diff options
-rw-r--r-- | src/auth.rs | 62 | ||||
-rw-r--r-- | tests/device.rs | 28 |
2 files changed, 65 insertions, 25 deletions
diff --git a/src/auth.rs b/src/auth.rs index 0b000f7..5ecb393 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -10,7 +10,7 @@ use nitrokey_sys; use crate::config::{Config, RawConfig}; use crate::device::{Device, DeviceWrapper, Pro, Storage}; -use crate::error::Error; +use crate::error::{AuthenticationError, Error}; use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData}; use crate::util::{generate_password, get_command_result, get_cstring, result_from_string}; @@ -63,7 +63,10 @@ pub trait Authenticate<'a> { /// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString /// [`RngError`]: enum.CommandError.html#variant.RngError /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword - fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> + fn authenticate_user( + self, + password: &str, + ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> where Self: Device<'a> + Sized; @@ -110,7 +113,10 @@ pub trait Authenticate<'a> { /// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString /// [`RngError`]: enum.CommandError.html#variant.RngError /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword - fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> + fn authenticate_admin( + self, + password: &str, + ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> where Self: Device<'a> + Sized; } @@ -153,7 +159,11 @@ pub struct Admin<'a, T: Device<'a>> { marker: marker::PhantomData<&'a T>, } -fn authenticate<'a, D, A, T>(device: D, password: &str, callback: T) -> Result<A, (D, Error)> +fn authenticate<'a, D, A, T>( + device: D, + password: &str, + callback: T, +) -> Result<A, AuthenticationError<'a, D>> where D: Device<'a>, A: AuthenticatedDevice<D>, @@ -161,17 +171,17 @@ where { let temp_password = match generate_password(TEMPORARY_PASSWORD_LENGTH) { Ok(temp_password) => temp_password, - Err(err) => return Err((device, err)), + Err(err) => return Err(AuthenticationError::new(err, device)), }; let password = match get_cstring(password) { Ok(password) => password, - Err(err) => return Err((device, err)), + Err(err) => return Err(AuthenticationError::new(err, device)), }; let password_ptr = password.as_ptr(); let temp_password_ptr = temp_password.as_ptr() as *const c_char; match callback(password_ptr, temp_password_ptr) { 0 => Ok(A::new(device, temp_password)), - rv => Err((device, Error::from(rv))), + rv => Err(AuthenticationError::new(Error::from(rv), device)), } } @@ -179,7 +189,7 @@ fn authenticate_user_wrapper<'a, T, C>( device: T, constructor: C, password: &str, -) -> Result<User<'a, DeviceWrapper<'a>>, (DeviceWrapper<'a>, Error)> +) -> Result<User<'a, DeviceWrapper<'a>>, AuthenticationError<'a, DeviceWrapper<'a>>> where T: Device<'a> + 'a, C: Fn(T) -> DeviceWrapper<'a>, @@ -187,7 +197,7 @@ where let result = device.authenticate_user(password); match result { Ok(user) => Ok(User::new(constructor(user.device), user.temp_password)), - Err((device, err)) => Err((constructor(device), err)), + Err(err) => Err(err.map_device(constructor)), } } @@ -195,7 +205,7 @@ fn authenticate_admin_wrapper<'a, T, C>( device: T, constructor: C, password: &str, -) -> Result<Admin<'a, DeviceWrapper<'a>>, (DeviceWrapper<'a>, Error)> +) -> Result<Admin<'a, DeviceWrapper<'a>>, AuthenticationError<'a, DeviceWrapper<'a>>> where T: Device<'a> + 'a, C: Fn(T) -> DeviceWrapper<'a>, @@ -203,7 +213,7 @@ where let result = device.authenticate_admin(password); match result { Ok(user) => Ok(Admin::new(constructor(user.device), user.temp_password)), - Err((device, err)) => Err((constructor(device), err)), + Err(err) => Err(err.map_device(constructor)), } } @@ -386,7 +396,10 @@ impl<'a, T: Device<'a>> AuthenticatedDevice<T> for Admin<'a, T> { } impl<'a> Authenticate<'a> for DeviceWrapper<'a> { - fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> { + fn authenticate_user( + self, + password: &str, + ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> { match self { DeviceWrapper::Storage(storage) => { authenticate_user_wrapper(storage, DeviceWrapper::Storage, password) @@ -395,7 +408,10 @@ impl<'a> Authenticate<'a> for DeviceWrapper<'a> { } } - fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> { + fn authenticate_admin( + self, + password: &str, + ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> { match self { DeviceWrapper::Storage(storage) => { authenticate_admin_wrapper(storage, DeviceWrapper::Storage, password) @@ -408,13 +424,19 @@ impl<'a> Authenticate<'a> for DeviceWrapper<'a> { } impl<'a> Authenticate<'a> for Pro<'a> { - fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> { + fn authenticate_user( + self, + password: &str, + ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> { authenticate(self, password, |password_ptr, temp_password_ptr| unsafe { nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr) }) } - fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> { + fn authenticate_admin( + self, + password: &str, + ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> { authenticate(self, password, |password_ptr, temp_password_ptr| unsafe { nitrokey_sys::NK_first_authenticate(password_ptr, temp_password_ptr) }) @@ -422,13 +444,19 @@ impl<'a> Authenticate<'a> for Pro<'a> { } impl<'a> Authenticate<'a> for Storage<'a> { - fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> { + fn authenticate_user( + self, + password: &str, + ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> { authenticate(self, password, |password_ptr, temp_password_ptr| unsafe { nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr) }) } - fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> { + fn authenticate_admin( + self, + password: &str, + ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> { authenticate(self, password, |password_ptr, temp_password_ptr| unsafe { nitrokey_sys::NK_first_authenticate(password_ptr, temp_password_ptr) }) diff --git a/tests/device.rs b/tests/device.rs index e367558..630dd93 100644 --- a/tests/device.rs +++ b/tests/device.rs @@ -103,7 +103,7 @@ where let result = device.authenticate_admin(&(DEFAULT_ADMIN_PIN.to_owned() + suffix)); let device = match result { Ok(admin) => admin.device(), - Err((device, _)) => device, + Err(err) => err.into_device(), }; assert_ok!(count, device.get_admin_retry_count()); return device; @@ -116,7 +116,7 @@ where let result = device.authenticate_user(&(DEFAULT_USER_PIN.to_owned() + suffix)); let device = match result { Ok(admin) => admin.device(), - Err((device, _)) => device, + Err(err) => err.into_device(), }; assert_ok!(count, device.get_user_retry_count()); return device; @@ -158,7 +158,10 @@ fn config(device: DeviceWrapper) { #[test_device] fn change_user_pin(device: DeviceWrapper) { let device = device.authenticate_user(DEFAULT_USER_PIN).unwrap().device(); - let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0; + let device = device + .authenticate_user(USER_NEW_PASSWORD) + .unwrap_err() + .into_device(); let mut device = device; assert_ok!( @@ -166,7 +169,10 @@ fn change_user_pin(device: DeviceWrapper) { device.change_user_pin(DEFAULT_USER_PIN, USER_NEW_PASSWORD) ); - let device = device.authenticate_user(DEFAULT_USER_PIN).unwrap_err().0; + let device = device + .authenticate_user(DEFAULT_USER_PIN) + .unwrap_err() + .into_device(); let device = device .authenticate_user(USER_NEW_PASSWORD) .unwrap() @@ -191,14 +197,20 @@ fn change_admin_pin(device: DeviceWrapper) { .authenticate_admin(DEFAULT_ADMIN_PIN) .unwrap() .device(); - let mut device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0; + let mut device = device + .authenticate_admin(ADMIN_NEW_PASSWORD) + .unwrap_err() + .into_device(); assert_ok!( (), device.change_admin_pin(DEFAULT_ADMIN_PIN, ADMIN_NEW_PASSWORD) ); - let device = device.authenticate_admin(DEFAULT_ADMIN_PIN).unwrap_err().0; + let device = device + .authenticate_admin(DEFAULT_ADMIN_PIN) + .unwrap_err() + .into_device(); let mut device = device .authenticate_admin(ADMIN_NEW_PASSWORD) .unwrap() @@ -229,11 +241,11 @@ where let result = device.authenticate_user(password); assert!(result.is_err()); let err = result.unwrap_err(); - match err.1 { + match *err.as_error() { Error::CommandError(err) => assert_eq!(error, err), _ => assert!(false), }; - err.0 + err.into_device() } #[test_device] |