BasicOIDC/src/controllers/login_controller.rs

147 lines
4.3 KiB
Rust
Raw Normal View History

2022-03-30 10:41:22 +00:00
use actix::Addr;
2022-03-30 14:58:00 +00:00
use actix_identity::Identity;
2022-03-30 10:41:22 +00:00
use actix_web::{HttpResponse, Responder, web};
2022-03-30 08:29:10 +00:00
use askama::Template;
2022-04-02 06:30:01 +00:00
use crate::actors::users_actor::{ChangePasswordResult, LoginResult, UsersActor};
2022-03-30 10:41:22 +00:00
use crate::actors::users_actor;
2022-04-02 06:30:01 +00:00
use crate::constants::{APP_NAME, MIN_PASS_LEN};
2022-04-01 16:59:17 +00:00
use crate::controllers::base_controller::redirect_user;
2022-04-02 06:30:01 +00:00
use crate::data::session_identity::{SessionIdentity, SessionStatus};
2022-03-30 08:29:10 +00:00
2022-03-30 09:00:20 +00:00
#[derive(Template)]
#[template(path = "base_login_page.html")]
struct BaseLoginPage {
danger: String,
success: String,
page_title: &'static str,
app_name: &'static str,
}
2022-03-30 08:29:10 +00:00
#[derive(Template)]
#[template(path = "login.html")]
2022-03-30 09:00:20 +00:00
struct LoginTemplate {
_parent: BaseLoginPage,
2022-03-30 10:41:22 +00:00
login: String,
2022-03-30 08:29:10 +00:00
}
2022-04-02 06:30:01 +00:00
#[derive(Template)]
#[template(path = "password_reset.html")]
struct PasswordResetTemplate {
_parent: BaseLoginPage,
min_pass_len: usize,
}
2022-03-30 10:41:22 +00:00
#[derive(serde::Deserialize)]
2022-04-01 17:05:40 +00:00
pub struct LoginRequestBody {
2022-03-30 10:41:22 +00:00
login: String,
password: String,
}
2022-04-01 17:05:40 +00:00
#[derive(serde::Deserialize)]
pub struct LoginRequestQuery {
logout: Option<bool>,
}
2022-03-30 10:41:22 +00:00
/// Authenticate user
pub async fn login_route(users: web::Data<Addr<UsersActor>>,
2022-04-01 17:05:40 +00:00
query: web::Query<LoginRequestQuery>,
req: Option<web::Form<LoginRequestBody>>,
2022-03-30 14:58:00 +00:00
id: Identity) -> impl Responder {
2022-03-30 10:41:22 +00:00
let mut danger = String::new();
2022-04-01 17:05:40 +00:00
let mut success = String::new();
2022-03-30 10:41:22 +00:00
let mut login = String::new();
2022-04-01 17:05:40 +00:00
// Check if user session must be closed
if let Some(true) = query.logout {
id.forget();
success = "Goodbye!".to_string();
}
2022-04-01 16:59:17 +00:00
// Check if user is already authenticated
2022-04-01 20:51:33 +00:00
if SessionIdentity(&id).is_authenticated() {
2022-04-01 16:59:17 +00:00
return redirect_user("/");
}
2022-04-02 06:30:01 +00:00
// Check if user is setting a new password
if let (Some(req), true) = (&req, SessionIdentity(&id).need_new_password()) {
if req.password.len() < MIN_PASS_LEN {
danger = "Password is too short!".to_string();
} else {
let res: ChangePasswordResult = users.send(users_actor::ChangePasswordRequest {
user_id: SessionIdentity(&id).user_id(),
new_password: req.password.clone(),
temporary: false,
}).await.unwrap();
if !res.0 {
danger = "Failed to change password!".to_string();
} else {
SessionIdentity(&id).set_status(SessionStatus::SignedIn);
return redirect_user("/");
}
}
}
2022-03-30 10:41:22 +00:00
// Try to authenticate user
2022-04-02 06:30:01 +00:00
else if let Some(req) = &req {
// TODO : check request origin (check for valid Referer)
2022-04-01 16:59:17 +00:00
2022-03-30 10:41:22 +00:00
login = req.login.clone();
let response: LoginResult = users.send(users_actor::LoginRequest {
login: login.clone(),
password: req.password.clone(),
}).await.unwrap();
2022-04-01 16:59:17 +00:00
match response {
LoginResult::Success(user) => {
2022-04-01 20:51:33 +00:00
SessionIdentity(&id).set_user(&user);
2022-04-01 16:59:17 +00:00
2022-04-02 06:30:01 +00:00
if user.need_reset_password {
SessionIdentity(&id).set_status(SessionStatus::NeedNewPassword);
} else {
return redirect_user("/");
}
2022-04-01 16:59:17 +00:00
}
c => {
// TODO : add bruteforce detection
log::warn!("Failed login for username {} : {:?}", login, c);
danger = "Login failed.".to_string();
}
}
2022-03-30 10:41:22 +00:00
}
2022-04-02 06:30:01 +00:00
// Display password reset form if it is appropriate
if SessionIdentity(&id).need_new_password() {
return HttpResponse::Ok()
.content_type("text/html")
.body(PasswordResetTemplate {
_parent: BaseLoginPage {
page_title: "Password reset",
danger,
success,
app_name: APP_NAME,
},
min_pass_len: MIN_PASS_LEN,
}.render().unwrap());
}
2022-03-30 08:29:10 +00:00
2022-03-30 09:00:20 +00:00
HttpResponse::Ok()
.content_type("text/html")
.body(LoginTemplate {
_parent: BaseLoginPage {
page_title: "Login",
2022-03-30 10:41:22 +00:00
danger,
2022-04-01 17:05:40 +00:00
success,
2022-03-30 09:00:20 +00:00
app_name: APP_NAME,
},
2022-03-30 10:41:22 +00:00
login,
2022-03-30 09:00:20 +00:00
}.render().unwrap())
2022-04-01 17:05:40 +00:00
}
/// Sign out user
pub async fn logout_route() -> impl Responder {
redirect_user("/login?logout=true")
2022-03-30 08:29:10 +00:00
}