From 3079bc40a780b98218576852564e11f42ea3f6be Mon Sep 17 00:00:00 2001 From: DenebTM Date: Sat, 10 Feb 2024 13:48:00 +0100 Subject: [PATCH] oops forgot to actually check the token --- src/auth.rs | 9 ++++++--- src/secrets.rs | 12 ++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 1a1eb51..abe994c 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -69,10 +69,13 @@ impl UserAuthenticator { ) -> Result<(), AuthenticationError> { let mut db = self.db.lock().await; - match db.get_token(username).await? { - Some(_) => Ok(()), - None => Err(AuthenticationError::InvalidToken), + if let Some(user_token) = db.get_token(username).await? { + if token == &user_token { + return Ok(()); + } } + + Err(AuthenticationError::InvalidToken) } } diff --git a/src/secrets.rs b/src/secrets.rs index 1c5aa31..f65adcd 100644 --- a/src/secrets.rs +++ b/src/secrets.rs @@ -11,6 +11,12 @@ impl From for Password { } } +impl PartialEq for Password { + fn eq(&self, other: &Self) -> bool { + self.0.expose_secret() == other.0.expose_secret() + } +} + #[derive(Debug, Clone, Deserialize)] pub struct UserToken(pub SecretString); impl From for UserToken { @@ -19,6 +25,12 @@ impl From for UserToken { } } +impl PartialEq for UserToken { + fn eq(&self, other: &Self) -> bool { + self.0.expose_secret() == other.0.expose_secret() + } +} + #[derive(Debug, Clone, Deserialize)] pub struct UserServerKey(pub SecretString); impl From for UserServerKey {