BasicOIDC/src/controllers/login_controller.rs

use actix::Addr;
use actix_identity::Identity;
use actix_web::{HttpResponse, Responder, web};
use askama::Template;

use crate::actors::users_actor::{ChangePasswordResult, LoginResult, UsersActor};
use crate::actors::users_actor;
use crate::constants::{APP_NAME, MIN_PASS_LEN};
use crate::controllers::base_controller::redirect_user;
use crate::data::session_identity::{SessionIdentity, SessionStatus};

#[derive(Template)]
#[template(path = "base_login_page.html")]
struct BaseLoginPage {
    danger: String,
    success: String,
    page_title: &'static str,
    app_name: &'static str,
    redirect_uri: String,
}

#[derive(Template)]
#[template(path = "login.html")]
struct LoginTemplate {
    _parent: BaseLoginPage,
    login: String,
}

#[derive(Template)]
#[template(path = "password_reset.html")]
struct PasswordResetTemplate {
    _parent: BaseLoginPage,
    min_pass_len: usize,
}

#[derive(serde::Deserialize)]
pub struct LoginRequestBody {
    login: String,
    password: String,
}

#[derive(serde::Deserialize)]
pub struct LoginRequestQuery {
    logout: Option<bool>,
    redirect: Option<String>,
}

/// Authenticate user
pub async fn login_route(users: web::Data<Addr<UsersActor>>,
                         query: web::Query<LoginRequestQuery>,
                         req: Option<web::Form<LoginRequestBody>>,
                         id: Identity) -> impl Responder {
    let mut danger = String::new();
    let mut success = String::new();
    let mut login = String::new();

    let redirect_uri = match query.redirect.as_deref() {
        None => "/",
        Some(s) => match s.starts_with('/') && !s.starts_with("//") {
            true => s,
            false => "/",
        }
    };

    // Check if user session must be closed
    if let Some(true) = query.logout {
        id.forget();
        success = "Goodbye!".to_string();
    }

    // Check if user is already authenticated
    if SessionIdentity(&id).is_authenticated() {
        return redirect_user(redirect_uri);
    }

    // Check if user is setting a new  password
    if let (Some(req), true) = (&req, SessionIdentity(&id).need_new_password()) {
        if req.password.len() < MIN_PASS_LEN {
            danger = "Password is too short!".to_string();
        } else {
            let res: ChangePasswordResult = users.send(users_actor::ChangePasswordRequest {
                user_id: SessionIdentity(&id).user_id(),
                new_password: req.password.clone(),
                temporary: false,
            }).await.unwrap();

            if !res.0 {
                danger = "Failed to change password!".to_string();
            } else {
                SessionIdentity(&id).set_status(SessionStatus::SignedIn);
                return redirect_user(redirect_uri);
            }
        }
    }

    // Try to authenticate user
    else if let Some(req) = &req {
        // TODO : check request origin (check for valid Referer)

        login = req.login.clone();
        let response: LoginResult = users.send(users_actor::LoginRequest {
            login: login.clone(),
            password: req.password.clone(),
        }).await.unwrap();

        match response {
            LoginResult::Success(user) => {
                SessionIdentity(&id).set_user(&user);

                if user.need_reset_password {
                    SessionIdentity(&id).set_status(SessionStatus::NeedNewPassword);
                } else {
                    return redirect_user(redirect_uri);
                }
            }

            c => {
                // TODO : add bruteforce detection
                log::warn!("Failed login for username {} : {:?}", login, c);
                danger = "Login failed.".to_string();
            }
        }
    }

    // Display password reset form if it is appropriate
    if SessionIdentity(&id).need_new_password() {
        return HttpResponse::Ok()
            .content_type("text/html")
            .body(PasswordResetTemplate {
                _parent: BaseLoginPage {
                    page_title: "Password reset",
                    danger,
                    success,
                    app_name: APP_NAME,
                    redirect_uri: urlencoding::encode(redirect_uri).to_string(),
                },
                min_pass_len: MIN_PASS_LEN,
            }.render().unwrap());
    }


