1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

use std::convert::TryFrom;
use std::convert::TryInto;
use std::error::Error;
use std::str::FromStr;
use std::time::SystemTime;

use serde::Deserialize;
use serde::Serialize;
use sha2::Digest;
use sha2::Sha256;

#[derive(Debug)]
pub enum AuthStatus {
	OK,
	BasicRequired,
	PasswordWrong
}

#[derive(Debug, Deserialize, Serialize)]
#[serde(rename_all = "PascalCase")]
pub struct GetNonceResponse {
	status: String,
	nonce: String,
	salt: String,
}

impl FromStr for GetNonceResponse {
	type Err = serde_json::Error;
	fn from_str(s: &str) -> Result<Self, Self::Err> {
		serde_json::from_str(&s)
	}
}

impl GetNonceResponse {
	pub fn from_bytes(bytes: impl AsRef<[u8]>) -> Result<Self, serde_json::Error> {
		serde_json::from_slice(bytes.as_ref())
	}
}

#[derive(Debug)]
pub struct AuthData {
	pub nonce: [u8; 32],
	pub salt: [u8; 32],
	pub nonce_b64: String,
	pub token: String,
	pub last_login: SystemTime
}

impl TryFrom<GetNonceResponse> for AuthData {
	type Error = base64::DecodeError;
	fn try_from(response: GetNonceResponse) -> Result<Self, Self::Error> {
		let mut this = Self{
			nonce: [0; 32],
			salt: [0; 32],
			nonce_b64: response.nonce,
			token: "".to_string(),
			last_login: SystemTime::now()
		};
		base64::decode_config_slice(&this.nonce_b64, base64::STANDARD, &mut this.nonce)?;
		base64::decode_config_slice(response.salt, base64::STANDARD, &mut this.salt)?;
		Ok(this)
	}
}

impl FromStr for AuthData {
	type Err = Box<dyn Error>;
	fn from_str(s: &str) -> Result<Self, Self::Err> {
		Ok(GetNonceResponse::from_str(&s)?.try_into()?)
	}
}

impl AuthData {
	pub fn from_bytes(bytes: impl AsRef<[u8]>) -> Result<Self, Box<dyn Error>> {
		Ok(GetNonceResponse::from_bytes(&bytes)?.try_into()?)
	}

	pub fn obfuscate_password(&self, password: &str) -> LoginRequest {
		let password_bytes = password.as_bytes();
		let mut hash = Sha256::new();
		hash.update(&password_bytes);
		hash.update(&self.salt);
		let salted_password = hash.finalize_reset();
		hash.update(&self.nonce);
		hash.update(salted_password);
		let nonced_password = hash.finalize();
		LoginRequest{
			password: base64::encode_config(nonced_password, base64::STANDARD)
		}
	}
}

#[derive(Debug, Serialize)]
pub struct LoginRequest {
	pub password: String
}

#[test]
fn test_decode_nonce_response_1() {
	let test_response = "{\n  \"Status\": \"OK\",\n  \"Nonce\": \"AgrKQzIZ4uYRG/XpzRW+r6laCg0klQgTy3qDF9NXu2g=\",\n  \"Salt\": \"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"\n}";
	let decoded = GetNonceResponse::from_str(&test_response).unwrap();
	assert!(decoded.status == "OK");
	assert!(decoded.nonce == "AgrKQzIZ4uYRG/XpzRW+r6laCg0klQgTy3qDF9NXu2g=");
	assert!(decoded.salt == "3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=");
	let encoded = serde_json::to_string(&decoded).unwrap();
	assert!(encoded == "{\"Status\":\"OK\",\"Nonce\":\"AgrKQzIZ4uYRG/XpzRW+r6laCg0klQgTy3qDF9NXu2g=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}");
}

#[test]
fn test_decode_nonce_response_2() {
	let test_response = "{\n  \"Status\": \"OK\",\n  \"Nonce\": \"Vk/hOyyLvAOmGlXuwOkRVM4b7BXiiZfT59mpJrhjrLI=\",\n  \"Salt\": \"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"\n}";
	let decoded = GetNonceResponse::from_str(&test_response).unwrap();
	assert!(decoded.status == "OK");
	assert!(decoded.nonce == "Vk/hOyyLvAOmGlXuwOkRVM4b7BXiiZfT59mpJrhjrLI=");
	assert!(decoded.salt == "3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=");
	let encoded = serde_json::to_string(&decoded).unwrap();
	assert!(encoded == "{\"Status\":\"OK\",\"Nonce\":\"Vk/hOyyLvAOmGlXuwOkRVM4b7BXiiZfT59mpJrhjrLI=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}");
}

