Trait websession::backingstore::BackingStore[][src]

pub trait BackingStore: Debug {
    fn encrypt_credentials(
        &self, 
        plain: &str
    ) -> Result<String, BackingStoreError>;

    fn verify(
        &self, 
        user: &str, 
        plain_cred: &str
    ) -> Result<bool, BackingStoreError>;

    fn get_credentials(
        &self, 
        user: &str, 
        fail_if_locked: bool
    ) -> Result<String, BackingStoreError>;

    fn update_credentials(
        &self, 
        user: &str, 
        enc_cred: &str
    ) -> Result<(), BackingStoreError>;

    fn lock(&self, user: &str) -> Result<(), BackingStoreError>;

    fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>;

    fn unlock(&self, user: &str) -> Result<(), BackingStoreError>;

    fn create_preencrypted(
        &self, 
        user: &str, 
        enc_cred: &str
    ) -> Result<(), BackingStoreError>;

    fn delete(&self, user: &str) -> Result<(), BackingStoreError>;

    fn check_user(&self, user: &str) -> Result<bool, BackingStoreError>;

    fn update_credentials_plain(
        &self, 
        user: &str, 
        plain_cred: &str
    ) -> Result<(), BackingStoreError> { ... }

    fn create_plain(
        &self, 
        user: &str, 
        plain_cred: &str
    ) -> Result<(), BackingStoreError> { ... }

    fn users(&self) -> Result<Vec<String>, BackingStoreError> { ... }

    fn users_iter(&self) -> Result<IntoIter<String>, BackingStoreError> { ... }
}

The BackingStore doesn't know about user-IDs vs usernames: the consumer of websession is responsible for being able to change usernames w/o affecting user-IDs.

N.B., implementors of BackingStore should provide a new that gets whatever is needed to connect to the store.

In general, the BackingStore will be accessed in a multi-threaded environment, so a Mutex or RwLock will probably be needed by implementers.

Required methods

fn encrypt_credentials(&self, plain: &str) -> Result<String, BackingStoreError>[src]

Encrypt unencrypted credentials. For passwords, this should be a sound hashing function. For some credentials, such as public keys, additional encryption may be unneeded.

fn verify(
    &self,
    user: &str,
    plain_cred: &str
) -> Result<bool, BackingStoreError>[src]

Verify the credentials for the user. It takes unencrypted passwords, such as that provided by a user logging in.

fn get_credentials(
    &self,
    user: &str,
    fail_if_locked: bool
) -> Result<String, BackingStoreError>[src]

Get the credentials for the user. For passwords, this would be the salted hashed password.

fn update_credentials(
    &self,
    user: &str,
    enc_cred: &str
) -> Result<(), BackingStoreError>[src]

Set new credentials for the user.

NOTE: Credentials must be previously encrypted by encrypt_credentials. If unencrypted credentials are provided, users will not be able to log in, and plain text will be stored in the backing store, creating a potential security problem.

Implementations of this method may fail with BackingStoreError::InvalidCredentials, if they can differentiate unencrypted and encrypted credentials, but are not required to.

fn lock(&self, user: &str) -> Result<(), BackingStoreError>[src]

Lock the user to prevent logins. Locked users cannot verify, but the credentials are not cleared and can therefore be restored later (see unlock).

fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>[src]

Check if the user is locked.

fn unlock(&self, user: &str) -> Result<(), BackingStoreError>[src]

Unlock the user, restoring the original password/credentials.

fn create_preencrypted(
    &self,
    user: &str,
    enc_cred: &str
) -> Result<(), BackingStoreError>[src]

Create a new user with the given credentials. Returns BackingStoreError::UserExists if the user already exists.

NOTE: Credentials must be previously encrypted by encrypt_credentials. If unencrypted credentials are provided, users will not be able to log in, and plain text will be stored in the backing store, creating a potential security problem.

Implementations of this method may fail with BackingStoreError::InvalidCredentials, if they can differentiate unencrypted and encrypted credentials, but are not required to.

fn delete(&self, user: &str) -> Result<(), BackingStoreError>[src]

Delete the user, all stored credentials, and any other data. This is not required to be a "secure deletion".

fn check_user(&self, user: &str) -> Result<bool, BackingStoreError>[src]

Return whether or not the user already exists in the backing store. May return a BackingStoreError, in particular, BackingStoreError::Locked, which means the user exists but the account is locked.

Loading content...

Provided methods

fn update_credentials_plain(
    &self,
    user: &str,
    plain_cred: &str
) -> Result<(), BackingStoreError>[src]

Convenience method, calling encrypt_credentials and update_credentials. The default implementation should normally be sufficient.

fn create_plain(
    &self,
    user: &str,
    plain_cred: &str
) -> Result<(), BackingStoreError>[src]

Convenience method, calling encrypt_credentials and create_preencrypted. The default implementation should normally be sufficient.

fn users(&self) -> Result<Vec<String>, BackingStoreError>[src]

Return a Vec of the user names. users_iter may be more appropriate when there are large numbers of users. Only one of users or users_iter needs to be implemented, as the default implementations will take care of the other. However, there may be performance reasons to implement both.

fn users_iter(&self) -> Result<IntoIter<String>, BackingStoreError>[src]

Return an Iterator over the user names. users may be more convenient when there are small numbers of users. Only one of users or users_iter needs to be implemented, as the default implementations will take care of the other. However, there may be performance reasons to implement both.

Loading content...

Implementors

impl BackingStore for FileBackingStore[src]

fn delete(&self, user: &str) -> Result<(), BackingStoreError>[src]

Returns Ok(()) on deletion, Err(BackingStoreError::NoSuchUser) if they were already deleted, or IO or Mutex errors.

impl BackingStore for MemoryBackingStore[src]

Loading content...