -> Result<IntoIter<String>, AuthError> {
        self.backing_store.users_iter().map_err(AuthError::from)
    }

    /// Identify whether or not the user already exists in the backing store.
    /// May return an `AuthError`; in particular, `AuthError::Locked`, which
    /// means that the user exists but the account is locked.  Applications
    /// shouldn't expose the specific error without a good readon, as this could
    /// allow enumerating accounts.
    pub fn check_user(&self, user: &str) -> Result<bool, AuthError> {
        self.backing_store.check_user(user).map_err(AuthError::from)
    }
}