[][src]Trait websession::backingstore::BackingStore

pub trait BackingStore: Debug {
    fn encrypt_credentials(
        &self, 
        plain: &str
    ) -> Result<String, BackingStoreError>;

    fn verify(
        &self, 
        user: &str, 
        plain_cred: &str
    ) -> Result<bool, BackingStoreError>;

    fn get_credentials(
        &self, 
        user: &str, 
        fail_if_locked: bool
    ) -> Result<String, BackingStoreError>;

    fn update_credentials(
        &self, 
        user: &str, 
        enc_cred: &str
    ) -> Result<(), BackingStoreError>;

    fn lock(&self, user: &str) -> Result<(), BackingStoreError>;

    fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>;

    fn unlock(&self, user: &str) -> Result<(), BackingStoreError>;

    fn create_preencrypted(
        &self, 
        user: &str, 
        enc_cred: &str
    ) -> Result<(), BackingStoreError>;

    fn delete(&self, user: &str) -> Result<(), BackingStoreError>;

    fn check_user(&self, user: &str) -> Result<bool, BackingStoreError>;

    fn update_credentials_plain(
        &self, 
        user: &str, 
        plain_cred: &str
    ) -> Result<(), BackingStoreError> { ... }

    fn create_plain(
        &self, 
        user: &str, 
        plain_cred: &str
    ) -> Result<(), BackingStoreError> { ... }

    fn users(&self) -> Result<Vec<String>, BackingStoreError> { ... }

    fn users_iter(&self) -> Result<IntoIter<String>, BackingStoreError> { ... }
}

The BackingStore doesn't know about user-IDs vs usernames: the consumer of websession is responsible for being able to change usernames w/o affecting user-IDs.

N.B., implementors of BackingStore provide a new that gets whatever is needed to connect to the store.

In general, the BackingStore will be accessed in a multi-threaded environment, so a Mutex or RwLock will probably be needed by implementers.

Required methods

fn encrypt_credentials(&self, plain: &str) -> Result<String, BackingStoreError>

Encrypt unencrypted credentials. For passwords, this would be a sound hashing function. For some credentials, such as public keys, additional encryption may be unneeded.

fn verify(
    &self,
    user: &str,
    plain_cred: &str
) -> Result<bool, BackingStoreError>

Verify the credentials for the user. Unencrypted passwords are expected, such as would be provided by a user logging in.

fn get_credentials(
    &self,
    user: &str,
    fail_if_locked: bool
) -> Result<String, BackingStoreError>

Get the credentials for the user. For passwords, this would be the salted hashed password.

fn update_credentials(
    &self,
    user: &str,
    enc_cred: &str
) -> Result<(), BackingStoreError>

Set new credentials for the user. Credentials must be encrypted by encrypt_credentials. If unencrypted credentials are provided, users will not be able to log in, and plain text will be stored in the backing store, creating a potential security issue.

fn lock(&self, user: &str) -> Result<(), BackingStoreError>

Lock the user to prevent logins. Locked users should never verify, but the password/credentials are not cleared and can be restored.

fn is_locked(&self, user: &str) -> Result<bool, BackingStoreError>

Check if the user is locked.

fn unlock(&self, user: &str) -> Result<(), BackingStoreError>

Unlock the user, restoring the original password/credentials.

fn create_preencrypted(
    &self,
    user: &str,
    enc_cred: &str
) -> Result<(), BackingStoreError>

Create a new user with the given credentials. Should return BackingStoreError::UserExists if the user already exists. See the comment about encrypted credentials under update_credentials.

fn delete(&self, user: &str) -> Result<(), BackingStoreError>

Delete the user, all stored credentials, and any other data.

fn check_user(&self, user: &str) -> Result<bool, BackingStoreError>

Return whether or not the user already exists in the backing store. May return a BackingStoreError, in particular, BackingStoreError::Locked, which means the user exists but the account is locked.

Loading content...

Provided methods

fn update_credentials_plain(
    &self,
    user: &str,
    plain_cred: &str
) -> Result<(), BackingStoreError>

Convenience method, calling encrypt_credentials and update_credentials. The default implementation should normally be sufficient.

fn create_plain(
    &self,
    user: &str,
    plain_cred: &str
) -> Result<(), BackingStoreError>

Convenience method calling encrypt_credentials and create_preencrypted. The default implementation should normally be sufficient.

fn users(&self) -> Result<Vec<String>, BackingStoreError>

Return a Vec of the user names. users_iter may be more appropriate when there are large numbers of users. Only one of users or users_iter needs to be implemented, as the default implementations will take care of the other. However, there may be performance reasons to implement both.

fn users_iter(&self) -> Result<IntoIter<String>, BackingStoreError>

Return an Iterator over the user names. users may be more convenient when there are small numbers of users. Only one of users or users_iter needs to be implemented, as the default implementations will take care of the other. However, there may be performance reasons to implement both.

Loading content...

Implementors

impl BackingStore for FileBackingStore[src]

fn delete(&self, user: &str) -> Result<(), BackingStoreError>[src]

Returns Ok(()) on deletion, Err(BackingStoreError::NoSuchUser) if they were already deleted, or IO or Mutex errors.

impl BackingStore for MemoryBackingStore[src]

Loading content...