#[test]
fn test_decode_nonce_response_bytes_1() {
	let test_response = bytes::Bytes::from("{\n  \"Status\": \"OK\",\n  \"Nonce\": \"AgrKQzIZ4uYRG/XpzRW+r6laCg0klQgTy3qDF9NXu2g=\",\n  \"Salt\": \"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"\n}");
	let decoded = GetNonceResponse::from_bytes(&test_response).unwrap();
	assert!(decoded.status == "OK");
	assert!(decoded.nonce == "AgrKQzIZ4uYRG/XpzRW+r6laCg0klQgTy3qDF9NXu2g=");
	assert!(decoded.salt == "3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=");
	let encoded = serde_json::to_string(&decoded).unwrap();
	assert!(encoded == "{\"Status\":\"OK\",\"Nonce\":\"AgrKQzIZ4uYRG/XpzRW+r6laCg0klQgTy3qDF9NXu2g=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}");
}

#[test]
fn test_decode_nonce_response_bytes_2() {
	let test_response = bytes::Bytes::from("{\n  \"Status\": \"OK\",\n  \"Nonce\": \"Vk/hOyyLvAOmGlXuwOkRVM4b7BXiiZfT59mpJrhjrLI=\",\n  \"Salt\": \"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"\n}");
	let decoded = GetNonceResponse::from_bytes(&test_response).unwrap();
	assert!(decoded.status == "OK");
	assert!(decoded.nonce == "Vk/hOyyLvAOmGlXuwOkRVM4b7BXiiZfT59mpJrhjrLI=");
	assert!(decoded.salt == "3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=");
	let encoded = serde_json::to_string(&decoded).unwrap();
	assert!(encoded == "{\"Status\":\"OK\",\"Nonce\":\"Vk/hOyyLvAOmGlXuwOkRVM4b7BXiiZfT59mpJrhjrLI=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}");
}

#[test]
fn test_decode_auth_data() {
	let json = "{\"Status\":\"OK\",\"Nonce\":\"xvOgo8tEsgxZbRVlxHh2UIj3Qw8e3VlfRWT5pHfSg7c=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}";
	let decoded = GetNonceResponse::from_str(&json).unwrap();
	assert!(decoded.nonce == "xvOgo8tEsgxZbRVlxHh2UIj3Qw8e3VlfRWT5pHfSg7c=");
	assert!(decoded.salt == "3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=");
	let auth = AuthData::try_from(decoded).unwrap();
	assert!(auth.nonce == base64::decode("xvOgo8tEsgxZbRVlxHh2UIj3Qw8e3VlfRWT5pHfSg7c=").unwrap()[..]);
	assert!(auth.salt == base64::decode("3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=").unwrap()[..]);
	assert!(auth.nonce_b64 == "xvOgo8tEsgxZbRVlxHh2UIj3Qw8e3VlfRWT5pHfSg7c=");
}

#[test]
fn test_decode_auth_data_bytes() {
	let json = bytes::Bytes::from("{\"Status\":\"OK\",\"Nonce\":\"bFuaJ6MKyy0QcGecMGr+wZ4XQ/WZIUEAEaSHFdEl48A=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}");
	let decoded = GetNonceResponse::from_bytes(&json).unwrap();
	assert!(decoded.nonce == "bFuaJ6MKyy0QcGecMGr+wZ4XQ/WZIUEAEaSHFdEl48A=");
	assert!(decoded.salt == "3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=");
	let auth = AuthData::try_from(decoded).unwrap();
	assert!(auth.nonce == base64::decode("bFuaJ6MKyy0QcGecMGr+wZ4XQ/WZIUEAEaSHFdEl48A=").unwrap()[..]);
	assert!(auth.salt == base64::decode("3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=").unwrap()[..]);
	assert!(auth.nonce_b64 == "bFuaJ6MKyy0QcGecMGr+wZ4XQ/WZIUEAEaSHFdEl48A=");
}

#[test]
fn test_password_obfuscation() {
	let json = bytes::Bytes::from("{\"Status\":\"OK\",\"Nonce\":\"bFuaJ6MKyy0QcGecMGr+wZ4XQ/WZIUEAEaSHFdEl48A=\",\"Salt\":\"3rD0gmervDRPGokexuJVeOg359B3JQ3AebC13+C7Q7w=\"}");
	let decoded = GetNonceResponse::from_bytes(&json).unwrap();
	let auth = AuthData::try_from(decoded).unwrap();
	let request = auth.obfuscate_password("sjJ6200Pl^i*");
}