oops forgot to actually check the token

2024-02-10 13:48:00 +01:00 · 2024-02-10 13:48:00 +01:00 · 3079bc40a7
parent 9ee43b85ef
commit 3079bc40a7
2 changed files with 18 additions and 3 deletions
--- a/src/auth.rs
+++ b/src/auth.rs
@ -69,10 +69,13 @@ impl UserAuthenticator {
    ) -> Result<(), AuthenticationError> {
        let mut db = self.db.lock().await;

-        match db.get_token(username).await? {
-            Some(_) => Ok(()),
-            None => Err(AuthenticationError::InvalidToken),
+        if let Some(user_token) = db.get_token(username).await? {
+            if token == &user_token {
+                return Ok(());
+            }
        }
+
+        Err(AuthenticationError::InvalidToken)
    }
 }

--- a/src/secrets.rs
+++ b/src/secrets.rs
@ -11,6 +11,12 @@ impl From<String> for Password {
    }
 }

+impl PartialEq for Password {
+    fn eq(&self, other: &Self) -> bool {
+        self.0.expose_secret() == other.0.expose_secret()
+    }
+}
+
 #[derive(Debug, Clone, Deserialize)]
 pub struct UserToken(pub SecretString);
 impl From<String> for UserToken {
@ -19,6 +25,12 @@ impl From<String> for UserToken {
    }
 }

+impl PartialEq for UserToken {
+    fn eq(&self, other: &Self) -> bool {
+        self.0.expose_secret() == other.0.expose_secret()
+    }
+}
+
 #[derive(Debug, Clone, Deserialize)]
 pub struct UserServerKey(pub SecretString);
 impl From<String> for UserServerKey {