vaultwarden/src/db/models/device.rs

use chrono::{NaiveDateTime, Utc};

use super::User;

#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]
#[table_name = "devices"]
#[belongs_to(User, foreign_key = "user_uuid")]
#[primary_key(uuid)]
pub struct Device {
    pub uuid: String,
    pub created_at: NaiveDateTime,
    pub updated_at: NaiveDateTime,

    pub user_uuid: String,

    pub name: String,
    /// https://github.com/bitwarden/core/tree/master/src/Core/Enums
    pub atype: i32,
    pub push_token: Option<String>,

    pub refresh_token: String,

    pub twofactor_remember: Option<String>,
}

/// Local methods
impl Device {
    pub fn new(uuid: String, user_uuid: String, name: String, atype: i32) -> Self {
        let now = Utc::now().naive_utc();

        Self {
            uuid,
            created_at: now,
            updated_at: now,

            user_uuid,
            name,
            atype,

            push_token: None,
            refresh_token: String::new(),
            twofactor_remember: None,
        }
    }

    pub fn refresh_twofactor_remember(&mut self) -> String {
        use crate::crypto;
        use data_encoding::BASE64;

        let twofactor_remember = BASE64.encode(&crypto::get_random(vec![0u8; 180]));
        self.twofactor_remember = Some(twofactor_remember.clone());

        twofactor_remember
    }

    pub fn delete_twofactor_remember(&mut self) {
        self.twofactor_remember = None;
    }

    pub fn refresh_tokens(&mut self, user: &super::User, orgs: Vec<super::UserOrganization>) -> (String, i64) {
        // If there is no refresh token, we create one
        if self.refresh_token.is_empty() {
            use crate::crypto;
            use data_encoding::BASE64URL;

            self.refresh_token = BASE64URL.encode(&crypto::get_random_64());
        }

        // Update the expiration of the device and the last update date
        let time_now = Utc::now().naive_utc();
        self.updated_at = time_now;

        let orgowner: Vec<_> = orgs.iter().filter(|o| o.atype == 0).map(|o| o.org_uuid.clone()).collect();
        let orgadmin: Vec<_> = orgs.iter().filter(|o| o.atype == 1).map(|o| o.org_uuid.clone()).collect();
        let orguser: Vec<_> = orgs.iter().filter(|o| o.atype == 2).map(|o| o.org_uuid.clone()).collect();
        let orgmanager: Vec<_> = orgs.iter().filter(|o| o.atype == 3).map(|o| o.org_uuid.clone()).collect();


        // Create the JWT claims struct, to send to the client
        use crate::auth::{encode_jwt, LoginJWTClaims, DEFAULT_VALIDITY, JWT_LOGIN_ISSUER};
        let claims = LoginJWTClaims {
            nbf: time_now.timestamp(),
            exp: (time_now + *DEFAULT_VALIDITY).timestamp(),
            iss: JWT_LOGIN_ISSUER.to_string(),
            sub: user.uuid.to_string(),

            premium: true,
            name: user.name.to_string(),
            email: user.email.to_string(),
            email_verified: true,

            orgowner,
            orgadmin,
            orguser,
            orgmanager,

            sstamp: user.security_stamp.to_string(),
            device: self.uuid.to_string(),
            scope: vec!["api".into(), "offline_access".into()],
            amr: vec!["Application".into()],
        };

        (encode_jwt(&claims), DEFAULT_VALIDITY.num_seconds())
    }
}

use crate::db::schema::devices;
use crate::db::DbConn;
use diesel;
use diesel::prelude::*;

use crate::api::EmptyResult;
use crate::error::MapResult;

/// Database methods
impl Device {
    pub fn save(&mut self, conn: &DbConn) -> EmptyResult {
        self.updated_at = Utc::now().naive_utc();

        crate::util::retry(
            || diesel::replace_into(devices::table).values(&*self).execute(&**conn),
            10,
        )
        .map_res("Error saving device")
    }

    pub fn delete(self, conn: &DbConn) -> EmptyResult {
        diesel::delete(devices::table.filter(devices::uuid.eq(self.uuid)))
            .execute(&**conn)
            .map_res("Error removing device")
    }

    pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {
        for device in Self::find_by_user(user_uuid, &conn) {
            device.delete(&conn)?;
        }
        Ok(())
    }

    pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {
        devices::table
            .filter(devices::uuid.eq(uuid))
            .first::<Self>(&**conn)
            .ok()
    }

    pub fn find_by_refresh_token(refresh_token: &str, conn: &DbConn) -> Option<Self> {
        devices::table
            .filter(devices::refresh_token.eq(refresh_token))
            .first::<Self>(&**conn)
            .ok()
    }

    pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {
        devices::table
            .filter(devices::user_uuid.eq(user_uuid))
            .load::<Self>(&**conn)
            .expect("Error loading devices")
    }
}
Solved some warnings 2018-02-15 00:53:11 +01:00			`use chrono::{NaiveDateTime, Utc};`
First working version 2018-02-10 01:00:55 +01:00
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`use super::User;`

