diff options
Diffstat (limited to '')
| -rw-r--r-- | src/args.rs | 9 | ||||
| -rw-r--r-- | src/auth.rs | 8 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/args.rs b/src/args.rs index 8f15ea4..97b391f 100644 --- a/src/args.rs +++ b/src/args.rs @@ -38,7 +38,8 @@ struct CLIArgs { )] interfaces: Vec<IpAddr>, - /// Set authentication (username:password, username:sha256:hash, or username:sha512:hash) + /// Set authentication. Currently supported formats: + /// username:password, username:sha256:hash, username:sha512:hash #[structopt(short = "a", long = "auth", parse(try_from_str = "parse_auth"))] auth: Option<auth::RequiredAuth>, @@ -88,6 +89,7 @@ fn parse_auth(src: &str) -> Result<auth::RequiredAuth, ContextualError> { None => return invalid_auth_format, }; + // second_part is either password in username:password or method in username:method:hash let second_part = match split.next() { // This allows empty passwords, as the spec does not forbid it Some(password) => password, @@ -169,6 +171,7 @@ mod tests { use super::*; use rstest::rstest_parametrize; + /// Helper function that creates a `RequiredAuth` structure fn create_required_auth(username: &str, password: &str, encrypt: &str) -> auth::RequiredAuth { use auth::*; use RequiredAuthPassword::*; @@ -211,6 +214,10 @@ mod tests { "username:sha256:invalid", "Invalid format for password hash. Expected hex code" ), + case( + "username:sha512:invalid", + "Invalid format for password hash. Expected hex code" + ), )] fn parse_auth_invalid(auth_string: &str, err_msg: &str) { let err = parse_auth(auth_string).unwrap_err(); diff --git a/src/auth.rs b/src/auth.rs index 432f6ce..e75f498 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -15,6 +15,7 @@ pub struct BasicAuthParams { } #[derive(Clone, Debug, PartialEq)] +/// `password` field of `RequiredAuth` pub enum RequiredAuthPassword { Plain(String), Sha256(Vec<u8>), @@ -22,7 +23,7 @@ pub enum RequiredAuthPassword { } #[derive(Clone, Debug, PartialEq)] -/// Authentication structure to match BasicAuthParams against +/// Authentication structure to match `BasicAuthParams` against pub struct RequiredAuth { pub username: String, pub password: RequiredAuthPassword, @@ -54,6 +55,7 @@ pub fn parse_basic_auth( }) } +/// Verify authentication pub fn match_auth(basic_auth: BasicAuthParams, required_auth: &RequiredAuth) -> bool { if basic_auth.username != required_auth.username { return false; @@ -72,10 +74,12 @@ pub fn match_auth(basic_auth: BasicAuthParams, required_auth: &RequiredAuth) -> } } +/// Return `true` if hashing of `password` by `T` algorithm equals to `hash` pub fn compare_hash<T: Digest>(password: String, hash: &Vec<u8>) -> bool { get_hash::<T>(password) == *hash } +/// Get hash of a `text` pub fn get_hash<T: Digest>(text: String) -> Vec<u8> { let mut hasher = T::new(); hasher.input(text); @@ -124,6 +128,7 @@ mod tests { use super::*; use rstest::rstest_parametrize; + /// Return a hashing function corresponds to given name fn get_hash_func(name: &str) -> impl FnOnce(String) -> Vec<u8> { match name { "sha256" => get_hash::<Sha256>, @@ -144,6 +149,7 @@ mod tests { assert_eq!(received, expected); } + /// Helper function that creates a `RequiredAuth` structure and encrypt `password` if necessary fn create_required_auth(username: &str, password: &str, encrypt: &str) -> RequiredAuth { use RequiredAuthPassword::*; |