2021-02-13 10:52:04 +01:00
use bcrypt::{DEFAULT_COST, hash_with_result, verify};
2020-07-13 14:52:25 +02:00
2020-06-29 15:53:39 +02:00
use crate::constants::database_tables_names::{USER_ACCESS_TOKENS_TABLE, USERS_TABLE};
2021-02-05 13:29:44 +01:00
use crate::controllers::user_ws_controller;
2020-07-13 19:38:51 +02:00
use crate::data::account_export::AccountExport;
2020-05-23 19:17:48 +02:00
use crate::data::api_client::APIClient;
2021-02-13 10:52:04 +01:00
use crate::data::error::{ExecError, Res, ResultBoxError};
2020-07-14 11:36:15 +02:00
use crate::data::general_settings::GeneralSettings;
2020-07-14 13:33:17 +02:00
use crate::data::lang_settings::LangSettings;
2020-07-13 13:35:25 +02:00
use crate::data::new_account::NewAccount;
2021-02-15 19:29:43 +01:00
use crate::data::new_data_conservation_policy::NewDataConservationPolicy;
2021-04-11 13:49:22 +02:00
use crate::data::new_notifications_settings::NewNotificationsSettings;
2021-01-19 18:48:56 +01:00
use crate::data::security_settings::SecuritySettings;
2021-02-13 10:52:04 +01:00
use crate::data::user::{AccountImageVisibility, User, UserID, UserPageStatus};
2021-04-11 17:32:50 +02:00
use crate::data::user_token::{PushNotificationToken, UserAccessToken};
2021-04-21 16:41:28 +02:00
use crate::helpers::{comments_helper, conversations_helper, custom_emojies_helper, database, events_helper, forez_presence_helper, friends_helper, groups_helper, likes_helper, notifications_helper, posts_helper, push_notifications_helper, survey_helper, user_helper};
2021-02-13 16:36:39 +01:00
use crate::helpers::database::{DeleteQuery, InsertQuery, QueryInfo, RowResult, UpdateInfo};
2021-02-06 16:35:24 +01:00
use crate::helpers::events_helper::Event;
2021-01-21 19:01:10 +01:00
use crate::helpers::likes_helper::LikeType;
2021-02-13 10:52:04 +01:00
use crate::utils::crypt_utils::{legacy_crypt_pass, rand_str};
2020-07-13 13:35:25 +02:00
use crate::utils::date_utils::{mysql_date, time};
2021-01-19 18:27:56 +01:00
use crate::utils::user_data_utils::user_data_path;
2020-05-23 19:17:48 +02:00
/// Account helper
/// @author Pierre Hubert
2020-07-13 13:35:25 +02:00
/// Create a new account
pub fn create(new_account: &NewAccount) -> ResultBoxError {
2021-02-18 19:13:19 +01:00
.add_str("prenom", &new_account.first_name)
.add_str("nom", &new_account.last_name)
2020-07-13 13:35:25 +02:00
.add_str("date_creation", &mysql_date())
.add_str("mail", &new_account.email)
2021-02-13 10:52:04 +01:00
.add_str("password", &hash_password(&new_account.password)?)