			`#[derive(Debug, Identifiable, Queryable, Insertable, Associations)]`
First working version 2018-02-10 01:00:55 +01:00			`#[table_name = "devices"]`
Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`#[belongs_to(User, foreign_key = "user_uuid")]`
First working version 2018-02-10 01:00:55 +01:00			`#[primary_key(uuid)]`
			`pub struct Device {`
			`pub uuid: String,`
			`pub created_at: NaiveDateTime,`
			`pub updated_at: NaiveDateTime,`

			`pub user_uuid: String,`

			`pub name: String,`
			`/// https://github.com/bitwarden/core/tree/master/src/Core/Enums`
Rework migrations for MySQL 2019-05-20 21:12:41 +02:00			`pub atype: i32,`
First working version 2018-02-10 01:00:55 +01:00			`pub push_token: Option<String>,`

			`pub refresh_token: String,`
Improved two factor auth 2018-06-01 15:08:03 +02:00
			`pub twofactor_remember: Option<String>,`
First working version 2018-02-10 01:00:55 +01:00			`}`

			`/// Local methods`
			`impl Device {`
Rework migrations for MySQL 2019-05-20 21:12:41 +02:00			`pub fn new(uuid: String, user_uuid: String, name: String, atype: i32) -> Self {`
First working version 2018-02-10 01:00:55 +01:00			`let now = Utc::now().naive_utc();`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`Self {`
First working version 2018-02-10 01:00:55 +01:00			`uuid,`
			`created_at: now,`
			`updated_at: now,`

			`user_uuid,`
			`name,`
Rework migrations for MySQL 2019-05-20 21:12:41 +02:00			`atype,`
First working version 2018-02-10 01:00:55 +01:00
			`push_token: None,`
			`refresh_token: String::new(),`
Improved two factor auth 2018-06-01 15:08:03 +02:00			`twofactor_remember: None,`
First working version 2018-02-10 01:00:55 +01:00			`}`
			`}`

Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 21:46:50 +02:00			`pub fn refresh_twofactor_remember(&mut self) -> String {`
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00			`use crate::crypto;`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`use data_encoding::BASE64;`
Improved two factor auth 2018-06-01 15:08:03 +02:00
Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device. 2018-07-12 21:46:50 +02:00			`let twofactor_remember = BASE64.encode(&crypto::get_random(vec![0u8; 180]));`
			`self.twofactor_remember = Some(twofactor_remember.clone());`

			`twofactor_remember`
Improved two factor auth 2018-06-01 15:08:03 +02:00			`}`

			`pub fn delete_twofactor_remember(&mut self) {`
			`self.twofactor_remember = None;`
			`}`

Initial organizations functionality: Creating orgs and inviting users 2018-04-24 22:01:55 +02:00			`pub fn refresh_tokens(&mut self, user: &super::User, orgs: Vec<super::UserOrganization>) -> (String, i64) {`
First working version 2018-02-10 01:00:55 +01:00			`// If there is no refresh token, we create one`
			`if self.refresh_token.is_empty() {`
Migrate to rust 2018 edition 2018-12-07 02:05:45 +01:00			`use crate::crypto;`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`use data_encoding::BASE64URL;`
First working version 2018-02-10 01:00:55 +01:00
			`self.refresh_token = BASE64URL.encode(&crypto::get_random_64());`
			`}`

			`// Update the expiration of the device and the last update date`
			`let time_now = Utc::now().naive_utc();`
			`self.updated_at = time_now;`

Rework migrations for MySQL 2019-05-20 21:12:41 +02:00			`let orgowner: Vec<_> = orgs.iter().filter(\|o\| o.atype == 0).map(\|o\| o.org_uuid.clone()).collect();`
			`let orgadmin: Vec<_> = orgs.iter().filter(\|o\| o.atype == 1).map(\|o\| o.org_uuid.clone()).collect();`
			`let orguser: Vec<_> = orgs.iter().filter(\|o\| o.atype == 2).map(\|o\| o.org_uuid.clone()).collect();`
			`let orgmanager: Vec<_> = orgs.iter().filter(\|o\| o.atype == 3).map(\|o\| o.org_uuid.clone()).collect();`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 22:01:55 +02:00

