From f21636aa4edaba734b963107a3320391c649f596 Mon Sep 17 00:00:00 2001 From: Pierre HUBERT Date: Mon, 13 Jul 2020 18:56:36 +0200 Subject: [PATCH] Start to implement data export --- src/constants.rs | 5 ++++- src/controllers/account_controller.rs | 7 +++++++ src/controllers/routes.rs | 1 + src/data/http_request_handler.rs | 12 ++++++++++++ src/helpers/account_helper.rs | 11 +++++++++++ 5 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/constants.rs b/src/constants.rs index 784bebf..53d7f54 100644 --- a/src/constants.rs +++ b/src/constants.rs @@ -88,4 +88,7 @@ pub const MAXIMUM_NUMBER_SURVEY_CHOICES: usize = 20; pub const PASSWORD_RESET_TOKEN_LENGTH: usize = 255; /// Duration of the validity of a password reset token (6 hours) -pub const PASSWORD_RESET_TOKEN_LIFETIME: u64 = 60 * 60 * 6; \ No newline at end of file +pub const PASSWORD_RESET_TOKEN_LIFETIME: u64 = 60 * 60 * 6; + +/// Minimum password length +pub const PASSWORD_MIN_LENGTH: usize = 3; \ No newline at end of file diff --git a/src/controllers/account_controller.rs b/src/controllers/account_controller.rs index b865702..2507bb3 100644 --- a/src/controllers/account_controller.rs +++ b/src/controllers/account_controller.rs @@ -178,4 +178,11 @@ pub fn reset_user_password(r: &mut HttpRequestHandler) -> RequestResult { account_helper::destroy_password_reset_token_for_user(&user_id)?; r.success("Password changed!") +} + +/// Export account's data +pub fn export_data(r: &mut HttpRequestHandler) -> RequestResult { + r.need_user_password("password")?; + + r.success("Go on") } \ No newline at end of file diff --git a/src/controllers/routes.rs b/src/controllers/routes.rs index 86ef414..c19d6d5 100644 --- a/src/controllers/routes.rs +++ b/src/controllers/routes.rs @@ -81,6 +81,7 @@ pub fn get_routes() -> Vec { Route::post_without_login("/account/check_security_answers", Box::new(account_controller::check_security_answers)), Route::post_without_login("/account/check_password_reset_token", Box::new(account_controller::check_password_reset_token)), Route::post_without_login("/account/reset_user_passwd", Box::new(account_controller::reset_user_password)), + Route::post("/account/export_data", Box::new(account_controller::export_data)), // User controller Route::post_without_login("/user/getInfo", Box::new(user_controller::get_single)), diff --git a/src/data/http_request_handler.rs b/src/data/http_request_handler.rs index ea61665..2f6753b 100644 --- a/src/data/http_request_handler.rs +++ b/src/data/http_request_handler.rs @@ -25,6 +25,7 @@ use crate::utils::pdf_utils::is_valid_pdf; use crate::utils::string_utils::{check_string_before_insert, check_url, remove_html_nodes}; use crate::utils::user_data_utils::{generate_new_user_data_file_name, prepare_file_creation, user_data_path}; use crate::utils::virtual_directories_utils::check_virtual_directory; +use crate::constants::PASSWORD_MIN_LENGTH; /// Http request handler /// @@ -659,4 +660,15 @@ impl HttpRequestHandler { Ok(remove_html_nodes(&content)) } + + /// Check the password of the current user + pub fn need_user_password(&mut self, field: &str) ->ResultBoxError { + let password = self.post_string_opt(field, PASSWORD_MIN_LENGTH, true)?; + + if !account_helper::check_user_password(self.user_id_ref()?, &password)? { + self.forbidden("Invalid password!".to_string())?; + } + + Ok(()) + } } \ No newline at end of file diff --git a/src/helpers/account_helper.rs b/src/helpers/account_helper.rs index 5a9d561..8bf1cd2 100644 --- a/src/helpers/account_helper.rs +++ b/src/helpers/account_helper.rs @@ -146,6 +146,17 @@ pub fn get_user_id_from_password_reset_token(token: &str) -> ResultBoxError ResultBoxError { + let crypt_pass = crypt_pass(password)?; + + database::QueryInfo::new(USERS_TABLE) + .cond_user_id("ID", user_id) + .cond("password", &crypt_pass) + .exec_count() + .map(|r| r > 0) +} + /// Change the password of a user pub fn change_password(user_id: &UserID, new_password: &String) -> ResultBoxError { database::UpdateInfo::new(USERS_TABLE)