2020-07-13 13:35:25 +02:00
2020-05-23 19:17:48 +02:00
/// Attempt to sign-in user
/// In this version of the api, we consider that there is only one login token required
/// This is why I returns just a simple string, the token created for the user in case of success
pub fn login_user(email: &str, password: &str, client: &APIClient) -> ResultBoxError<String> {
let user = user_helper::find_user_by_email(email)?;
2020-05-24 16:35:54 +02:00
// Validate user password
2021-02-13 10:52:04 +01:00
if !validate_password(&user, password)? {
2020-05-24 16:35:54 +02:00
return Err(ExecError::boxed_new("The user gave an invalid password!"));
2020-05-23 19:17:48 +02:00
2020-05-24 16:35:54 +02:00
// Create new login tokens
let new_token = UserAccessToken {
2021-02-13 14:37:15 +01:00
id: 0,
2020-06-25 10:08:34 +02:00
user_id: user.id.clone(),
2020-05-24 16:35:54 +02:00
client_id: client.id,
2020-05-24 17:57:47 +02:00
token: rand_str(150),
2021-02-13 14:37:15 +01:00
last_refresh: time(),
timeout: client.default_expiration_time,
2021-04-11 17:32:50 +02:00
push_notifications_token: PushNotificationToken::UNDEFINED,
2020-05-24 16:35:54 +02:00
// Save it
2021-02-13 14:37:15 +01:00
.add_u64("client_id", client.id)
.add_user_id("user_id", &new_token.user_id)
.add_str("token", &new_token.token)
.add_u64("last_refresh", new_token.last_refresh)
.add_u64("timeout", new_token.timeout)
2021-04-11 18:39:31 +02:00
.add_opt_str("push_notifications_token", new_token.push_notifications_token.to_db().as_ref())
2021-02-13 14:37:15 +01:00
2020-05-24 16:35:54 +02:00
2021-02-13 14:37:15 +01:00
/// Find a user ID based on login token
pub fn find_user_by_login_token(token: &str, client: &APIClient) -> ResultBoxError<UserAccessToken> {
.cond_u64("client_id", client.id)
.cond("token", token)
.set_custom_where("last_refresh + timeout > ?")
2021-02-13 16:36:39 +01:00
2020-05-24 19:19:07 +02:00
2020-07-13 13:00:02 +02:00
/// Check out whether an email address exists or not
pub fn exists_mail(mail: &str) -> ResultBoxError<bool> {
.cond("mail", mail)
.map(|r| r > 0)
2021-02-13 14:37:15 +01:00
/// Refresh a user access token
pub fn refresh_access_token(token: &UserAccessToken) -> Res {
.cond_u64("id", token.id)
.set_u64("last_refresh", time())
2020-05-24 19:19:07 +02:00
/// Destroy a given user login tokens
2021-02-13 14:37:15 +01:00
pub fn destroy_login_tokens(access_tokens: &UserAccessToken) -> Res {
2021-04-12 17:20:06 +02:00
// Un-register from independent push notifications service
2021-04-11 19:14:59 +02:00
// (continue to destroy token even in case of failure)
2021-04-12 17:20:06 +02:00
2021-04-11 19:14:59 +02:00
2021-02-13 14:37:15 +01:00
.cond_u64("id", access_tokens.id)
2020-05-24 19:19:07 +02:00
2021-02-06 16:35:24 +01:00
// Send an event (destroyed_login_tokens)
2021-02-13 14:37:15 +01:00
2021-02-06 16:35:24 +01:00
2020-05-24 19:19:07 +02:00
2020-06-26 08:58:00 +02:00
2021-02-13 16:36:39 +01:00
/// Clean up old access tokens
pub fn clean_up_old_access_tokens() -> Res {
let to_delete = QueryInfo::new(USER_ACCESS_TOKENS_TABLE)
.set_custom_where("last_refresh + timeout < ?")
for token in to_delete {
2021-04-12 17:20:06 +02:00
/// Get all the login tokens of a user
pub fn get_all_login_tokens(id: &UserID) -> Res<Vec<UserAccessToken>> {
.cond_user_id("user_id", id)
2020-07-13 11:56:49 +02:00
/// Destroy all login tokens of a user
pub fn destroy_all_user_tokens(id: &UserID) -> ResultBoxError {
2021-02-05 13:32:07 +01:00
2021-04-12 17:20:06 +02:00
for token in get_all_login_tokens(id)? {
2020-07-13 11:56:49 +02:00
2020-07-13 14:20:28 +02:00
/// Generate a new password reset token
pub fn generate_password_reset_token(user_id: &UserID) -> ResultBoxError<String> {
2020-07-13 14:52:25 +02:00
let token = rand_str(PASSWORD_RESET_TOKEN_LENGTH);
2020-07-13 14:20:28 +02:00
.cond_user_id("ID", user_id)
.set_str("password_reset_token", &token)
.set_u64("password_reset_token_time_create", time())
2020-07-13 15:33:18 +02:00
/// Remove password reset token for a given user
pub fn destroy_password_reset_token_for_user(user_id: &UserID) -> ResultBoxError {
.cond_user_id("ID", user_id)
.set_str("password_reset_token", "")
.set_u64("password_reset_token_time_create", 0)
2020-07-13 14:52:25 +02:00
/// Get the ID of a user based on a password reset token
pub fn get_user_id_from_password_reset_token(token: &str) -> ResultBoxError<UserID> {
.cond("password_reset_token", token)
.set_custom_where("password_reset_token_time_create > ?")
