vaultwarden/src/api/core/accounts.rs

use rocket_contrib::{Json, Value};

use db::DbConn;
use db::models::*;

use api::{JsonResult, EmptyResult};
use auth::Headers;

use CONFIG;

#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct RegisterData {
    email: String,
    key: String,
    keys: Option<KeysData>,
    masterPasswordHash: String,
    masterPasswordHint: Option<String>,
    name: Option<String>,
}

#[derive(Deserialize, Debug)]
#[allow(non_snake_case)]
struct KeysData {
    encryptedPrivateKey: String,
    publicKey: String,
}

#[post("/accounts/register", data = "<data>")]
fn register(data: Json<RegisterData>, conn: DbConn) -> EmptyResult {
    let data: RegisterData = data.into_inner();

    if !CONFIG.signups_allowed {
        err!(format!("Signups not allowed"))
    }
    println!("DEBUG - {:#?}", data);

    if let Some(_) = User::find_by_mail(&data.email, &conn) {
        err!("Email already exists")
    }

    let mut user = User::new(data.email,
                             data.key,
                             data.masterPasswordHash);

    // Add extra fields if present
    if let Some(name) = data.name {
        user.name = name;
    }

    if let Some(hint) = data.masterPasswordHint {
        user.password_hint = Some(hint);
    }

    if let Some(keys) = data.keys {
        user.private_key = Some(keys.encryptedPrivateKey);
        user.public_key = Some(keys.publicKey);
    }

    user.save(&conn);

    Ok(())
}

#[get("/accounts/profile")]
fn profile(headers: Headers) -> JsonResult {
    Ok(Json(headers.user.to_json()))
}

#[post("/accounts/keys", data = "<data>")]
fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> JsonResult {
    let data: KeysData = data.into_inner();

    let mut user = headers.user;

    user.private_key = Some(data.encryptedPrivateKey);
    user.public_key = Some(data.publicKey);

    user.save(&conn);

    Ok(Json(user.to_json()))
}

#[post("/accounts/password", data = "<data>")]
fn post_password(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
    let key = data["key"].as_str().unwrap();
    let password_hash = data["masterPasswordHash"].as_str().unwrap();
    let new_password_hash = data["newMasterPasswordHash"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    user.set_password(new_password_hash);
    user.key = key.to_string();
    user.save(&conn);

    Ok(())
}

#[post("/accounts/security-stamp", data = "<data>")]
fn post_sstamp(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
    let password_hash = data["masterPasswordHash"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    user.reset_security_stamp();
    user.save(&conn);

    Ok(())
}

#[post("/accounts/email-token", data = "<data>")]
fn post_email(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
    let password_hash = data["masterPasswordHash"].as_str().unwrap();
    let new_email = data["newEmail"].as_str().unwrap();

    let mut user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    if User::find_by_mail(new_email, &conn).is_some() {
        err!("Email already in use");
    }

    user.email = new_email.to_string();
    user.save(&conn);

    Ok(())
}

#[post("/accounts/delete", data = "<data>")]
fn delete_account(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {
    let password_hash = data["masterPasswordHash"].as_str().unwrap();

    let user = headers.user;

    if !user.check_valid_password(password_hash) {
        err!("Invalid password")
    }

    // Delete ciphers and their attachments
    for cipher in Cipher::find_by_user(&user.uuid, &conn) {
        for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }

        cipher.delete(&conn);
    }

    // Delete folders
    for f in Folder::find_by_user(&user.uuid, &conn) { f.delete(&conn); }

    // Delete devices
    for d in Device::find_by_user(&user.uuid, &conn) { d.delete(&conn); }

    // Delete user
    user.delete(&conn);

    Ok(())
}

#[get("/accounts/revision-date")]
fn revision_date(headers: Headers) -> String {
    let revision_date = headers.user.updated_at.timestamp();
    revision_date.to_string()
}
First working version 2018-02-10 01:00:55 +01:00			`use rocket_contrib::{Json, Value};`

			`use db::DbConn;`
			`use db::models::*;`

Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`use api::{JsonResult, EmptyResult};`
First working version 2018-02-10 01:00:55 +01:00			`use auth::Headers;`

			`use CONFIG;`

			`#[derive(Deserialize, Debug)]`
			`#[allow(non_snake_case)]`
			`struct RegisterData {`
			`email: String,`
			`key: String,`
			`keys: Option<KeysData>,`
			`masterPasswordHash: String,`
			`masterPasswordHint: Option<String>,`
			`name: Option<String>,`
			`}`

			`#[derive(Deserialize, Debug)]`
			`#[allow(non_snake_case)]`
			`struct KeysData {`
			`encryptedPrivateKey: String,`
			`publicKey: String,`
			`}`