    HttpResponse::Ok()
        .content_type("text/html")
        .body(LoginTemplate {
            _parent: BaseLoginPage {
                page_title: "Login",
                danger,
                success,
                app_name: APP_NAME,
                redirect_uri: urlencoding::encode(redirect_uri).to_string(),
            },
            login,
        }.render().unwrap())
}

/// Sign out user
pub async fn logout_route() -> impl Responder {
    redirect_user("/login?logout=true")
}
Add communication with user actor 2022-03-30 10:41:22 +00:00			`use actix::Addr;`
Add actix-identity crate 2022-03-30 14:58:00 +00:00			`use actix_identity::Identity;`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`use actix_web::{HttpResponse, Responder, web};`
Ready to implement login page 2022-03-30 08:29:10 +00:00			`use askama::Template;`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`use crate::actors::users_actor::{ChangePasswordResult, LoginResult, UsersActor};`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`use crate::actors::users_actor;`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`use crate::constants::{APP_NAME, MIN_PASS_LEN};`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`use crate::controllers::base_controller::redirect_user;`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`use crate::data::session_identity::{SessionIdentity, SessionStatus};`
Ready to implement login page 2022-03-30 08:29:10 +00:00
Display login page 2022-03-30 09:00:20 +00:00			`#[derive(Template)]`
			`#[template(path = "base_login_page.html")]`
			`struct BaseLoginPage {`
			`danger: String,`
			`success: String,`
			`page_title: &'static str,`
			`app_name: &'static str,`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`redirect_uri: String,`
Display login page 2022-03-30 09:00:20 +00:00			`}`

Ready to implement login page 2022-03-30 08:29:10 +00:00			`#[derive(Template)]`
			`#[template(path = "login.html")]`
Display login page 2022-03-30 09:00:20 +00:00			`struct LoginTemplate {`
			`_parent: BaseLoginPage,`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`login: String,`
Ready to implement login page 2022-03-30 08:29:10 +00:00			`}`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`#[derive(Template)]`
			`#[template(path = "password_reset.html")]`
			`struct PasswordResetTemplate {`
			`_parent: BaseLoginPage,`
			`min_pass_len: usize,`
			`}`

Add communication with user actor 2022-03-30 10:41:22 +00:00			`#[derive(serde::Deserialize)]`
User can sign out 2022-04-01 17:05:40 +00:00			`pub struct LoginRequestBody {`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`login: String,`
			`password: String,`
			`}`

User can sign out 2022-04-01 17:05:40 +00:00			`#[derive(serde::Deserialize)]`
			`pub struct LoginRequestQuery {`
			`logout: Option<bool>,`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`redirect: Option<String>,`
User can sign out 2022-04-01 17:05:40 +00:00			`}`

Add communication with user actor 2022-03-30 10:41:22 +00:00			`/// Authenticate user`
			`pub async fn login_route(users: web::Data<Addr<UsersActor>>,`
User can sign out 2022-04-01 17:05:40 +00:00			`query: web::Query<LoginRequestQuery>,`
			`req: Option<web::Form<LoginRequestBody>>,`
Add actix-identity crate 2022-03-30 14:58:00 +00:00			`id: Identity) -> impl Responder {`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`let mut danger = String::new();`
User can sign out 2022-04-01 17:05:40 +00:00			`let mut success = String::new();`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`let mut login = String::new();`

Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`let redirect_uri = match query.redirect.as_deref() {`
			`None => "/",`
			`Some(s) => match s.starts_with('/') && !s.starts_with("//") {`
			`true => s,`
			`false => "/",`
			`}`
			`};`

User can sign out 2022-04-01 17:05:40 +00:00			`// Check if user session must be closed`
			`if let Some(true) = query.logout {`
			`id.forget();`
			`success = "Goodbye!".to_string();`
			`}`