.add_custom_where_argument_u64(time() - PASSWORD_RESET_TOKEN_LIFETIME)
.query_row(|r| r.get_user_id("ID"))
2020-07-13 18:56:36 +02:00
/// Check current user's password
pub fn check_user_password(user_id: &UserID, password: &str) -> ResultBoxError<bool> {
2021-02-13 10:52:04 +01:00
let user = user_helper::find_user_by_id(user_id)?;
2020-07-13 18:56:36 +02:00
2021-02-13 10:52:04 +01:00
validate_password(&user, password)
2020-07-13 18:56:36 +02:00
2020-07-13 15:33:18 +02:00
/// Change the password of a user
2021-02-13 10:52:04 +01:00
pub fn change_password(user_id: &UserID, new_password: &str) -> ResultBoxError {
2020-07-13 15:33:18 +02:00
.cond_user_id("ID", user_id)
2021-02-13 10:52:04 +01:00
.set_str("password", &hash_password(new_password)?)
2020-07-13 15:33:18 +02:00
2020-06-26 08:58:00 +02:00
/// Check out whether a virtual directory is taken by a user or not
pub fn check_user_directory_availability(dir: &str, user_id: Option<UserID>) -> ResultBoxError<bool> {
let found_user = user_helper::find_user_by_virtual_directory(dir);
match (found_user, user_id) {
// A user was found, but we did not specify a user
(Ok(_), None) => Ok(false),
// A user was found, and we specified a user ID, we check if the IDs are the same
(Ok(user), Some(id)) => Ok(user.id == id),
// No user was found, virtual directory is considered as available
(Err(_), _) => Ok(true)
2020-06-29 15:53:39 +02:00
/// Update the last activity of a user
pub fn update_last_activity(user_id: &UserID) -> ResultBoxError {
.cond_user_id("ID", user_id)
.set_u64("last_activity", time())
2020-07-13 19:12:39 +02:00
2020-07-14 11:36:15 +02:00
/// Set new general settings of an account
pub fn set_general(settings: &GeneralSettings) -> ResultBoxError {
.cond_user_id("ID", &settings.id)
.set_str("prenom", &settings.first_name)
.set_str("nom", &settings.last_name)
.set_legacy_bool("public", settings.page_status != UserPageStatus::PRIVATE)
.set_legacy_bool("pageouverte", settings.page_status == UserPageStatus::OPEN)
.set_legacy_bool("bloquecommentaire", settings.block_comments)
.set_legacy_bool("autoriser_post_amis", settings.allow_posts_from_friends)
.set_legacy_bool("autorise_mail", settings.allow_mails)
.set_legacy_bool("liste_amis_publique", settings.friends_list_public)
2021-04-16 15:06:07 +02:00
.set_legacy_bool("is_email_public", settings.email_public)
2020-07-14 11:36:15 +02:00
.set_opt_str("sous_repertoire", settings.virtual_directory.clone())
.set_opt_str("site_web", settings.personal_website.clone())
.set_opt_str("public_note", settings.public_note.clone())
2021-04-16 15:06:07 +02:00
.set_opt_str("location", settings.location.clone())
2020-07-14 11:36:15 +02:00
2020-07-14 13:33:17 +02:00
/// Set new language settings
pub fn set_language_settings(settings: &LangSettings) -> ResultBoxError {
.cond_user_id("ID", &settings.id)
.set_str("lang", &settings.lang)
2021-01-19 17:47:48 +01:00
/// Set new security settings
pub fn set_security_settings(settings: &SecuritySettings) -> ResultBoxError {
.cond_user_id("ID", &settings.id)
.set_opt_str("question1", settings.question1.question())
.set_opt_str("reponse1", settings.question1.answer())
.set_opt_str("question2", settings.question2.question())
.set_opt_str("reponse2", settings.question2.answer())
2021-01-19 18:27:56 +01:00
