Mirrors/polaris
2
0
Fork 0
mirror of https://github.com/agersant/polaris synced 2024-12-02 17:49:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fixed a bug where using an incorrect username would cause HTTP 500 response

Browse source
This commit is contained in:
Antoine Gersant 2017-07-02 14:56:46 -07:00
parent b02a08b546
commit 1d21d0ff1e
2 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/errors.rs
View file

@ -55,7 +55,9 @@ impl From<Error> for IronError {
}
e @ Error(ErrorKind::MissingUsername, _) => IronError::new(e, Status::BadRequest),
e @ Error(ErrorKind::MissingPassword, _) => IronError::new(e, Status::BadRequest),
e @ Error(ErrorKind::IncorrectCredentials, _) => IronError::new(e, Status::BadRequest),
e @ Error(ErrorKind::IncorrectCredentials, _) => {
IronError::new(e, Status::Unauthorized)
}
e @ Error(ErrorKind::CannotServeDirectory, _) => IronError::new(e, Status::BadRequest),
e @ Error(ErrorKind::UnsupportedFileType, _) => IronError::new(e, Status::BadRequest),
e => IronError::new(e, Status::InternalServerError),

11
src/user.rs
View file

@ -1,4 +1,5 @@
use core::ops::Deref;
use diesel;
use diesel::prelude::*;
use rand;
use ring::{digest, pbkdf2};
@ -58,9 +59,13 @@ pub fn auth<T>(db: &T, username: &str, password: &str) -> Result<bool>
let connection = db.get_connection();
let connection = connection.lock().unwrap();
let connection = connection.deref();
let user: User = users
let user: QueryResult<User> = users
.select((name, password_salt, password_hash))
.filter(name.eq(username))
.get_result(connection)?;
Ok(user.verify_password(password))
.get_result(connection);
match user {
Err(diesel::result::Error::NotFound) => Ok(false),
Ok(u) => Ok(u.verify_password(password)),
Err(e) => Err(e.into()),
}
}