vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 5609103a97f44c7dc4aa7269d80f2df30d50e276
parent 6d460b44b0484f7c191a807d8608f958cd1a7a23
Author: vpl <vpl@vpl.me>
Date:   Tue,  6 Aug 2019 22:37:23 +0200

Use ring to generate email token

Diffstat:
MCargo.lock | 1-
MCargo.toml | 3---
Msrc/api/core/two_factor/email.rs | 24++++++++++++++++--------
3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock @@ -118,7 +118,6 @@ dependencies = [ "oath 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)", "percent-encoding 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "quoted_printable 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", - "rand 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", "regex 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "reqwest 0.9.19 (registry+https://github.com/rust-lang/crates.io-index)", "ring 0.14.6 (registry+https://github.com/rust-lang/crates.io-index)", diff --git a/Cargo.toml b/Cargo.toml @@ -108,9 +108,6 @@ regex = "1.2.0" # URL encoding library percent-encoding = "2.0.0" -# Random -rand = "0.7.0" - [patch.crates-io] # Add support for Timestamp type rmp = { git = 'https://github.com/dani-garcia/msgpack-rust' } diff --git a/src/api/core/two_factor/email.rs b/src/api/core/two_factor/email.rs @@ -10,12 +10,14 @@ use crate::db::{ }; use crate::error::Error; use crate::mail; +use crate::crypto; + use chrono::{Duration, NaiveDateTime, Utc}; -use rand::Rng; use std::char; use std::ops::Add; const MAX_TIME_DIFFERENCE: i64 = 600; +const TOKEN_LEN: usize = 6; pub fn routes() -> Vec<Route> { routes![ @@ -97,13 +99,12 @@ struct SendEmailData { } fn generate_token() -> String { - const TOKEN_LEN: usize = 6; - let mut rng = rand::thread_rng(); - - (0..TOKEN_LEN) - .map(|_| { - let num = rng.gen_range(0, 9); - char::from_digit(num, 10).unwrap() + crypto::get_random(vec![0; TOKEN_LEN]) + .iter() + .map(|byte| { (byte % 10)}) + .map(|num| { + dbg!(num); + char::from_digit(num as u32, 10).unwrap() }) .collect() } @@ -291,4 +292,11 @@ mod tests { // If it's smaller than 3 characters it should only show asterisks. assert_eq!(result, "***@example.ext"); } + + #[test] + fn test_token() { + let result = generate_token(); + + assert_eq!(result.chars().count(), 6); + } }