Skip to main content

FileAuthBackend

rusmes_auth::file

Struct FileAuthBackend 

Source 
pub struct FileAuthBackend { /* private fields */ }
Expand description

File-based authentication backend supporting bcrypt and argon2id password hashing.

New password writes use whichever algorithm was selected via FileAuthBackend::with_algorithm (default: bcrypt). Existing hashes are auto-detected by their PHC prefix and verified with the correct algorithm, so a deployment can migrate at any time without invalidating existing users.

Also supports storing and fetching RFC 5802 SCRAM-SHA-256 credential bundles via an extended tab-separated format that is fully backwards-compatible with the original two-column username:hash format.

Implementations§

Source§

impl FileAuthBackend

Source

pub async fn new(file_path: impl AsRef<Path>) -> Result<Self>

Create a new file-based authentication backend using the default algorithm (HashAlgorithm::Bcrypt, for backwards compatibility).

If the file does not exist it is created (along with any missing parent directories). An existing file is loaded into memory immediately.

Source

pub async fn with_algorithm( file_path: impl AsRef<Path>, algorithm: HashAlgorithm, ) -> Result<Self>

Create a new file-based authentication backend with an explicit password-hashing algorithm for new writes.

Use this constructor when the operator’s [auth.file.hash_algorithm] config selects argon2id. Existing bcrypt hashes in the file remain fully functional — they verify using bcrypt regardless of this setting.

Source

pub fn algorithm(&self) -> HashAlgorithm

Returns the algorithm used for new password writes.

Source

pub async fn set_scram_credentials( &self, user: &str, credentials: ScramCredentials, ) -> Result<()>

Persist RFC 5802 SCRAM-SHA-256 credentials for user.

If the user already has a SCRAM credential bundle it is replaced. The bcrypt password hash is preserved unchanged. Returns an error if the user does not exist.

This method is intentionally on FileAuthBackend directly (not on the AuthBackend trait) because it is part of the migration/admin tooling surface, not the per-request hot path.

Trait Implementations§

Source§

impl AuthBackend for FileAuthBackend

Source§

fn fetch_scram_credentials<'life0, 'life1, 'async_trait>( &'life0 self, user: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Option<ScramCredentials>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Fetch the RFC 5802 SCRAM-SHA-256 credential bundle for user.

Returns Ok(None) if no SCRAM columns are stored (old-format entry or user was never enrolled in SCRAM).

Source§

fn authenticate<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, username: &'life1 Username, password: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Authenticate a user with username and password
Source§

fn verify_identity<'life0, 'life1, 'async_trait>( &'life0 self, username: &'life1 Username, ) -> Pin<Box<dyn Future<Output = Result<bool>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Verify if a username maps to a valid identity
Source§

fn list_users<'life0, 'async_trait>( &'life0 self, ) -> Pin<Box<dyn Future<Output = Result<Vec<Username>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait,

List all users (for admin CLI)
Source§

fn create_user<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, username: &'life1 Username, password: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Create a new user with the given password
Source§

fn delete_user<'life0, 'life1, 'async_trait>( &'life0 self, username: &'life1 Username, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Delete a user
Source§

fn change_password<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, username: &'life1 Username, new_password: &'life2 str, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Change a user’s password
Source§

fn get_scram_params<'life0, 'life1, 'async_trait>( &'life0 self, username: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<(Vec<u8>, u32)>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Get SCRAM-SHA-256 parameters (salt, iteration count) for a user Read more
Source§

fn get_scram_stored_key<'life0, 'life1, 'async_trait>( &'life0 self, username: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Vec<u8>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Get SCRAM-SHA-256 StoredKey for a user Read more
Source§

fn get_scram_server_key<'life0, 'life1, 'async_trait>( &'life0 self, username: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Vec<u8>>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Get SCRAM-SHA-256 ServerKey for a user Read more
Source§

fn store_scram_credentials<'life0, 'life1, 'async_trait>( &'life0 self, username: &'life1 Username, salt: Vec<u8>, iterations: u32, stored_key: Vec<u8>, server_key: Vec<u8>, ) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Store SCRAM-SHA-256 credentials for a user Read more
Source§

fn get_apop_secret<'life0, 'life1, 'async_trait>( &'life0 self, _username: &'life1 Username, ) -> Pin<Box<dyn Future<Output = Result<String>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Get plaintext password for APOP authentication Read more
Source§

fn verify_bearer_token<'life0, 'life1, 'async_trait>( &'life0 self, token: &'life1 str, ) -> Pin<Box<dyn Future<Output = Result<Username>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Verify a Bearer token and return the authenticated username. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more