diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/controller/login.rs | 3 | ||||
| -rw-r--r-- | src/utils/cookie.rs | 10 |
2 files changed, 8 insertions, 5 deletions
diff --git a/src/controller/login.rs b/src/controller/login.rs index d01f799..f7e0695 100644 --- a/src/controller/login.rs +++ b/src/controller/login.rs @@ -44,7 +44,8 @@ pub async fn login( { Some(hash) => match bcrypt::verify(login.password, &hash) { Ok(true) => { - let login_token = cookie::generate_token(); + // TODO: error handling + let login_token = cookie::generate_token().unwrap(); if db::users::set_login_token( &db_conn, diff --git a/src/utils/cookie.rs b/src/utils/cookie.rs index 826efa9..c621621 100644 --- a/src/utils/cookie.rs +++ b/src/utils/cookie.rs @@ -1,5 +1,5 @@ use hex; -use rand_core::{OsRng, RngCore}; +use rand_core::{OsRng, TryRngCore}; use crate::crypto::signed; use crate::model::config::Config; @@ -22,10 +22,12 @@ pub fn extract_token(config: &Config, cookie: &str) -> Result<String, String> { signed::verify(&config.auth_secret, signed_cookie) } -pub fn generate_token() -> String { +pub fn generate_token() -> Result<String, String> { let mut token = [0u8; TOKEN_BYTES]; - OsRng.fill_bytes(&mut token); - hex::encode(token) + OsRng + .try_fill_bytes(&mut token) + .map_err(|_| "Error generating random token")?; + Ok(hex::encode(token)) } fn cookie(config: &Config, token: &str, max_age_seconds: i32) -> String { |