pub trait UserOps {
// Required methods
fn user_create(
jwt: &Jwt,
password: &str,
user_create_opts: &UserCreateOpts,
timeout: Option<Duration>,
) -> impl Future<Output = Result<UserCreateResult>> + Send;
fn generate_new_device(
jwt: &Jwt,
password: &str,
device_create_options: &DeviceCreateOpts,
timeout: Option<Duration>,
) -> impl Future<Output = Result<DeviceAddResult>> + Send;
fn user_verify(
jwt: &Jwt,
timeout: Option<Duration>,
) -> impl Future<Output = Result<Option<UserResult>>> + Send;
fn user_list_devices(
&self,
) -> impl Future<Output = Result<UserDeviceListResult>> + Send;
fn user_get_public_key(
&self,
users: &[UserId],
) -> impl Future<Output = Result<HashMap<UserId, PublicKey>>> + Send;
fn user_rotate_private_key(
&self,
password: &str,
) -> impl Future<Output = Result<UserUpdatePrivateKeyResult>> + Send;
fn user_delete_device(
&self,
device_id: Option<&DeviceId>,
) -> impl Future<Output = Result<DeviceId>> + Send;
fn user_change_password(
&self,
current_password: &str,
new_password: &str,
) -> impl Future<Output = Result<UserUpdateResult>> + Send;
}
Expand description
IronOxide User Operations
§Key Terms
- Device - The only entity in the Data Control Platform that can decrypt data. A device is authorized using a user’s private key, therefore a device is tightly bound to a user.
- ID - The ID representing a user or device. It must be unique within its segment and will not be encrypted.
- Password - The string used to encrypt and escrow a user’s private key.
- Rotation - Changing a user’s private key while leaving their public key unchanged. This can be accomplished by calling user_rotate_private_key.
Required Methods§
Sourcefn user_create(
jwt: &Jwt,
password: &str,
user_create_opts: &UserCreateOpts,
timeout: Option<Duration>,
) -> impl Future<Output = Result<UserCreateResult>> + Send
fn user_create( jwt: &Jwt, password: &str, user_create_opts: &UserCreateOpts, timeout: Option<Duration>, ) -> impl Future<Output = Result<UserCreateResult>> + Send
Creates a user.
§Arguments
jwt
- Valid IronCore or Auth0 JWTpassword
- Password to use for encrypting and escrowing the user’s private keyuser_create_opts
- User creation parameters. Default values are provided with UserCreateOpts::default()timeout
- Timeout for this operation orNone
for no timeout
§Examples
let jwt = Jwt::new(jwt_str)?;
let password = "foobar";
let opts = UserCreateOpts::new(false);
let user_result = IronOxide::user_create(&jwt, password, &opts, None).await?;
Sourcefn generate_new_device(
jwt: &Jwt,
password: &str,
device_create_options: &DeviceCreateOpts,
timeout: Option<Duration>,
) -> impl Future<Output = Result<DeviceAddResult>> + Send
fn generate_new_device( jwt: &Jwt, password: &str, device_create_options: &DeviceCreateOpts, timeout: Option<Duration>, ) -> impl Future<Output = Result<DeviceAddResult>> + Send
Generates a new device for the user specified in the JWT.
This will result in a new transform key (from the user’s master private key to the new device’s public key) being generated and stored with the IronCore Service.
§Arguments
jwt
- Valid IronCore or Auth0 JWTpassword
- Password for the user specified in the JWTdevice_create_options
- Device creation parameters. Default values are provided with DeviceCreateOpts::default()timeout
- Timeout for this operation orNone
for no timeout
§Examples
let jwt = Jwt::new(jwt_str)?;
let password = "foobar";
let device_name = DeviceName::try_from("primary_device")?;
let opts = DeviceCreateOpts::new(Some(device_name));
let device_result = IronOxide::generate_new_device(&jwt, password, &opts, None).await?;
let device_id: &DeviceId = device_result.device_id();
Sourcefn user_verify(
jwt: &Jwt,
timeout: Option<Duration>,
) -> impl Future<Output = Result<Option<UserResult>>> + Send
fn user_verify( jwt: &Jwt, timeout: Option<Duration>, ) -> impl Future<Output = Result<Option<UserResult>>> + Send
Verifies the existence of a user using a JWT to identify their user record.
