pub struct Credential { /* private fields */ }
Expand description
This is how we store credentials in the server. An account can have many credentials, and a credential can have many factors. Only successful auth to a credential as a whole unit will succeed. For example: A: Credential { password: aaa } B: Credential { password: bbb, otp: … } In this case, if we selected credential B, and then provided password “aaa” we would deny the auth as the password of B was incorrect. Additionally, while A only needs the “password”, B requires both the password and otp to be valid.
In this way, each Credential provides its own password requirements and policy, and requires some metadata to support this such as it’s source and strength etc.
Implementations§
source§impl Credential
impl Credential
sourcepub fn new_password_only(
policy: &CryptoPolicy,
cleartext: &str,
) -> Result<Self, OperationError>
pub fn new_password_only( policy: &CryptoPolicy, cleartext: &str, ) -> Result<Self, OperationError>
Create a new credential that contains a CredentialType::Password
sourcepub fn new_generatedpassword_only(
policy: &CryptoPolicy,
cleartext: &str,
) -> Result<Self, OperationError>
pub fn new_generatedpassword_only( policy: &CryptoPolicy, cleartext: &str, ) -> Result<Self, OperationError>
Create a new credential that contains a CredentialType::GeneratedPassword
sourcepub fn set_password(
&self,
policy: &CryptoPolicy,
cleartext: &str,
) -> Result<Self, OperationError>
pub fn set_password( &self, policy: &CryptoPolicy, cleartext: &str, ) -> Result<Self, OperationError>
Update the state of the Password on this credential, if a password is present. If possible this will convert the credential to a PasswordMFA in some cases, or fail in others.
pub fn upgrade_password( &self, policy: &CryptoPolicy, cleartext: &str, ) -> Result<Option<Self>, OperationError>
sourcepub fn append_securitykey(
&self,
label: String,
cred: SecurityKey,
) -> Result<Self, OperationError>
pub fn append_securitykey( &self, label: String, cred: SecurityKey, ) -> Result<Self, OperationError>
Extend this credential with another alternate webauthn credential. This is especially
useful for PasswordMfa
where you can have many webauthn credentials and a password
generally so that one is a backup.
sourcepub fn remove_securitykey(&self, label: &str) -> Result<Self, OperationError>
pub fn remove_securitykey(&self, label: &str) -> Result<Self, OperationError>
Remove a webauthn token identified by label
from this Credential.
sourcepub fn update_webauthn_properties(
&self,
auth_result: &AuthenticationResult,
) -> Result<Option<Self>, OperationError>
pub fn update_webauthn_properties( &self, auth_result: &AuthenticationResult, ) -> Result<Option<Self>, OperationError>
After a successful authentication with Webauthn, we need to advance the credentials counter value to prevent certain classes of replay attacks.
sourcepub fn securitykey_ref(
&self,
) -> Result<&Map<String, SecurityKey>, OperationError>
pub fn securitykey_ref( &self, ) -> Result<&Map<String, SecurityKey>, OperationError>
Get a reference to the contained webuthn credentials, if any.
pub fn passkey_ref(&self) -> Result<&Map<String, Passkey>, OperationError>
sourcepub fn password_ref(&self) -> Result<&Password, OperationError>
pub fn password_ref(&self) -> Result<&Password, OperationError>
Get a reference to the contained password, if any.
pub fn is_mfa(&self) -> bool
sourcepub fn to_db_valuev1(&self) -> DbCred
pub fn to_db_valuev1(&self) -> DbCred
Extract this credential into it’s Serialisable Database form, ready for persistence.
Trait Implementations§
source§impl Clone for Credential
impl Clone for Credential
source§fn clone(&self) -> Credential
fn clone(&self) -> Credential
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for Credential
impl Debug for Credential
source§impl From<&Credential> for CredentialDetail
impl From<&Credential> for CredentialDetail
source§fn from(value: &Credential) -> Self
fn from(value: &Credential) -> Self
source§impl PartialEq for Credential
impl PartialEq for Credential
impl StructuralPartialEq for Credential
Auto Trait Implementations§
impl Freeze for Credential
impl RefUnwindSafe for Credential
impl Send for Credential
impl Sync for Credential
impl Unpin for Credential
impl UnwindSafe for Credential
Blanket Implementations§
§impl<'a, T> AsTaggedExplicit<'a> for Twhere
T: 'a,
impl<'a, T> AsTaggedExplicit<'a> for Twhere
T: 'a,
§impl<'a, T> AsTaggedImplicit<'a> for Twhere
T: 'a,
impl<'a, T> AsTaggedImplicit<'a> for Twhere
T: 'a,
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)§impl<T> FutureExt for T
impl<T> FutureExt for T
§fn with_context(self, otel_cx: Context) -> WithContext<Self>
fn with_context(self, otel_cx: Context) -> WithContext<Self>
§fn with_current_context(self) -> WithContext<Self>
fn with_current_context(self) -> WithContext<Self>
§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T
in a tonic::Request