vaultwarden/src/api/core/accounts.rs

use rocket::Route;
use rocket::response::status::BadRequest;

use rocket_contrib::{Json, Value};

use db::DbConn;
use db::models::*;
use util;

use auth::Headers;

use CONFIG;

#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct RegisterData {
    email: String,
    key: String,
    keys: Option<KeysData>,
    masterPasswordHash: String,
    masterPasswordHint: Option<String>,
    name: Option<String>,
}

#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct KeysData {
    encryptedPrivateKey: String,
    publicKey: String,
}

#[post("/accounts/register", data = "<data>")]
fn register(data: Json<RegisterData>, conn: DbConn) -> Result<(), BadRequest<Json>> {
    if !CONFIG.signups_allowed {
        err!(format!("Signups not allowed"))
    }
    println!("DEBUG - {:#?}", data);

    if let Some(_) = User::find_by_mail(&data.email, &conn) {
        err!("Email already exists")
    }

    let mut user = User::new(data.email.clone(),
                             data.key.clone(),
                             data.masterPasswordHash.clone());

    // Add extra fields if present
    if let Some(name) = data.name.clone() {
        user.name = name;
    }

    if let Some(hint) = data.masterPasswordHint.clone() {
        user.password_hint = Some(hint);
    }

    if let Some(ref keys) = data.keys {
        user.private_key = Some(keys.encryptedPrivateKey.clone());
        user.public_key = Some(keys.publicKey.clone());
    }

    user.save(&conn);

    Ok(())
}

#[get("/accounts/profile")]
fn profile(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
    Ok(Json(headers.user.to_json()))
}

#[post("/accounts/keys", data = "<data>")]
fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
    let mut user = headers.user;

    user.private_key = Some(data.encryptedPrivateKey.clone());
    user.public_key = Some(data.publicKey.clone());

    user.save(&conn);

    Ok(Json(user.to_json()))
}

#[post("/accounts/password", data = "<data>")]
fn post_password(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
    let key = data["key"].as_str().unwrap();
    let password_hash = data["masterPasswordHash"].as_str().unwrap();
    let new_password_hash = data["newMasterPasswordHash"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    user.set_password(new_password_hash);
    user.key = key.to_string();
    user.save(&conn);

    Ok(())
}

#[post("/accounts/security-stamp", data = "<data>")]
fn post_sstamp(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
    let password_hash = data["masterPasswordHash"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    user.reset_security_stamp();
    user.save(&conn);

    Ok(())
}

#[post("/accounts/email-token", data = "<data>")]
fn post_email(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
    let password_hash = data["masterPasswordHash"].as_str().unwrap();
    let new_email = data["newEmail"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    if User::find_by_mail(new_email, &conn).is_some() {
        err!("Email already in use");
    }

    user.email = new_email.to_string();
    user.save(&conn);

    Ok(())
}

#[post("/accounts/delete", data = "<data>")]
fn delete_account(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
    let password_hash = data["masterPasswordHash"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    // Delete all ciphers by user_uuid
    // Delete all devices by user_uuid
    // Delete user

    err!("Not implemented")
}

#[get("/accounts/revision-date")]
fn revision_date(headers: Headers, conn: DbConn) -> Result<String, BadRequest<Json>> {
    let revision_date = headers.user.updated_at.timestamp();
    Ok(revision_date.to_string())
}
First working version 2018-02-10 01:00:55 +01:00			`use rocket::Route;`
			`use rocket::response::status::BadRequest;`

			`use rocket_contrib::{Json, Value};`

			`use db::DbConn;`
			`use db::models::*;`
			`use util;`

			`use auth::Headers;`

			`use CONFIG;`

			`#[derive(Deserialize, Debug)]`
			`#[allow(non_snake_case)]`
			`struct RegisterData {`
			`email: String,`
			`key: String,`
			`keys: Option<KeysData>,`
			`masterPasswordHash: String,`
			`masterPasswordHint: Option<String>,`
			`name: Option<String>,`
			`}`

			`#[derive(Deserialize, Debug)]`
			`#[allow(non_snake_case)]`
			`struct KeysData {`
			`encryptedPrivateKey: String,`
			`publicKey: String,`
			`}`

			`#[post("/accounts/register", data = "<data>")]`
			`fn register(data: Json<RegisterData>, conn: DbConn) -> Result<(), BadRequest<Json>> {`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`if !CONFIG.signups_allowed {`
First working version 2018-02-10 01:00:55 +01:00			`err!(format!("Signups not allowed"))`
			`}`
			`println!("DEBUG - {:#?}", data);`

			`if let Some(_) = User::find_by_mail(&data.email, &conn) {`
			`err!("Email already exists")`
			`}`

			`let mut user = User::new(data.email.clone(),`
			`data.key.clone(),`
			`data.masterPasswordHash.clone());`

			`// Add extra fields if present`
			`if let Some(name) = data.name.clone() {`
			`user.name = name;`
			`}`

			`if let Some(hint) = data.masterPasswordHint.clone() {`
			`user.password_hint = Some(hint);`
			`}`

			`if let Some(ref keys) = data.keys {`
			`user.private_key = Some(keys.encryptedPrivateKey.clone());`
			`user.public_key = Some(keys.publicKey.clone());`
			`}`

			`user.save(&conn);`

			`Ok(())`
			`}`

			`#[get("/accounts/profile")]`
			`fn profile(headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {`
			`Ok(Json(headers.user.to_json()))`
			`}`

			`#[post("/accounts/keys", data = "<data>")]`
			`fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {`
			`let mut user = headers.user;`

			`user.private_key = Some(data.encryptedPrivateKey.clone());`
			`user.public_key = Some(data.publicKey.clone());`

			`user.save(&conn);`

			`Ok(Json(user.to_json()))`
			`}`

			`#[post("/accounts/password", data = "<data>")]`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`fn post_password(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {`
First working version 2018-02-10 01:00:55 +01:00			`let key = data["key"].as_str().unwrap();`
			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`
			`let new_password_hash = data["newMasterPasswordHash"].as_str().unwrap();`

			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

			`user.set_password(new_password_hash);`
			`user.key = key.to_string();`
			`user.save(&conn);`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[post("/accounts/security-stamp", data = "<data>")]`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`fn post_sstamp(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {`
First working version 2018-02-10 01:00:55 +01:00			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`

			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

			`user.reset_security_stamp();`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`user.save(&conn);`
First working version 2018-02-10 01:00:55 +01:00
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[post("/accounts/email-token", data = "<data>")]`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`fn post_email(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {`
First working version 2018-02-10 01:00:55 +01:00			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`let new_email = data["newEmail"].as_str().unwrap();`
First working version 2018-02-10 01:00:55 +01:00
			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`if User::find_by_mail(new_email, &conn).is_some() {`
			`err!("Email already in use");`
			`}`

			`user.email = new_email.to_string();`
			`user.save(&conn);`

			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[post("/accounts/delete", data = "<data>")]`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`fn delete_account(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {`
First working version 2018-02-10 01:00:55 +01:00			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`

			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`// Delete all ciphers by user_uuid`
			`// Delete all devices by user_uuid`
			`// Delete user`

First working version 2018-02-10 01:00:55 +01:00			`err!("Not implemented")`
			`}`

			`#[get("/accounts/revision-date")]`
			`fn revision_date(headers: Headers, conn: DbConn) -> Result<String, BadRequest<Json>> {`
			`let revision_date = headers.user.updated_at.timestamp();`
			`Ok(revision_date.to_string())`
			`}`