First working version 2018-02-10 01:00:55 +01:00			`// Create the JWT claims struct, to send to the client`
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:36:34 +01:00			`use crate::auth::{encode_jwt, LoginJWTClaims, DEFAULT_VALIDITY, JWT_LOGIN_ISSUER};`
			`let claims = LoginJWTClaims {`
First working version 2018-02-10 01:00:55 +01:00			`nbf: time_now.timestamp(),`
			`exp: (time_now + *DEFAULT_VALIDITY).timestamp(),`
Implement admin JWT cookie, separate JWT issuers for each type of token and migrate admin page to handlebars template 2019-01-19 21:36:34 +01:00			`iss: JWT_LOGIN_ISSUER.to_string(),`
First working version 2018-02-10 01:00:55 +01:00			`sub: user.uuid.to_string(),`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 22:01:55 +02:00
First working version 2018-02-10 01:00:55 +01:00			`premium: true,`
			`name: user.name.to_string(),`
			`email: user.email.to_string(),`
			`email_verified: true,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 22:01:55 +02:00
			`orgowner,`
			`orgadmin,`
			`orguser,`
Updated IP logging to use client_ip, to match old remote behavior. Improved error logging, now it won't show a generic error message in some situations. Removed delete device, which is not needed as it will be overwritten later. Logged more info when an error occurs saving a device. Added orgmanager to JWT claims. 2018-12-09 17:58:38 +01:00			`orgmanager,`
Initial organizations functionality: Creating orgs and inviting users 2018-04-24 22:01:55 +02:00
First working version 2018-02-10 01:00:55 +01:00			`sstamp: user.security_stamp.to_string(),`
			`device: self.uuid.to_string(),`
			`scope: vec!["api".into(), "offline_access".into()],`
			`amr: vec!["Application".into()],`
			`};`

			`(encode_jwt(&claims), DEFAULT_VALIDITY.num_seconds())`
			`}`
			`}`

Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`use crate::db::schema::devices;`
			`use crate::db::DbConn;`
First working version 2018-02-10 01:00:55 +01:00			`use diesel;`
			`use diesel::prelude::*;`

Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`use crate::api::EmptyResult;`
			`use crate::error::MapResult;`

First working version 2018-02-10 01:00:55 +01:00			`/// Database methods`
			`impl Device {`
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`pub fn save(&mut self, conn: &DbConn) -> EmptyResult {`
Updated modified date when saving and removed hardcoded attachment domain 2018-02-15 01:07:57 +01:00			`self.updated_at = Utc::now().naive_utc();`
First working version 2018-02-10 01:00:55 +01:00
Implement better retry and use it while saving device 2018-12-12 22:15:54 +01:00			`crate::util::retry(`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`\|\| diesel::replace_into(devices::table).values(&self).execute(&*conn),`
Implement better retry and use it while saving device 2018-12-12 22:15:54 +01:00			`10,`
			`)`
Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`.map_res("Error saving device")`
First working version 2018-02-10 01:00:55 +01:00			`}`

Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`pub fn delete(self, conn: &DbConn) -> EmptyResult {`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`diesel::delete(devices::table.filter(devices::uuid.eq(self.uuid)))`
			`.execute(&**conn)`
			`.map_res("Error removing device")`
Implement poor man's admin panel 2018-10-12 16:20:10 +02:00			`}`

Implemented proper error handling, now we can do `user.save($conn)?;` and it works. In the future, maybe we can do the same with the `find_by_id` methods that return an Option. 2018-12-19 21:52:53 +01:00			`pub fn delete_all_by_user(user_uuid: &str, conn: &DbConn) -> EmptyResult {`
Implement poor man's admin panel 2018-10-12 16:20:10 +02:00			`for device in Self::find_by_user(user_uuid, &conn) {`
			`device.delete(&conn)?;`
First working version 2018-02-10 01:00:55 +01:00			`}`
Implement poor man's admin panel 2018-10-12 16:20:10 +02:00			`Ok(())`
First working version 2018-02-10 01:00:55 +01:00			`}`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`pub fn find_by_uuid(uuid: &str, conn: &DbConn) -> Option<Self> {`
First working version 2018-02-10 01:00:55 +01:00			`devices::table`
			`.filter(devices::uuid.eq(uuid))`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`.first::<Self>(&**conn)`
			`.ok()`
First working version 2018-02-10 01:00:55 +01:00			`}`

Upload and download attachments, and added License file 2018-02-15 00:40:34 +01:00			`pub fn find_by_refresh_token(refresh_token: &str, conn: &DbConn) -> Option<Self> {`
First working version 2018-02-10 01:00:55 +01:00			`devices::table`
			`.filter(devices::refresh_token.eq(refresh_token))`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`.first::<Self>(&**conn)`
			`.ok()`
First working version 2018-02-10 01:00:55 +01:00			`}`
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 19:05:57 +01:00
			`pub fn find_by_user(user_uuid: &str, conn: &DbConn) -> Vec<Self> {`
			`devices::table`
			`.filter(devices::user_uuid.eq(user_uuid))`
Start using rustfmt and some style changes to make some lines shorter 2018-12-30 23:34:31 +01:00			`.load::<Self>(&**conn)`
			`.expect("Error loading devices")`
Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery. Known missing: - import ciphers, create ciphers types other than login and card, update ciphers - clear and put device_tokens - Equivalent domains - Organizations 2018-02-15 19:05:57 +01:00			`}`
First working version 2018-02-10 01:00:55 +01:00			`}`