Modify User::new to be keyless and paswordless

6 years ago · c1cd4d9a6b
3 changed files with 8 additions and 12 deletions
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@ -38,8 +38,6 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
                    user_org.status = UserOrgStatus::Accepted as i32;
                    user_org.save(&conn);
                };
                user.set_password(&data.MasterPasswordHash);
                user.key = data.Key;
                user
            } else {
                if CONFIG.signups_allowed {
@ -51,13 +49,16 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
        },
        None => {
            if CONFIG.signups_allowed || Invitation::take(&data.Email, &conn) {
-                User::new(data.Email, data.Key, data.MasterPasswordHash)
+                User::new(data.Email)
            } else {
                err!("Registration not allowed")
            }
        }
    };
    user.set_password(&data.MasterPasswordHash);
    user.key = data.Key;
    // Add extra fields if present
    if let Some(name) = data.Name {
        user.name = name;
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@ -380,7 +380,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
                let mut invitation = Invitation::new(email.clone());
                match invitation.save(&conn) {
                    Ok(()) => {
-                        let mut user = User::new_invited(email.clone());
+                        let mut user = User::new(email.clone());
                        if user.save(&conn) {
                            user_org_status = UserOrgStatus::Invited as i32;
                            user
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@ -39,13 +39,12 @@ pub struct User {
 /// Local methods
 impl User {
-    pub fn new(mail: String, key: String, password: String) -> Self {
+    pub fn new(mail: String) -> Self {
        let now = Utc::now().naive_utc();
        let email = mail.to_lowercase();
        let iterations = CONFIG.password_iterations;
        let salt = crypto::get_random_64();
        let password_hash = crypto::hash_password(password.as_bytes(), &salt, iterations as u32);
        Self {
            uuid: Uuid::new_v4().to_string(),
@ -53,9 +52,9 @@ impl User {
            updated_at: now,
            name: email.clone(),
            email,
-            key,
+            key: String::new(),
-            password_hash,
+            password_hash: Vec::new(),
            salt,
            password_iterations: iterations,
@ -73,10 +72,6 @@ impl User {
        }
    }
    pub fn new_invited(mail: String) -> Self {
        Self::new(mail,"".to_string(),"".to_string())
    }
    pub fn check_valid_password(&self, password: &str) -> bool {
        crypto::verify_password_hash(password.as_bytes(),
                                     &self.salt,