Authenticator

websession

Struct Authenticator 

Source 
pub struct Authenticator { /* private fields */ }
Expand description

The Authenticator is the main interface to Websession. It is responsible for tracking session IDs, and the users associated with the ID, if any. It also provides pass through support to the BackingStore for user management.

Implementations§

Source§

impl Authenticator

Source

pub fn new( backing_store: Box<dyn BackingStore + Send + Sync>, expiration: Duration, policy: SessionPolicy, ) -> Authenticator

Create a new Authenticator. expiration is how long a session should live w/o activity. Activity resets the clock on a session.

Source

pub fn verify(&self, user: &str, credentials: &str) -> Result<bool, AuthError>

Verify that the provided credentials apply to the given user. Doesn’t change any signatures associated with the user.

Source

pub fn login( &self, user: &str, credentials: &str, signature: &ConnectionSignature, ) -> Result<(), AuthError>

Verify that the provided credentials apply to the given user. If they do, associate the user with the given signature. Credentials are as provided by the user; plain text in the case of passwords.

Source

pub fn logout(&self, signature: &ConnectionSignature)

Remove any association of a user to the given signature, and remove the session.

Source

pub fn get_user( &self, signature: &ConnectionSignature, ) -> Result<Option<String>, AuthError>

Get the user associated with the session, if any.

Source

pub fn encrypt_credentials(&self, plain_cred: &str) -> Result<String, AuthError>

Encrypt the credentials as expected by the backing store.

Source

pub fn update_credentials( &self, user: &str, enc_creds: &str, ) -> Result<(), AuthError>

Update the user’s credentials, e.g. password. Credentials should already be encrypted/hashed, or the user will not be able to log in (and plain text will be stored in the backing store).

Source

pub fn update_credentials_plain( &self, user: &str, plain_creds: &str, ) -> Result<(), AuthError>

Update the user’s credentials, e.g. password. Credentials should be in plain text, which will then be encrypted according to the BackingStore’s implementation.

Source

pub fn lock_user(&self, user: &str) -> Result<(), AuthError>

Disable a user’s ability to login. The password will not be changed, but all login attempts will fail.

Source

pub fn is_locked(&self, user: &str) -> Result<bool, AuthError>

Check if the user’s account is locked.

Source

pub fn unlock(&self, user: &str) -> Result<(), AuthError>

Re-enable the user’s account. The old password will remain valid.

Source

pub fn create_preencrypted( &self, user: &str, enc_creds: &str, ) -> Result<(), AuthError>

Create a new user with the given credentials. Credentials should already be encrypted/hashed, or the user will not be able to log in (and plain text will end up stored in the backing store).

Source

pub fn create_plain( &self, user: &str, plain_creds: &str, ) -> Result<(), AuthError>

Create a new user with the given credentials. Credentials should be in plain text, which will then be encrypted according to the BackingStore’s implementation.

Source

pub fn delete(&self, user: &str) -> Result<(), AuthError>

Delete the given user. Any stored credentials will be deleted too, and will need to be provided again if the user is later re-created.

Source

pub fn run( &self, signature: ConnectionSignature, ) -> Result<ConnectionSignature, AuthError>

This is the main driver. It returns a signature that contains the current value for the cookie, or an error if something went wrong. The returned signature may be different from the one provided.

Source

pub fn users(&self) -> Result<Vec<String>, AuthError>

Return a Vec of usernames.

Source

pub fn users_iter(&self) -> Result<IntoIter<String>, AuthError>

Return an iterator over users.

Source

pub fn check_user(&self, user: &str) -> Result<bool, AuthError>

Identify whether or not the user already exists in the backing store. May return an AuthError; in particular, AuthError::Locked, which means that the user exists but the account is locked. Applications shouldn’t expose the specific error without a good readon, as this could allow enumerating accounts.

Trait Implementations§

Source§

impl Debug for Authenticator

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V