Redirect user after successful login 2022-04-01 16:59:17 +00:00			`// Check if user is already authenticated`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`if SessionIdentity(&id).is_authenticated() {`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`return redirect_user(redirect_uri);`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`// Check if user is setting a new password`
			`if let (Some(req), true) = (&req, SessionIdentity(&id).need_new_password()) {`
			`if req.password.len() < MIN_PASS_LEN {`
			`danger = "Password is too short!".to_string();`
			`} else {`
			`let res: ChangePasswordResult = users.send(users_actor::ChangePasswordRequest {`
			`user_id: SessionIdentity(&id).user_id(),`
			`new_password: req.password.clone(),`
			`temporary: false,`
			`}).await.unwrap();`

			`if !res.0 {`
			`danger = "Failed to change password!".to_string();`
			`} else {`
			`SessionIdentity(&id).set_status(SessionStatus::SignedIn);`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`return redirect_user(redirect_uri);`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`}`
			`}`
			`}`

Add communication with user actor 2022-03-30 10:41:22 +00:00			`// Try to authenticate user`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`else if let Some(req) = &req {`
			`// TODO : check request origin (check for valid Referer)`
Redirect user after successful login 2022-04-01 16:59:17 +00:00
Add communication with user actor 2022-03-30 10:41:22 +00:00			`login = req.login.clone();`
			`let response: LoginResult = users.send(users_actor::LoginRequest {`
			`login: login.clone(),`
			`password: req.password.clone(),`
			`}).await.unwrap();`

Redirect user after successful login 2022-04-01 16:59:17 +00:00			`match response {`
			`LoginResult::Success(user) => {`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`SessionIdentity(&id).set_user(&user);`
Redirect user after successful login 2022-04-01 16:59:17 +00:00
Can request new user password on login 2022-04-02 06:30:01 +00:00			`if user.need_reset_password {`
			`SessionIdentity(&id).set_status(SessionStatus::NeedNewPassword);`
			`} else {`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`return redirect_user(redirect_uri);`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`}`
Redirect user after successful login 2022-04-01 16:59:17 +00:00			`}`

			`c => {`
			`// TODO : add bruteforce detection`
			`log::warn!("Failed login for username {} : {:?}", login, c);`
			`danger = "Login failed.".to_string();`
			`}`
			`}`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`}`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`// Display password reset form if it is appropriate`
			`if SessionIdentity(&id).need_new_password() {`
			`return HttpResponse::Ok()`
			`.content_type("text/html")`
			`.body(PasswordResetTemplate {`
			`_parent: BaseLoginPage {`
			`page_title: "Password reset",`
			`danger,`
			`success,`
			`app_name: APP_NAME,`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`redirect_uri: urlencoding::encode(redirect_uri).to_string(),`
Can request new user password on login 2022-04-02 06:30:01 +00:00			`},`
			`min_pass_len: MIN_PASS_LEN,`
			`}.render().unwrap());`
			`}`

Ready to implement login page 2022-03-30 08:29:10 +00:00
Display login page 2022-03-30 09:00:20 +00:00			`HttpResponse::Ok()`
			`.content_type("text/html")`
			`.body(LoginTemplate {`
			`_parent: BaseLoginPage {`
			`page_title: "Login",`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`danger,`
User can sign out 2022-04-01 17:05:40 +00:00			`success,`
Display login page 2022-03-30 09:00:20 +00:00			`app_name: APP_NAME,`
Can redirect user on successful login 2022-04-02 17:44:13 +00:00			`redirect_uri: urlencoding::encode(redirect_uri).to_string(),`
Display login page 2022-03-30 09:00:20 +00:00			`},`
Add communication with user actor 2022-03-30 10:41:22 +00:00			`login,`
Display login page 2022-03-30 09:00:20 +00:00			`}.render().unwrap())`
User can sign out 2022-04-01 17:05:40 +00:00			`}`

			`/// Sign out user`
			`pub async fn logout_route() -> impl Responder {`
			`redirect_user("/login?logout=true")`
Ready to implement login page 2022-03-30 08:29:10 +00:00			`}`