From 3079bc40a780b98218576852564e11f42ea3f6be Mon Sep 17 00:00:00 2001
From: DenebTM <deneb@screee.ee>
Date: Sat, 10 Feb 2024 13:48:00 +0100
Subject: [PATCH] oops forgot to actually check the token

---
 src/auth.rs    |  9 ++++++---
 src/secrets.rs | 12 ++++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index 1a1eb51..abe994c 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -69,10 +69,13 @@ impl UserAuthenticator {
     ) -> Result<(), AuthenticationError> {
         let mut db = self.db.lock().await;
 
-        match db.get_token(username).await? {
-            Some(_) => Ok(()),
-            None => Err(AuthenticationError::InvalidToken),
+        if let Some(user_token) = db.get_token(username).await? {
+            if token == &user_token {
+                return Ok(());
+            }
         }
+
+        Err(AuthenticationError::InvalidToken)
     }
 }
 
diff --git a/src/secrets.rs b/src/secrets.rs
index 1c5aa31..f65adcd 100644
--- a/src/secrets.rs
+++ b/src/secrets.rs
@@ -11,6 +11,12 @@ impl From<String> for Password {
     }
 }
 
+impl PartialEq for Password {
+    fn eq(&self, other: &Self) -> bool {
+        self.0.expose_secret() == other.0.expose_secret()
+    }
+}
+
 #[derive(Debug, Clone, Deserialize)]
 pub struct UserToken(pub SecretString);
 impl From<String> for UserToken {
@@ -19,6 +25,12 @@ impl From<String> for UserToken {
     }
 }
 
+impl PartialEq for UserToken {
+    fn eq(&self, other: &Self) -> bool {
+        self.0.expose_secret() == other.0.expose_secret()
+    }
+}
+
 #[derive(Debug, Clone, Deserialize)]
 pub struct UserServerKey(pub SecretString);
 impl From<String> for UserServerKey {