totp: generate backup code, attempt to use backup code when checking totp, delete backup after successful use

crates/users/src/database.rs

@@ -5,7 +5,7 @@ use database::sqlx::SqliteExecutor;
 use database::Error as DatabaseError;
 use database::Users as DatabaseUsers;
 use email_address::EmailAddress;
-use hash::{PaperKey, Password};
+use hash::{PaperKey, Password, Secret};
 use id::UserID;
 use std::str::FromStr;
 
@@ -244,8 +244,10 @@ impl User {
     pub async fn set_totp_backup(
         &self,
         conn: impl SqliteExecutor<'_>,
-        backup: Option<&str>,
+        backup: Option<&Secret>,
     ) -> Result<(), Error> {
+        let backup = backup.map(|backup| backup.hash());
+
         DatabaseUsers::set_totp_backup(conn, self.id.as_ref(), backup).await?;
 
         Ok(())