Returns a None
if the user could not be found.
§Arguments
jwt
- Valid IronCore or Auth0 JWTtimeout
- Timeout for this operation orNone
for no timeout
§Examples
let jwt = Jwt::new(jwt_str)?;
let verify_result = IronOxide::user_verify(&jwt, None).await?;
let user_id = verify_result.expect("User not found!").account_id();
Sourcefn user_list_devices(
&self,
) -> impl Future<Output = Result<UserDeviceListResult>> + Send
fn user_list_devices( &self, ) -> impl Future<Output = Result<UserDeviceListResult>> + Send
Lists all of the devices for the current user.
§Examples
let devices_result = sdk.user_list_devices().await?;
let devices: Vec<UserDevice> = devices_result.result().to_vec();
Sourcefn user_get_public_key(
&self,
users: &[UserId],
) -> impl Future<Output = Result<HashMap<UserId, PublicKey>>> + Send
fn user_get_public_key( &self, users: &[UserId], ) -> impl Future<Output = Result<HashMap<UserId, PublicKey>>> + Send
Gets users’ public keys given their IDs.
Allows discovery of which user IDs have keys in the IronCore system to help determine if they can be added to groups or have documents shared with them.
Only returns users whose keys were found in the IronCore system.
§Arguments
users
- List of user IDs to check
§Examples
let user1 = UserId::try_from("colt")?;
let user2 = UserId::try_from("fake_user")?;
let users = [user1, user2];
// This will only return one entry, for user "colt"
let get_result = sdk.user_get_public_key(&users).await?;
let (valid_users, invalid_users): (Vec<&UserId>, Vec<&UserId>) =
users.iter().partition(|u| get_result.contains_key(u));
Sourcefn user_rotate_private_key(
&self,
password: &str,
) -> impl Future<Output = Result<UserUpdatePrivateKeyResult>> + Send
fn user_rotate_private_key( &self, password: &str, ) -> impl Future<Output = Result<UserUpdatePrivateKeyResult>> + Send
Rotates the current user’s private key while leaving their public key the same.
There’s no black magic here! This is accomplished via multi-party computation with the IronCore webservice.
The main use case for this is a workflow that requires that users be generated prior to the user logging in for the first time. In this situation, a user’s cryptographic identity can be generated by a third party, like a server process, and then the user can take control of their keys by rotating their private key.
§Arguments
password
- Password to unlock the current user’s private key
§Examples
let password = "foobar";
let rotate_result = sdk.user_rotate_private_key(password).await?;
Sourcefn user_delete_device(
&self,
device_id: Option<&DeviceId>,
) -> impl Future<Output = Result<DeviceId>> + Send
fn user_delete_device( &self, device_id: Option<&DeviceId>, ) -> impl Future<Output = Result<DeviceId>> + Send
Deletes a device.
If deleting the currently signed-in device, the SDK will need to be re-initialized with IronOxide::initialize before further use.
Returns the ID of the deleted device.
§Arguments
device_id
- ID of the device to delete. IfNone
, deletes the current device
§Examples
// If successful, returns the same `DeviceId` it is passed.
let deleted_device: DeviceId = sdk.user_delete_device(Some(&device_id)).await?;
Sourcefn user_change_password(
&self,
current_password: &str,
new_password: &str,
) -> impl Future<Output = Result<UserUpdateResult>> + Send
fn user_change_password( &self, current_password: &str, new_password: &str, ) -> impl Future<Output = Result<UserUpdateResult>> + Send
Change the password for the user
This will result in the password that is being used to encrypt the user private key to be changed.
§Arguments
current_password
- Password to unlock the current user’s private key
new_password
- New password to lock the current user’s private key
§Examples
let password = "foobar";
let new_password = "barbaz";
let change_password_result = sdk.user_change_password(password, new_password).await?;
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.