Trait ironoxide::user::UserOps

source · 
pub trait UserOps {
    // Required methods
    fn user_create(
        jwt: &Jwt,
        password: &str,
        user_create_opts: &UserCreateOpts,
        timeout: Option<Duration>,
    ) -> impl Future<Output = Result<UserCreateResult>> + Send;
    fn generate_new_device(
        jwt: &Jwt,
        password: &str,
        device_create_options: &DeviceCreateOpts,
        timeout: Option<Duration>,
    ) -> impl Future<Output = Result<DeviceAddResult>> + Send;
    fn user_verify(
        jwt: &Jwt,
        timeout: Option<Duration>,
    ) -> impl Future<Output = Result<Option<UserResult>>> + Send;
    fn user_list_devices(
        &self,
    ) -> impl Future<Output = Result<UserDeviceListResult>> + Send;
    fn user_get_public_key(
        &self,
        users: &[UserId],
    ) -> impl Future<Output = Result<HashMap<UserId, PublicKey>>> + Send;
    fn user_rotate_private_key(
        &self,
        password: &str,
    ) -> impl Future<Output = Result<UserUpdatePrivateKeyResult>> + Send;
    fn user_delete_device(
        &self,
        device_id: Option<&DeviceId>,
    ) -> impl Future<Output = Result<DeviceId>> + Send;
    fn user_change_password(
        &self,
        current_password: &str,
        new_password: &str,
    ) -> impl Future<Output = Result<UserUpdateResult>> + Send;
}
Expand description

IronOxide User Operations

§Key Terms

  • Device - The only entity in the Data Control Platform that can decrypt data. A device is authorized using a user’s private key, therefore a device is tightly bound to a user.
  • ID - The ID representing a user or device. It must be unique within its segment and will not be encrypted.
  • Password - The string used to encrypt and escrow a user’s private key.
  • Rotation - Changing a user’s private key while leaving their public key unchanged. This can be accomplished by calling user_rotate_private_key.

Required Methods§

source

fn user_create( jwt: &Jwt, password: &str, user_create_opts: &UserCreateOpts, timeout: Option<Duration>, ) -> impl Future<Output = Result<UserCreateResult>> + Send

Creates a user.

§Arguments
  • jwt - Valid IronCore or Auth0 JWT
  • password - Password to use for encrypting and escrowing the user’s private key
  • user_create_opts - User creation parameters. Default values are provided with UserCreateOpts::default()
  • timeout - Timeout for this operation or None for no timeout
§Examples
let jwt = Jwt::new(jwt_str)?;
let password = "foobar";
let opts = UserCreateOpts::new(false);
let user_result = IronOxide::user_create(&jwt, password, &opts, None).await?;
source

fn generate_new_device( jwt: &Jwt, password: &str, device_create_options: &DeviceCreateOpts, timeout: Option<Duration>, ) -> impl Future<Output = Result<DeviceAddResult>> + Send

Generates a new device for the user specified in the JWT.

This will result in a new transform key (from the user’s master private key to the new device’s public key) being generated and stored with the IronCore Service.

§Arguments
  • jwt - Valid IronCore or Auth0 JWT
  • password - Password for the user specified in the JWT
  • device_create_options - Device creation parameters. Default values are provided with DeviceCreateOpts::default()
  • timeout - Timeout for this operation or None for no timeout
§Examples
let jwt = Jwt::new(jwt_str)?;
let password = "foobar";
let device_name = DeviceName::try_from("primary_device")?;
let opts = DeviceCreateOpts::new(Some(device_name));
let device_result = IronOxide::generate_new_device(&jwt, password, &opts, None).await?;
let device_id: &DeviceId = device_result.device_id();
source

fn user_verify( jwt: &Jwt, timeout: Option<Duration>, ) -> impl Future<Output = Result<Option<UserResult>>> + Send

Verifies the existence of a user using a JWT to identify their user record.

Returns a None if the user could not be found.

§Arguments
  • jwt - Valid IronCore or Auth0 JWT
  • timeout - Timeout for this operation or None for no timeout
§Examples
let jwt = Jwt::new(jwt_str)?;
let verify_result = IronOxide::user_verify(&jwt, None).await?;
let user_id = verify_result.expect("User not found!").account_id();
source

fn user_list_devices( &self, ) -> impl Future<Output = Result<UserDeviceListResult>> + Send

Lists all of the devices for the current user.

§Examples
let devices_result = sdk.user_list_devices().await?;
let devices: Vec<UserDevice> = devices_result.result().to_vec();
source

fn user_get_public_key( &self, users: &[UserId], ) -> impl Future<Output = Result<HashMap<UserId, PublicKey>>> + Send

Gets users’ public keys given their IDs.

Allows discovery of which user IDs have keys in the IronCore system to help determine if they can be added to groups or have documents shared with them.

Only returns users whose keys were found in the IronCore system.

§Arguments
  • users - List of user IDs to check
§Examples
let user1 = UserId::try_from("colt")?;
let user2 = UserId::try_from("fake_user")?;
let users = [user1, user2];
// This will only return one entry, for user "colt"
let get_result = sdk.user_get_public_key(&users).await?;
let (valid_users, invalid_users): (Vec<&UserId>, Vec<&UserId>) =
    users.iter().partition(|u| get_result.contains_key(u));
source

fn user_rotate_private_key( &self, password: &str, ) -> impl Future<Output = Result<UserUpdatePrivateKeyResult>> + Send

Rotates the current user’s private key while leaving their public key the same.

There’s no black magic here! This is accomplished via multi-party computation with the IronCore webservice.

The main use case for this is a workflow that requires that users be generated prior to the user logging in for the first time. In this situation, a user’s cryptographic identity can be generated by a third party, like a server process, and then the user can take control of their keys by rotating their private key.

§Arguments

password - Password to unlock the current user’s private key

§Examples
let password = "foobar";
let rotate_result = sdk.user_rotate_private_key(password).await?;
source

fn user_delete_device( &self, device_id: Option<&DeviceId>, ) -> impl Future<Output = Result<DeviceId>> + Send

Deletes a device.

If deleting the currently signed-in device, the SDK will need to be re-initialized with IronOxide::initialize before further use.

Returns the ID of the deleted device.

§Arguments
  • device_id - ID of the device to delete. If None, deletes the current device
§Examples
// If successful, returns the same `DeviceId` it is passed.
let deleted_device: DeviceId = sdk.user_delete_device(Some(&device_id)).await?;
source

fn user_change_password( &self, current_password: &str, new_password: &str, ) -> impl Future<Output = Result<UserUpdateResult>> + Send

Change the password for the user

This will result in the password that is being used to encrypt the user private key to be changed.

§Arguments

current_password - Password to unlock the current user’s private key new_password - New password to lock the current user’s private key

§Examples
let password = "foobar";
let new_password = "barbaz";
let change_password_result = sdk.user_change_password(password, new_password).await?;

Object Safety§

This trait is not object safe.

Implementors§