From c1cd4d9a6bfd1e588852e3ec48288efcbc77c71c Mon Sep 17 00:00:00 2001
From: Miroslav Prasil <miroslav@prasil.info>
Date: Tue, 11 Sep 2018 14:25:12 +0100
Subject: [PATCH] Modify User::new to be keyless and paswordless

---
 src/api/core/accounts.rs      |  7 ++++---
 src/api/core/organizations.rs |  2 +-
 src/db/models/user.rs         | 11 +++--------
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs
index ef0e917..94fd48e 100644
--- a/src/api/core/accounts.rs
+++ b/src/api/core/accounts.rs
@@ -38,8 +38,6 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
                     user_org.status = UserOrgStatus::Accepted as i32;
                     user_org.save(&conn);
                 };
-                user.set_password(&data.MasterPasswordHash);
-                user.key = data.Key;
                 user
             } else {
                 if CONFIG.signups_allowed {
@@ -51,13 +49,16 @@ fn register(data: JsonUpcase<RegisterData>, conn: DbConn) -> EmptyResult {
         },
         None => {
             if CONFIG.signups_allowed || Invitation::take(&data.Email, &conn) {
-                User::new(data.Email, data.Key, data.MasterPasswordHash)
+                User::new(data.Email)
             } else {
                 err!("Registration not allowed")
             }
         }
     };
 
+    user.set_password(&data.MasterPasswordHash);
+    user.key = data.Key;
+
     // Add extra fields if present
     if let Some(name) = data.Name {
         user.name = name;
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs
index b8067b6..5852ea1 100644
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@@ -380,7 +380,7 @@ fn send_invite(org_id: String, data: JsonUpcase<InviteData>, headers: AdminHeade
                 let mut invitation = Invitation::new(email.clone());
                 match invitation.save(&conn) {
                     Ok(()) => {
-                        let mut user = User::new_invited(email.clone());
+                        let mut user = User::new(email.clone());
                         if user.save(&conn) {
                             user_org_status = UserOrgStatus::Invited as i32;
                             user
diff --git a/src/db/models/user.rs b/src/db/models/user.rs
index 312c274..0d958b5 100644
--- a/src/db/models/user.rs
+++ b/src/db/models/user.rs
@@ -39,13 +39,12 @@ pub struct User {
 
 /// Local methods
 impl User {
-    pub fn new(mail: String, key: String, password: String) -> Self {
+    pub fn new(mail: String) -> Self {
         let now = Utc::now().naive_utc();
         let email = mail.to_lowercase();
 
         let iterations = CONFIG.password_iterations;
         let salt = crypto::get_random_64();
-        let password_hash = crypto::hash_password(password.as_bytes(), &salt, iterations as u32);
 
         Self {
             uuid: Uuid::new_v4().to_string(),
@@ -53,9 +52,9 @@ impl User {
             updated_at: now,
             name: email.clone(),
             email,
-            key,
+            key: String::new(),
 
-            password_hash,
+            password_hash: Vec::new(),
             salt,
             password_iterations: iterations,
 
@@ -73,10 +72,6 @@ impl User {
         }
     }
 
-    pub fn new_invited(mail: String) -> Self {
-        Self::new(mail,"".to_string(),"".to_string())
-    }
-
     pub fn check_valid_password(&self, password: &str) -> bool {
         crypto::verify_password_hash(password.as_bytes(),
                                      &self.salt,