set_master_pass now asks for the master password twice

2023-08-07 13:22:47 +03:00
parent 1cc486bdc5
commit 857f268f1d
5 changed files with 128 additions and 42 deletions
--- a/src/commands/set_master_pass.rs
+++ b/src/commands/set_master_pass.rs
@ -1,24 +1,67 @@
 use crate::{change_state, prelude::*};
+use cryptography::hashing::HashedBytes;
+use sea_orm::ActiveValue::Set;
 use tokio::task::spawn_blocking;

-/// Actually sets the master password
-async fn get_master_pass(
+async fn get_master_pass2(
    bot: Throttle<Bot>,
    msg: Message,
    db: DatabaseConnection,
    dialogue: MainDialogue,
    mut ids: MessageIds,
+    hash: HashedBytes<[u8; 64], [u8; 64]>,
    master_pass: String,
 ) -> crate::Result<()> {
    dialogue.exit().await?;
+    let user_id = Set(msg.from().ok_or(NoUserInfo)?.id.0);

-    let user_id = msg.from().ok_or(NoUserInfo)?.id.0;
-    let model =
-        spawn_blocking(move || master_pass::ActiveModel::from_unencrypted(user_id, &master_pass))
-            .await?;
+    if !hash.verify(master_pass.as_bytes()) {
+        ids.alter_message(
+            &bot,
+            "The passwords didn't match. Use the command again",
+            deletion_markup(),
+            None,
+        )
+        .await?;
+
+        return Ok(());
+    }
+
+    let model = master_pass::ActiveModel {
+        user_id,
+        password_hash: Set(hash.hash.to_vec()),
+        salt: Set(hash.salt.to_vec()),
+    };
    model.insert(&db).await?;
+
    ids.alter_message(&bot, "Success", deletion_markup(), None)
        .await?;
+
+    Ok(())
+}
+
+/// Actually sets the master password
+#[inline]
+async fn get_master_pass(
+    bot: Throttle<Bot>,
+    _: Message,
+    _: DatabaseConnection,
+    dialogue: MainDialogue,
+    mut ids: MessageIds,
+    master_pass: String,
+) -> crate::Result<()> {
+    let hash = spawn_blocking(move || HashedBytes::new(master_pass.as_bytes())).await?;
+
+    ids.alter_message(&bot, "Send it again", None, None).await?;
+
+    change_state!(
+        dialogue,
+        ids,
+        (hash),
+        State::GetNewMasterPass,
+        get_master_pass2
+    );
+
    Ok(())
 }

--- a/src/state/get_master_pass.rs
+++ b/src/state/get_master_pass.rs
@ -1,4 +1,5 @@
 use crate::prelude::*;
+use cryptography::hashing::HashedBytes;
 use log::error;
 use tokio::task::spawn_blocking;

@ -14,8 +15,9 @@ async fn check_master_pass(

    let is_valid = match model {
        Some(model) => {
+            let hash: HashedBytes<_, _> = model.into();
            let master_pass = master_pass.to_owned();
-            spawn_blocking(move || model.verify(&master_pass)).await?
+            spawn_blocking(move || hash.verify(master_pass.as_bytes())).await?
        }
        None => {
            error!("User was put into the GetMasterPass state with no master password set");