diff --git a/src/token_management.rs b/src/token_management.rs
index 7de70edf78d6d1373af8a0aac64c1c7c8cca5842..5ea82a01026585a24712d56e1247db89b93da81b 100644
--- a/src/token_management.rs
+++ b/src/token_management.rs
@@ -16,18 +16,22 @@ fn text_encrypt(plaintext: &str) -> String {
encrypt(*CIPHER, &*KEY, Some(iv), plaintext.as_bytes()).expect("encryption failed");
return base64::encode(encrypted_vec.as_slice());
}
-fn text_decrypt(ciphertext: &str) -> String {
+fn text_decrypt(ciphertext: &str) -> Option<String> {
let iv: &[u8; 16] = &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
- let decrypted_vec = decrypt(
- *CIPHER,
- &*KEY,
- Some(iv),
- &base64::decode(ciphertext).expect("Unable to decode"),
- )
- .expect("decryption failed");
- return str::from_utf8(decrypted_vec.as_slice())
- .expect("Invalid utf8 sequence")
- .to_owned();
+ if let Ok(cipher_vec) = base64::decode(ciphertext) {
+ if let Ok(decrypted_vec) = decrypt(*CIPHER, &*KEY, Some(iv), &cipher_vec) {
+ if let Ok(decrypted_token) = str::from_utf8(decrypted_vec.as_slice()) {
+ return Some(decrypted_token.to_owned());
+ } else {
+ warn!("Invalid utf8 in text");
+ }
+ } else {
+ warn!("Text decryption failed");
+ }
+ } else {
+ warn!("Unable to decode base64 text");
+ }
+ return None;
}
pub fn generate_token<'a>(discord_user: &User, username: &str) -> String {
@@ -47,6 +51,7 @@ pub fn generate_token<'a>(discord_user: &User, username: &str) -> String {
pub enum TokenError {
DiscordIdMismatch,
TokenExpired,
+ TokenInvalid,
}
impl std::fmt::Display for TokenError {
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
@@ -55,31 +60,34 @@ impl std::fmt::Display for TokenError {
}
pub fn parse_token(discord_user: &User, encrypted_token: &str) -> Result<String, TokenError> {
- let token = text_decrypt(encrypted_token);
- let token_components: Vec<_> = token.splitn(3, ',').collect();
- info!(
- "Verification attempt from '{}'(uid: {}) for account '{}' with token from {}",
- discord_user.name, token_components[1], token_components[2], token_components[0]
- );
- let token_timestamp =
- DateTime::parse_from_rfc3339(token_components[0]).expect("Invalid date format");
- let token_discord_user = token_components[1];
- let token_username = token_components[2];
- if token_discord_user != discord_user.id.0.to_string() {
- warn!("... attempt failed : DiscordID mismatch");
- return Err(TokenError::DiscordIdMismatch);
- }
- let time_delta_seconds = Utc::now().timestamp() - token_timestamp.timestamp();
- if time_delta_seconds > 5 * 60 {
- warn!(
- "... attempt failed : token expired ({} seconds old)",
+ if let Some(token) = text_decrypt(encrypted_token) {
+ let token_components: Vec<_> = token.splitn(3, ',').collect();
+ info!(
+ "Verification attempt from '{}'(uid: {}) for account '{}' with token from {}",
+ discord_user.name, token_components[1], token_components[2], token_components[0]
+ );
+ let token_timestamp =
+ DateTime::parse_from_rfc3339(token_components[0]).expect("Invalid date format");
+ let token_discord_user = token_components[1];
+ let token_username = token_components[2];
+ if token_discord_user != discord_user.id.0.to_string() {
+ warn!("... attempt failed : DiscordID mismatch");
+ return Err(TokenError::DiscordIdMismatch);
+ }
+ let time_delta_seconds = Utc::now().timestamp() - token_timestamp.timestamp();
+ if time_delta_seconds > 5 * 60 {
+ warn!(
+ "... attempt failed : token expired ({} seconds old)",
+ time_delta_seconds
+ );
+ return Err(TokenError::TokenExpired);
+ }
+ info!(
+ "... verification successful (token {} seconds old)",
time_delta_seconds
);
- return Err(TokenError::TokenExpired);
+ return Ok(token_username.to_owned());
+ } else {
+ return Err(TokenError::TokenInvalid);
}
- info!(
- "... verification successful (token {} seconds old)",
- time_delta_seconds
- );
- return Ok(token_username.to_owned());
}