Trait websession::backingstore::BackingStore [−][src]
The BackingStore
doesn't know about user-IDs vs usernames: the consumer of
websession is responsible for being able to change usernames w/o affecting
user-IDs.
N.B., implementors of BackingStore should provide a new
that gets whatever
is needed to connect to the store.
In general, the BackingStore will be accessed in a multi-threaded environment, so a Mutex or RwLock will probably be needed by implementers.
Required methods
fn encrypt_credentials(&self, plain: &str) -> Result<String, BackingStoreError>
[src]
Encrypt unencrypted credentials. For passwords, this should be a sound hashing function. For some credentials, such as public keys, additional encryption may be unneeded.
fn verify(
&self,
user: &str,
plain_cred: &str
) -> Result<bool, BackingStoreError>
[src]
&self,
user: &str,
plain_cred: &str
) -> Result<bool, BackingStoreError>
Verify the credentials for the user. It takes unencrypted passwords, such as that provided by a user logging in.
fn get_credentials(
&self,
user: &str,
fail_if_locked: bool
) -> Result<String, BackingStoreError>
[src]
&self,
user: &str,
fail_if_locked: bool
) -> Result<String, BackingStoreError>
Get the credentials for the user. For passwords, this would be the salted hashed password.
fn update_credentials(
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
Set new credentials for the user.
NOTE: Credentials must be previously encrypted by encrypt_credentials
.
If unencrypted credentials are provided, users will not be able to log
in, and plain text will be stored in the backing store, creating a
potential security problem.
Implementations of this method may fail with BackingStoreError::InvalidCredentials, if they can differentiate unencrypted and encrypted credentials, but are not required to.
fn lock(&self, user: &str) -> Result<(), BackingStoreError>
[src]
Lock the user to prevent logins. Locked users cannot verify, but
the credentials are not cleared and can therefore be restored later (see
unlock
).
fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>
[src]
Check if the user is locked.
fn unlock(&self, user: &str) -> Result<(), BackingStoreError>
[src]
Unlock the user, restoring the original password/credentials.
fn create_preencrypted(
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
Create a new user with the given credentials. Returns
BackingStoreError::UserExists
if the user already exists.
NOTE: Credentials must be previously encrypted by encrypt_credentials
.
If unencrypted credentials are provided, users will not be able to log
in, and plain text will be stored in the backing store, creating a
potential security problem.
Implementations of this method may fail with BackingStoreError::InvalidCredentials, if they can differentiate unencrypted and encrypted credentials, but are not required to.
fn delete(&self, user: &str) -> Result<(), BackingStoreError>
[src]
Delete the user, all stored credentials, and any other data. This is not required to be a "secure deletion".
fn check_user(&self, user: &str) -> Result<bool, BackingStoreError>
[src]
Return whether or not the user already exists in the backing store. May
return a BackingStoreError
, in particular,
BackingStoreError::Locked
, which means the user exists but the account
is locked.
Provided methods
fn update_credentials_plain(
&self,
user: &str,
plain_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
plain_cred: &str
) -> Result<(), BackingStoreError>
Convenience method, calling encrypt_credentials
and
update_credentials
. The default implementation should normally be
sufficient.
fn create_plain(
&self,
user: &str,
plain_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
plain_cred: &str
) -> Result<(), BackingStoreError>
Convenience method, calling encrypt_credentials
and
create_preencrypted
. The default implementation should normally be
sufficient.
fn users(&self) -> Result<Vec<String>, BackingStoreError>
[src]
Return a Vec of the user names. users_iter
may be more appropriate
when there are large numbers of users. Only one of users
or
users_iter
needs to be implemented, as the default implementations
will take care of the other. However, there may be performance reasons
to implement both.
fn users_iter(&self) -> Result<IntoIter<String>, BackingStoreError>
[src]
Return an Iterator over the user names. users
may be more convenient
when there are small numbers of users. Only one of users
or
users_iter
needs to be implemented, as the default implementations
will take care of the other. However, there may be performance reasons
to implement both.
Implementors
impl BackingStore for FileBackingStore
[src]
fn encrypt_credentials(&self, plain: &str) -> Result<String, BackingStoreError>
[src]
fn get_credentials(
&self,
user: &str,
fail_if_locked: bool
) -> Result<String, BackingStoreError>
[src]
&self,
user: &str,
fail_if_locked: bool
) -> Result<String, BackingStoreError>
fn verify(
&self,
user: &str,
plain_cred: &str
) -> Result<bool, BackingStoreError>
[src]
&self,
user: &str,
plain_cred: &str
) -> Result<bool, BackingStoreError>
fn update_credentials(
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
fn lock(&self, user: &str) -> Result<(), BackingStoreError>
[src]
fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>
[src]
fn unlock(&self, user: &str) -> Result<(), BackingStoreError>
[src]
fn create_preencrypted(
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
fn delete(&self, user: &str) -> Result<(), BackingStoreError>
[src]
Returns Ok(()) on deletion, Err(BackingStoreError::NoSuchUser) if they were already deleted, or IO or Mutex errors.
fn users(&self) -> Result<Vec<String>, BackingStoreError>
[src]
fn check_user(&self, user: &str) -> Result<bool, BackingStoreError>
[src]
impl BackingStore for MemoryBackingStore
[src]
fn encrypt_credentials(&self, plain: &str) -> Result<String, BackingStoreError>
[src]
fn get_credentials(
&self,
user: &str,
fail_if_locked: bool
) -> Result<String, BackingStoreError>
[src]
&self,
user: &str,
fail_if_locked: bool
) -> Result<String, BackingStoreError>
fn verify(
&self,
user: &str,
plain_cred: &str
) -> Result<bool, BackingStoreError>
[src]
&self,
user: &str,
plain_cred: &str
) -> Result<bool, BackingStoreError>
fn update_credentials(
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
fn lock(&self, user: &str) -> Result<(), BackingStoreError>
[src]
fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>
[src]
fn unlock(&self, user: &str) -> Result<(), BackingStoreError>
[src]
fn create_preencrypted(
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>
[src]
&self,
user: &str,
enc_cred: &str
) -> Result<(), BackingStoreError>