/// Delete user account image
pub fn delete_account_image(user_id: &UserID) -> ResultBoxError {
let user = user_helper::find_user_by_id(user_id)?;
if !user.has_account_image() {
return Ok(());
let path = user_data_path(user.account_image_path.unwrap().as_ref());
if path.exists()
.cond_user_id("ID", user_id)
.set_str("account_image_path", "")
/// Set a new account image
pub fn set_account_image(user_id: &UserID, uri: &String) -> ResultBoxError {
// First, delete the previous account image
// Update database
.cond_user_id("ID", user_id)
.set_str("account_image_path", uri)
2021-01-19 18:48:56 +01:00
/// Set account image visibility level
pub fn set_account_image_visibility(user_id: &UserID, level: AccountImageVisibility) -> ResultBoxError {
.cond_user_id("ID", user_id)
.set_str("account_image_visibility", &level.to_db())
2021-02-15 19:29:43 +01:00
/// Set data conservation policy
pub fn set_data_conservation_policy(new_policy: NewDataConservationPolicy) -> Res {
.cond_user_id("ID", &new_policy.user_id)
.set_opt_u64_or_zero("delete_account_after", new_policy.delete_account_after)
.set_opt_u64_or_zero("delete_notifications_after", new_policy.delete_notifications_after)
.set_opt_u64_or_zero("delete_comments_after", new_policy.delete_comments_after)
.set_opt_u64_or_zero("delete_posts_after", new_policy.delete_posts_after)
.set_opt_u64_or_zero("delete_conversation_messages_after", new_policy.delete_conversation_messages_after)
.set_opt_u64_or_zero("delete_likes_after", new_policy.delete_likes_after)
2021-04-11 13:49:22 +02:00
/// Set new notifications settings
pub fn set_notifications_settings(new_settings: NewNotificationsSettings) -> Res {
.cond_user_id("ID", &new_settings.user_id)
.set_legacy_bool("allow_notif_sound", new_settings.allow_notifications_sound)
.set_legacy_bool("allow_notif_conv", new_settings.allow_conversations)
2021-04-11 19:14:59 +02:00
/// Set new push notification token
pub fn set_push_notification_token(client: &UserAccessToken, new_token: PushNotificationToken) -> Res {
2021-04-12 17:20:06 +02:00
// In case of independent push service, remove previous client
2021-04-11 19:14:59 +02:00
.cond_u64("id", client.id)
.set_opt_str("push_notifications_token", new_token.to_db())
2020-07-13 19:12:39 +02:00
/// Export an account's data
pub fn export(user_id: &UserID) -> ResultBoxError<AccountExport> {
2020-07-14 08:07:55 +02:00
let mut data = AccountExport {
2020-07-13 19:12:39 +02:00
user: user_helper::find_user_by_id(user_id)?,
posts: posts_helper::export_all_posts_user(user_id)?,
2020-07-13 19:26:19 +02:00
comments: comments_helper::export_all_user(user_id)?,
2020-07-13 19:38:51 +02:00
likes: likes_helper::export_all_user(user_id)?,
survey_responses: survey_helper::export_all_user_responses(user_id)?,
2020-07-14 07:54:40 +02:00
all_conversation_messages: conversations_helper::export_all_user_messages(user_id)?,
2020-07-14 08:07:55 +02:00
conversations: conversations_helper::get_list_user(user_id)?,
conversation_messages: Default::default(),
2020-07-14 08:30:24 +02:00
friends_list: friends_helper::GetFriendsQuery::new(user_id).exec()?,
groups: groups_helper::get_list_user(user_id, false)?,
2020-07-13 19:12:39 +02:00
2020-07-14 08:07:55 +02:00
// Process conversation messages
for conv in &data.conversations {
