vsquad/elo
3
2
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Implement login form error, more clippy fixes
All checks were successful
Build Crate / build (push) Successful in 1m47s
Details

Browse Source
This commit is contained in:
Matthew Kaminski
2024-08-28 23:45:10 -04:00
parent 9a42ed5b80
commit aca0b83dd4
4 changed files with 65 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/server/auth/forgot_password.rs
View File

@@ -25,13 +25,11 @@ pub async fn post_forgot_password(
user.forgot_password_request = Set(Some(password_request.contact_info));
let user = user.update(&state.db_conn).await;
match user {
Ok(_) => return (StatusCode::OK, Json(GenericResponse::ok())),
Err(_) => {
return (
StatusCode::BAD_REQUEST,
Json(GenericResponse::err("Database error")),
)
}
Ok(_) => (StatusCode::OK, Json(GenericResponse::ok())),
Err(_) => (
StatusCode::BAD_REQUEST,
Json(GenericResponse::err("Database error")),
),
}
}
None => (

53
src/server/auth/login.rs
View File

@@ -3,7 +3,10 @@ use crate::{
prelude::*,
user::{self},
},
models::auth::{Claims, LoginInfo, LoginResponse},
models::{
auth::{Claims, LoginInfo, LoginResponse},
generic::GenericResponse,
},
server::server_state::ServerState,
};
use argon2::{Argon2, PasswordHash, PasswordVerifier};
@@ -14,7 +17,11 @@ use axum::{
use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, Validation};
use sea_orm::{ColumnTrait, EntityTrait, QueryFilter};
pub async fn credentials_are_correct(username: &str, password: &str, state: &ServerState) -> bool {
pub async fn credentials_are_correct(
username: &str,
password: &str,
state: &ServerState,
) -> Result<(), String> {
// Get user
let existing_user: Option<user::Model> = User::find()
.filter(user::Column::Username.eq(username))
@@ -25,28 +32,35 @@ pub async fn credentials_are_correct(username: &str, password: &str, state: &Ser
Some(user) => user.password_hash_and_salt,
None => {
// @todo make dummy password hash
return false;
return Err("Username doesn't exist".to_owned());
}
};
return Argon2::default()
.verify_password(
password.as_bytes(),
&PasswordHash::new(hash_to_check.as_str()).unwrap(),
)
.is_ok();
match Argon2::default().verify_password(
password.as_bytes(),
&PasswordHash::new(hash_to_check.as_str()).unwrap(),
) {
Ok(_) => Ok(()),
Err(_) => Err("Invalid credentials".to_owned()),
}
}
pub async fn post_login_user(
State(state): State<ServerState>,
Json(login_info): Json<LoginInfo>,
) -> Result<Json<LoginResponse>, StatusCode> {
) -> (
StatusCode,
Result<Json<LoginResponse>, Json<GenericResponse>>,
) {
let user_authenticated =
credentials_are_correct(&login_info.username, &login_info.password, &state);
match user_authenticated.await {
false => Err(StatusCode::UNAUTHORIZED),
true => {
Err(why) => (
StatusCode::UNAUTHORIZED,
Err(Json(GenericResponse::err(why.as_str()))),
),
Ok(_) => {
let expires = match login_info.remember_me {
true => chrono::Utc::now() + chrono::Duration::days(365),
false => chrono::Utc::now() + chrono::Duration::days(1),
@@ -63,11 +77,15 @@ pub async fn post_login_user(
&EncodingKey::from_secret("secret".as_ref()),
) {
Ok(token) => token,
Err(_) => return Err(StatusCode::INTERNAL_SERVER_ERROR),
Err(_) => {
return (
StatusCode::INTERNAL_SERVER_ERROR,
Err(Json(GenericResponse::err("Failed to get token"))),
)
}
};
let resp = LoginResponse { token, expires };
Ok(Json(resp))
(StatusCode::OK, Ok(Json(LoginResponse { token, expires })))
}
}
}
@@ -81,13 +99,12 @@ pub async fn post_test_login(
if auth_header_str.starts_with("Bearer ") {
let token = auth_header_str.trim_start_matches("Bearer ").to_string();
// @todo change secret
match decode::<Claims>(
if let Ok(_) = decode::<Claims>(
&token,
&DecodingKey::from_secret("secret".as_ref()),
&Validation::default(),
) {
Ok(_) => return Ok(Json("Logged in".to_owned())),
Err(_) => {}
return Ok(Json("Logged in".to_owned()));
}
}
}