rage · Maijjay · Jul 9, 2025 · Jul 9, 2025 · Jul 10, 2025 · Jul 11, 2025
diff --git a/services/headless-lms/Cargo.lock b/services/headless-lms/Cargo.lock
diff --git a/services/headless-lms/migrations/20250709091252_add_user_passwords.down.sql b/services/headless-lms/migrations/20250709091252_add_user_passwords.down.sql
@@ -0,0 +1 @@
+DROP TABLE user_passwords;
diff --git a/services/headless-lms/migrations/20250709091252_add_user_passwords.up.sql b/services/headless-lms/migrations/20250709091252_add_user_passwords.up.sql
@@ -0,0 +1,17 @@
+CREATE TABLE user_passwords (
+  user_id UUID PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE,
+  password_hash TEXT NOT NULL,
+  created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+  updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+  deleted_at TIMESTAMP WITH TIME ZONE
+);
+CREATE TRIGGER set_timestamp BEFORE
+UPDATE ON user_passwords FOR EACH ROW EXECUTE PROCEDURE trigger_set_timestamp();
+
+COMMENT ON TABLE user_passwords IS 'This table is used to keep a record of the users password';
+COMMENT ON COLUMN user_passwords.user_id IS 'References the unique identifier of the user.';
+COMMENT ON COLUMN user_passwords.password_hash IS 'Hashed password of the user';
+;
+COMMENT ON COLUMN user_passwords.created_at IS 'Timestamp of when the record was created.';
+COMMENT ON COLUMN user_passwords.updated_at IS 'Timestamp when the record was last updated. The field is updated automatically by the set_timestamp trigger.';
+COMMENT ON COLUMN user_passwords.deleted_at IS 'Timestamp when the record was deleted. If null, the record is not deleted.';
diff --git a/.../models/.sqlx/query-352f3f2d38b17b63a7620cc7b4c8b657264fe751852d72b38262fa0421093abb.json b/.../models/.sqlx/query-352f3f2d38b17b63a7620cc7b4c8b657264fe751852d72b38262fa0421093abb.json
diff --git a/.../models/.sqlx/query-625f56ca4ce2b855c400327266a8791c8284a8f95614784034bad5d8e7a8bed1.json b/.../models/.sqlx/query-625f56ca4ce2b855c400327266a8791c8284a8f95614784034bad5d8e7a8bed1.json
diff --git a/.../models/.sqlx/query-886fbc61200b42e9508cbe49f225a97c49e4521dc7ba8189418e313effc13eb0.json b/.../models/.sqlx/query-886fbc61200b42e9508cbe49f225a97c49e4521dc7ba8189418e313effc13eb0.json
diff --git a/services/headless-lms/models/Cargo.toml b/services/headless-lms/models/Cargo.toml
@@ -56,6 +56,10 @@ lettre = "0.11.17"
 rand = "0.9.1"
 # Flexible concrete Error type built on std::error::Error
 anyhow = "1.0.98"
+# Secret value wrapper to avoid leaking secrets in logs and memory
+secrecy = "0.10.3"
+# Password hashing using Argon2id
+argon2 = "0.5.3"
 
 [dev-dependencies]
 # Overwrite `assert_eq!` and `assert_ne!` with drop-in replacements, adding colorful diffs.

diff --git a/services/headless-lms/models/src/lib.rs b/services/headless-lms/models/src/lib.rs
@@ -92,6 +92,7 @@ pub mod user_details;
 pub mod user_exercise_slide_states;
 pub mod user_exercise_states;
 pub mod user_exercise_task_states;
+pub mod user_passwords;
 pub mod user_research_consents;
 pub mod users;
 

diff --git a/services/headless-lms/models/src/user_passwords.rs b/services/headless-lms/models/src/user_passwords.rs
@@ -0,0 +1,96 @@
+use crate::prelude::*;
+use argon2::password_hash::{SaltString, rand_core::OsRng};
+use argon2::{Argon2, PasswordHash, PasswordHasher, PasswordVerifier};
+use secrecy::{ExposeSecret, SecretString};
+
+pub struct UserPassword {
+    pub user_id: Uuid,
+    pub password_hash: SecretString,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+    pub deleted_at: Option<DateTime<Utc>>,
+}
+
+pub async fn upsert_user_password(
+    conn: &mut PgConnection,
+    user_id: Uuid,
+    password_hash: SecretString,
+) -> ModelResult<bool> {
+    let result = sqlx::query!(
+        r#"
+INSERT INTO user_passwords (user_id, password_hash, created_at, updated_at)
+VALUES ($1, $2, NOW(), NOW()) ON CONFLICT (user_id) DO
+UPDATE
+SET password_hash = EXCLUDED.password_hash,
+  updated_at = NOW()
+        "#,
+        user_id,
+        password_hash.expose_secret()
+    )
+    .execute(conn)
+    .await?;
+
+    Ok(result.rows_affected() > 0)
+}
+
+pub fn hash_password(
+    password: &SecretString,
+) -> Result<SecretString, argon2::password_hash::Error> {
+    let salt = SaltString::generate(&mut OsRng);
+    let argon2 = Argon2::default();
+
+    let password_hash = argon2.hash_password(password.expose_secret().as_bytes(), &salt)?;
+    Ok(SecretString::new(password_hash.to_string().into()))
+}
+
+pub async fn verify_user_password(
+    conn: &mut PgConnection,
+    user_id: Uuid,
+    password: &SecretString,
+) -> ModelResult<bool> {
+    let user_password = match sqlx::query!(
+        r#"
+SELECT password_hash
+FROM user_passwords
+WHERE user_id = $1
+  AND deleted_at IS NULL
+        "#,
+        user_id
+    )
+    .fetch_optional(conn)
+    .await?
+    {
+        Some(p) => p,
+        None => return Ok(false),
+    };
+
+    let parsed_hash = match PasswordHash::new(&user_password.password_hash) {
+        Ok(hash) => hash,
+        Err(_) => return Ok(false),
+    };
+
+    let is_valid = Argon2::default()
+        .verify_password(password.expose_secret().as_bytes(), &parsed_hash)
+        .is_ok();
+
+    Ok(is_valid)
+}
+
+pub async fn check_if_users_password_is_stored(
+    conn: &mut PgConnection,
+    user_id: Uuid,
+) -> ModelResult<bool> {
+    let result = sqlx::query!(
+        r#"
+SELECT *
+FROM user_passwords
+WHERE user_id = $1
+  AND deleted_at IS NULL
+        "#,
+        user_id
+    )
+    .fetch_optional(conn)
+    .await?;
+
+    Ok(result.is_some())
+}
diff --git a/services/headless-lms/server/Cargo.toml b/services/headless-lms/server/Cargo.toml
@@ -129,6 +129,10 @@ async-trait = "0.1.88"
 tokio-util = "0.7.15"
 # Asynchronous streams using async & await notation
 async-stream = "0.3.6"
+# Secret value wrapper to avoid leaking secrets in logs and memory
+secrecy = { version = "0.10.3", features = ["serde"] }
+# Password hashing using Argon2id
+argon2 = "0.5.3"
 
 [dev-dependencies]
 # Overwrite `assert_eq!` and `assert_ne!` with drop-in replacements, adding colorful diffs.