			`#[post("/accounts/register", data = "<data>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn register(data: Json<RegisterData>, conn: DbConn) -> EmptyResult {`
Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`let data: RegisterData = data.into_inner();`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`if !CONFIG.signups_allowed {`
First working version 2018-02-10 01:00:55 +01:00			`err!(format!("Signups not allowed"))`
			`}`
			`println!("DEBUG - {:#?}", data);`

			`if let Some(_) = User::find_by_mail(&data.email, &conn) {`
			`err!("Email already exists")`
			`}`

Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`let mut user = User::new(data.email,`
			`data.key,`
			`data.masterPasswordHash);`
First working version 2018-02-10 01:00:55 +01:00
			`// Add extra fields if present`
Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`if let Some(name) = data.name {`
First working version 2018-02-10 01:00:55 +01:00			`user.name = name;`
			`}`

Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`if let Some(hint) = data.masterPasswordHint {`
First working version 2018-02-10 01:00:55 +01:00			`user.password_hint = Some(hint);`
			`}`

Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`if let Some(keys) = data.keys {`
			`user.private_key = Some(keys.encryptedPrivateKey);`
			`user.public_key = Some(keys.publicKey);`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`user.save(&conn);`

			`Ok(())`
			`}`

			`#[get("/accounts/profile")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn profile(headers: Headers) -> JsonResult {`
First working version 2018-02-10 01:00:55 +01:00			`Ok(Json(headers.user.to_json()))`
			`}`

			`#[post("/accounts/keys", data = "<data>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn post_keys(data: Json<KeysData>, headers: Headers, conn: DbConn) -> JsonResult {`
Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`let data: KeysData = data.into_inner();`

First working version 2018-02-10 01:00:55 +01:00			`let mut user = headers.user;`

Removed some unnecesary clones 2018-02-17 23:38:55 +01:00			`user.private_key = Some(data.encryptedPrivateKey);`
			`user.public_key = Some(data.publicKey);`
First working version 2018-02-10 01:00:55 +01:00
			`user.save(&conn);`

			`Ok(Json(user.to_json()))`
			`}`

			`#[post("/accounts/password", data = "<data>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn post_password(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {`
First working version 2018-02-10 01:00:55 +01:00			`let key = data["key"].as_str().unwrap();`
			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`
			`let new_password_hash = data["newMasterPasswordHash"].as_str().unwrap();`

			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

			`user.set_password(new_password_hash);`
			`user.key = key.to_string();`
			`user.save(&conn);`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[post("/accounts/security-stamp", data = "<data>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn post_sstamp(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {`
First working version 2018-02-10 01:00:55 +01:00			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`

			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

			`user.reset_security_stamp();`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`user.save(&conn);`
First working version 2018-02-10 01:00:55 +01:00
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[post("/accounts/email-token", data = "<data>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn post_email(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {`
First working version 2018-02-10 01:00:55 +01:00			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`let new_email = data["newEmail"].as_str().unwrap();`
First working version 2018-02-10 01:00:55 +01:00
			`let mut user = headers.user;`

			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`if User::find_by_mail(new_email, &conn).is_some() {`
			`err!("Email already in use");`
			`}`

			`user.email = new_email.to_string();`
			`user.save(&conn);`

			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[post("/accounts/delete", data = "<data>")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn delete_account(data: Json<Value>, headers: Headers, conn: DbConn) -> EmptyResult {`
First working version 2018-02-10 01:00:55 +01:00			`let password_hash = data["masterPasswordHash"].as_str().unwrap();`

Solved some warnings 2018-02-15 00:53:11 +01:00			`let user = headers.user;`
First working version 2018-02-10 01:00:55 +01:00
			`if !user.check_valid_password(password_hash) {`
			`err!("Invalid password")`
			`}`

Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 19:05:57 +01:00			`// Delete ciphers and their attachments`
			`for cipher in Cipher::find_by_user(&user.uuid, &conn) {`
			`for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }`

			`cipher.delete(&conn);`
			`}`

			`// Delete folders`
			`for f in Folder::find_by_user(&user.uuid, &conn) { f.delete(&conn); }`

			`// Delete devices`
			`for d in Device::find_by_user(&user.uuid, &conn) { d.delete(&conn); }`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`// Delete user`
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 19:05:57 +01:00			`user.delete(&conn);`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 19:05:57 +01:00			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`#[get("/accounts/revision-date")]`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`fn revision_date(headers: Headers) -> String {`
First working version 2018-02-10 01:00:55 +01:00			`let revision_date = headers.user.updated_at.timestamp();`
Detect device type correctly and shorten return types of functions 2018-02-17 20:47:13 +01:00			`revision_date.to_string()`
First working version 2018-02-10 01:00:55 +01:00			`}`