Improved error messagees, implemented delete ciphers, attachments and account, implemented two factor recovery.

Known missing:
 - import ciphers, create ciphers types other than login and card, update ciphers
 - clear and put device_tokens
 - Equivalent domains
 - Organizations

src/api/core/accounts.rs

@@ -144,11 +144,23 @@ fn delete_account(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(
         err!("Invalid password")
     }
 
-    // Delete all ciphers by user_uuid
-    // Delete all devices by user_uuid
-    // Delete user
+    // Delete ciphers and their attachments
+    for cipher in Cipher::find_by_user(&user.uuid, &conn) {
+        for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }
 
-    err!("Not implemented")
+        cipher.delete(&conn);
+    }
+
+    // Delete folders
+    for f in Folder::find_by_user(&user.uuid, &conn) { f.delete(&conn); }
+
+    // Delete devices
+    for d in Device::find_by_user(&user.uuid, &conn) { d.delete(&conn); }
+
+    // Delete user
+    user.delete(&conn);
+
+    Ok(())
 }
 
 #[get("/accounts/revision-date")]

src/api/core/ciphers.rs

@@ -258,11 +258,7 @@ fn delete_attachment(uuid: String, attachment_id: String, headers: Headers, conn
         err!("Cipher is not owned by user")
     }
 
-    // Delete file
-    let file = attachment.get_file_path();
-    util::delete_file(&file);
-
-    // Delete entry in cipher
+    // Delete attachment
     attachment.delete(&conn);
 
     Ok(())
@@ -274,13 +270,32 @@ fn post_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, Bad
 }
 
 #[put("/ciphers/<uuid>")]
-fn put_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { err!("Not implemented") }
+fn put_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
+    err!("Not implemented")
+}
 
 #[delete("/ciphers/<uuid>")]
-fn delete_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> { err!("Not implemented") }
+fn delete_cipher(uuid: String, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
+    let cipher = match Cipher::find_by_uuid(&uuid, &conn) {
+        Some(cipher) => cipher,
+        None => err!("Cipher doesn't exist")
+    };
+
+    if cipher.user_uuid != headers.user.uuid {
+        err!("Cipher is not owned by user")
+    }
+
+    // Delete attachments
+    for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }
+
+    // Delete cipher
+    cipher.delete(&conn);
+
+    Ok(())
+}
 
 #[post("/ciphers/delete", data = "<data>")]
-fn delete_all(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<Json, BadRequest<Json>> {
+fn delete_all(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<(), BadRequest<Json>> {
     let password_hash = data["masterPasswordHash"].as_str().unwrap();
 
     let user = headers.user;
@@ -289,7 +304,15 @@ fn delete_all(data: Json<Value>, headers: Headers, conn: DbConn) -> Result<Json,
         err!("Invalid password")
     }
 
-    // Cipher::delete_from_user(&conn);
+    // Delete ciphers and their attachments
+    for cipher in Cipher::find_by_user(&user.uuid, &conn) {
+        for a in Attachment::find_by_cipher(&cipher.uuid, &conn) { a.delete(&conn); }
 
-    err!("Not implemented")
+        cipher.delete(&conn);
+    }
+
+    // Delete folders
+    for f in Folder::find_by_user(&user.uuid, &conn) { f.delete(&conn); }
+
+    Ok(())
 }

src/api/core/mod.rs

@@ -43,6 +43,7 @@ pub fn routes() -> Vec<Route> {
 
         get_twofactor,
         get_recover,
+        recover,
         generate_authenticator,
         activate_authenticator,
         disable_authenticator,
@@ -107,8 +108,7 @@ fn post_eq_domains(data: Json<EquivDomainData>, headers: Headers, conn: DbConn)
 
     let user = headers.user;
 
-
-    //BODY. "{\"ExcludedGlobalEquivalentDomains\":[2],\"EquivalentDomains\":[[\"uoc.edu\",\"uoc.es\"]]}"
+    //BODY. "{\"ExcludedGlobalEquivalentDomains\":[2],\"EquivalentDomains\":[[\"example.org\",\"example.net\"]]}"
 
     err!("Not implemented")
 }

src/api/core/two_factor.rs

@@ -44,6 +44,39 @@ fn get_recover(data: Json<Value>, headers: Headers) -> Result<Json, BadRequest<J
     })))
 }
 
+#[post("/two-factor/recover", data = "<data>")]
+fn recover(data: Json<Value>, conn: DbConn) -> Result<Json, BadRequest<Json>> {
+    println!("{:#?}", data);
+
+    use db::models::User;
+
+    // Get the user
+    let username = data["email"].as_str().unwrap();
+    let mut user = match User::find_by_mail(username, &conn) {
+        Some(user) => user,
+        None => err!("Username or password is incorrect. Try again.")
+    };
+
+    // Check password
+    let password = data["masterPasswordHash"].as_str().unwrap();
+    if !user.check_valid_password(password) {
+        err!("Username or password is incorrect. Try again.")
+    }
+
+    // Check if recovery code is correct
+    let recovery_code = data["recoveryCode"].as_str().unwrap();
+
+    if !user.check_valid_recovery_code(recovery_code) {
+        err!("Recovery code is incorrect. Try again.")
+    }
+
+    user.totp_secret = None;
+    user.totp_recover = None;
+    user.save(&conn);
+
+    Ok(Json(json!({})))
+}
+
 #[post("/two-factor/get-authenticator", data = "<data>")]
 fn generate_authenticator(data: Json<Value>, headers: Headers) -> Result<Json, BadRequest<Json>> {
     let password_hash = data["masterPasswordHash"].as_str().unwrap();
@@ -71,8 +104,8 @@ fn activate_authenticator(data: Json<Value>, headers: Headers, conn: DbConn) ->
     if !headers.user.check_valid_password(password_hash) {
         err!("Invalid password");
     }
-    let token = data["token"].as_str(); // 123456
-    let key = data["key"].as_str().unwrap(); // YI4SKBIXG32LOA6VFKH2NI25VU3E4QML
+    let token = data["token"].as_str();
+    let key = data["key"].as_str().unwrap();
 
     // Validate key as base32 and 20 bytes length
     let decoded_key: Vec<u8> = match BASE32.decode(key.as_bytes()) {