add pw digest to user

src/auth.rs

@@ -56,14 +56,17 @@ impl AuthnBackend for AuthStore {
     ) -> Result<Option<Self::User>, Self::Error> {
         let username = creds.username.trim();
         let password = creds.password.trim();
-        let user = User::try_get(username, self).await.map_err(|_| AuthError)?;
 
+        let user = User::try_get(username, self).await.map_err(|_| AuthError)?;
         let verifier = Argon2::default();
         let hash = PasswordHash::new(&user.pwhash).map_err(|_| AuthError)?;
-        match verifier.verify_password(password.as_bytes(), &hash) {
+        Ok(
-            Ok(_) => Ok(Some(user)),
+            if verifier.verify_password(password.as_bytes(), &hash).is_ok() {
-            _ => Ok(None),
+                Some(user)
-        }
+            } else {
+                None
+            },
+        )
     }
 
     async fn get_user(&self, user_id: &UserId<Self>) -> Result<Option<Self::User>, Self::Error> {

src/users.rs

@@ -22,6 +22,8 @@ pub struct User {
     pub email: Option<String>,
     pub last_seen: Option<i64>,
     pub pwhash: String,
+    #[sqlx(default)]
+    pub digest: String,
 }
 
 impl Debug for User {
@@ -32,6 +34,7 @@ impl Debug for User {
             .field("displayname", &self.displayname)
             .field("email", &self.email)
             .field("last_seen", &self.last_seen)
+            .field("digest", &self.digest)
             .finish()
     }
 }
@@ -50,11 +53,13 @@ impl Display for User {
 }
 
 impl User {
-    pub async fn try_get(username: &str, db: &SqlitePool) -> Result<Self, impl std::error::Error> {
+    pub async fn try_get(username: &str, db: &SqlitePool) -> Result<Self, sqlx::Error> {
-        sqlx::query_as(USERNAME_QUERY)
+        let mut user: Self = sqlx::query_as(USERNAME_QUERY)
             .bind(username)
             .fetch_one(db)
-            .await
+            .await?;
+        user.digest = sha256::digest(&user.pwhash);
+        Ok(user)
     }
 
     pub async fn update_last_seen(&self, pool: &SqlitePool) {