.insert(conv.id, conversations_helper::get_all_messages(conv.id)?);
2020-07-13 19:12:39 +02:00
2021-01-20 18:58:02 +01:00
/// Delete a user's account
2021-01-21 18:05:48 +01:00
pub fn delete(user_id: &UserID) -> ResultBoxError {
2021-02-05 13:29:44 +01:00
// Close all WebSockets of user
2021-02-18 19:35:45 +01:00
2021-01-20 18:58:02 +01:00
2021-01-21 18:05:48 +01:00
// Delete all group membership
2021-01-20 18:58:02 +01:00
2021-01-21 18:13:01 +01:00
// Delete all user comments
2021-01-21 18:17:38 +01:00
// Delete all user posts
2021-01-21 18:23:23 +01:00
// Delete all responses of user to surveys
2021-01-21 18:26:18 +01:00
// Delete all the likes created by the user
2021-01-21 18:36:53 +01:00
// Delete all conversation messages
2021-01-21 18:41:27 +01:00
// Remove the user from all its conversations
2021-01-21 18:49:15 +01:00
// Delete all the notifications related with the user
2021-01-21 18:56:35 +01:00
// Delete all user friends, including friendship requests
2021-01-21 18:58:31 +01:00
// Delete user account image
2021-01-21 19:01:10 +01:00
// Delete all the likes on the user page
likes_helper::delete_all(user_id.id(), LikeType::USER)?;
2021-01-21 19:06:49 +01:00
// Delete all custom user emojies
2021-04-21 16:41:28 +02:00
// Delete all forez presences
2021-01-22 18:24:02 +01:00
// Delete connections to all services
2021-01-20 18:58:02 +01:00
2021-01-22 18:25:58 +01:00
// Remove the user from the database
.cond_user_id("ID", user_id)
2021-01-20 18:58:02 +01:00
2021-02-13 10:52:04 +01:00
2021-02-14 19:23:36 +01:00
/// Automatically delete the account, if it have been inactive for a too long time
pub fn remove_if_inactive_for_too_long_time(user: &User) -> Res {
2021-02-15 17:38:25 +01:00
let timeout = user.delete_account_after.unwrap_or(0);
if timeout < 1 {
2021-02-14 19:23:36 +01:00
return Ok(());
2021-02-15 17:38:25 +01:00
if user.last_activity < time() - timeout {
2021-02-14 19:23:36 +01:00
2021-02-13 10:52:04 +01:00
/// Hash the password to store it inside the database
fn hash_password(pass: &str) -> Res<String> {
Ok(hash_with_result(pass, DEFAULT_COST)?.to_string())
/// Validate user password.
/// If the password is encoded using the legacy method, it is automatically upgraded in case of
/// success
fn validate_password(user: &User, password: &str) -> Res<bool> {
// We check if the password use the new storage mechanism
if user.password.starts_with("$") {
return Ok(verify(password, &user.password)?);
// We need to upgrade the password
let crypt_pass = legacy_crypt_pass(password)?;
// If the password is not valid
if !user.password.eq(&crypt_pass) {
return Ok(false);
// Upgrade the password
change_password(&user.id, password)?;
2021-02-13 16:36:39 +01:00
fn db_to_user_access_token(res: &RowResult) -> Res<UserAccessToken> {
2021-04-11 17:32:50 +02:00
let push_notifications_token = PushNotificationToken::from_db(res.get_optional_str("push_notifications_token")?);
2021-02-13 16:36:39 +01:00
Ok(UserAccessToken {
id: res.get_u64("id")?,
client_id: res.get_u64("client_id")?,
user_id: res.get_user_id("user_id")?,
token: res.get_str("token")?,
last_refresh: res.get_u64("last_refresh")?,
timeout: res.get_u64("timeout")?,
2021-04-11 17:32:50 +02:00
2021-02-13 16:36:39 +01:00
2020-05-23 19:17:48 +02:00