vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 5609103a97f44c7dc4aa7269d80f2df30d50e276
parent 6d460b44b0484f7c191a807d8608f958cd1a7a23
Author: vpl <vpl@vpl.me>
Date:   Tue,  6 Aug 2019 22:37:23 +0200

Use ring to generate email token

Diffstat:

MCargo.lock | 1-


MCargo.toml | 3---


Msrc/api/core/two_factor/email.rs | 24++++++++++++++++--------


3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
@@ -118,7 +118,6 @@ dependencies = [
  "oath 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "percent-encoding 2.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "quoted_printable 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
- "rand 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "regex 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "reqwest 0.9.19 (registry+https://github.com/rust-lang/crates.io-index)",
  "ring 0.14.6 (registry+https://github.com/rust-lang/crates.io-index)",
diff --git a/Cargo.toml b/Cargo.toml
@@ -108,9 +108,6 @@ regex = "1.2.0"
 # URL encoding library
 percent-encoding = "2.0.0"
 
-# Random
-rand = "0.7.0"
-
 [patch.crates-io]
 # Add support for Timestamp type
 rmp = { git = 'https://github.com/dani-garcia/msgpack-rust' }
diff --git a/src/api/core/two_factor/email.rs b/src/api/core/two_factor/email.rs
@@ -10,12 +10,14 @@ use crate::db::{
 };
 use crate::error::Error;
 use crate::mail;
+use crate::crypto;
+
 use chrono::{Duration, NaiveDateTime, Utc};
-use rand::Rng;
 use std::char;
 use std::ops::Add;
 
 const MAX_TIME_DIFFERENCE: i64 = 600;
+const TOKEN_LEN: usize = 6;
 
 pub fn routes() -> Vec<Route> {
     routes![
@@ -97,13 +99,12 @@ struct SendEmailData {
 }
 
 fn generate_token() -> String {
-    const TOKEN_LEN: usize = 6;
-    let mut rng = rand::thread_rng();
-
-    (0..TOKEN_LEN)
-        .map(|_| {
-            let num = rng.gen_range(0, 9);
-            char::from_digit(num, 10).unwrap()
+    crypto::get_random(vec![0; TOKEN_LEN])
+        .iter()
+        .map(|byte| { (byte % 10)})
+        .map(|num| {
+            dbg!(num);
+            char::from_digit(num as u32, 10).unwrap()
         })
         .collect()
 }
@@ -291,4 +292,11 @@ mod tests {
         // If it's smaller than 3 characters it should only show asterisks.
         assert_eq!(result, "***@example.ext");
     }
+
+    #[test]
+    fn test_token() {
+        let result = generate_token();
+
+        assert_eq!(result.chars().count(), 6);
+    }
 }