Unverified Commit a585cd91 authored by tec's avatar tec

More gracefully handle invalid tokens

parent 59b0f9e5
...@@ -16,18 +16,22 @@ fn text_encrypt(plaintext: &str) -> String { ...@@ -16,18 +16,22 @@ fn text_encrypt(plaintext: &str) -> String {
encrypt(*CIPHER, &*KEY, Some(iv), plaintext.as_bytes()).expect("encryption failed"); encrypt(*CIPHER, &*KEY, Some(iv), plaintext.as_bytes()).expect("encryption failed");
return base64::encode(encrypted_vec.as_slice()); return base64::encode(encrypted_vec.as_slice());
} }
fn text_decrypt(ciphertext: &str) -> String { fn text_decrypt(ciphertext: &str) -> Option<String> {
let iv: &[u8; 16] = &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; let iv: &[u8; 16] = &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
let decrypted_vec = decrypt( if let Ok(cipher_vec) = base64::decode(ciphertext) {
*CIPHER, if let Ok(decrypted_vec) = decrypt(*CIPHER, &*KEY, Some(iv), &cipher_vec) {
&*KEY, if let Ok(decrypted_token) = str::from_utf8(decrypted_vec.as_slice()) {
Some(iv), return Some(decrypted_token.to_owned());
&base64::decode(ciphertext).expect("Unable to decode"), } else {
) warn!("Invalid utf8 in text");
.expect("decryption failed"); }
return str::from_utf8(decrypted_vec.as_slice()) } else {
.expect("Invalid utf8 sequence") warn!("Text decryption failed");
.to_owned(); }
} else {
warn!("Unable to decode base64 text");
}
return None;
} }
pub fn generate_token<'a>(discord_user: &User, username: &str) -> String { pub fn generate_token<'a>(discord_user: &User, username: &str) -> String {
...@@ -47,6 +51,7 @@ pub fn generate_token<'a>(discord_user: &User, username: &str) -> String { ...@@ -47,6 +51,7 @@ pub fn generate_token<'a>(discord_user: &User, username: &str) -> String {
pub enum TokenError { pub enum TokenError {
DiscordIdMismatch, DiscordIdMismatch,
TokenExpired, TokenExpired,
TokenInvalid,
} }
impl std::fmt::Display for TokenError { impl std::fmt::Display for TokenError {
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
...@@ -55,7 +60,7 @@ impl std::fmt::Display for TokenError { ...@@ -55,7 +60,7 @@ impl std::fmt::Display for TokenError {
} }
pub fn parse_token(discord_user: &User, encrypted_token: &str) -> Result<String, TokenError> { pub fn parse_token(discord_user: &User, encrypted_token: &str) -> Result<String, TokenError> {
let token = text_decrypt(encrypted_token); if let Some(token) = text_decrypt(encrypted_token) {
let token_components: Vec<_> = token.splitn(3, ',').collect(); let token_components: Vec<_> = token.splitn(3, ',').collect();
info!( info!(
"Verification attempt from '{}'(uid: {}) for account '{}' with token from {}", "Verification attempt from '{}'(uid: {}) for account '{}' with token from {}",
...@@ -82,4 +87,7 @@ pub fn parse_token(discord_user: &User, encrypted_token: &str) -> Result<String, ...@@ -82,4 +87,7 @@ pub fn parse_token(discord_user: &User, encrypted_token: &str) -> Result<String,
time_delta_seconds time_delta_seconds
); );
return Ok(token_username.to_owned()); return Ok(token_username.to_owned());
} else {
return Err(TokenError::TokenInvalid);
}
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment