Refactor users management

* Shard `src/data/user.rs` into two different files * One for user data structure (same file) * One for user manipulation (new file: `user_file_entity.rs`) * Isolate password hashing and verification
2022-11-19 17:52:35 +01:00
parent 75d894d648
commit 65d334b947
7 changed files with 145 additions and 113 deletions
--- a/src/controllers/admin_controller.rs
+++ b/src/controllers/admin_controller.rs
@ -11,7 +11,7 @@ use crate::controllers::settings_controller::BaseSettingsPage;
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::client::{Client, ClientID, ClientManager};
 use crate::data::current_user::CurrentUser;
-use crate::data::user::{hash_password, User, UserID};
+use crate::data::user::{User, UserID};
 use crate::utils::string_utils::rand_str;

 #[derive(Template)]
@ -111,19 +111,6 @@ pub async fn users_route(
            _ => Some(Vec::new()),
        };

-        let new_password = match update.0.gen_new_password.is_some() {
-            false => None,
-            true => {
-                logger.log(Action::AdminResetUserPassword(&user));
-
-                let temp_pass = rand_str(TEMPORARY_PASSWORDS_LEN);
-                user.password = hash_password(&temp_pass).expect("Failed to hash password");
-                user.need_reset_password = true;
-                user.last_successful_2fa = Default::default();
-                Some(temp_pass)
-            }
-        };
-
        if update.0.clear_2fa_history.is_some() {
            logger.log(Action::AdminClear2FAHistory(&user));
            user.last_successful_2fa = Default::default();
@ -134,6 +121,25 @@ pub async fn users_route(
            .await
            .unwrap();

+        let new_password = match update.0.gen_new_password.is_some() {
+            false => None,
+            true => {
+                logger.log(Action::AdminResetUserPassword(&user));
+
+                let temp_pass = rand_str(TEMPORARY_PASSWORDS_LEN);
+                users
+                    .send(users_actor::ChangePasswordRequest {
+                        user_id: user.uid.clone(),
+                        new_password: temp_pass.clone(),
+                        temporary: true,
+                    })
+                    .await
+                    .unwrap();
+
+                Some(temp_pass)
+            }
+        };
+
        if !res {
            danger = Some(
                match is_creating {
--- a/src/controllers/settings_controller.rs
+++ b/src/controllers/settings_controller.rs
@ -103,7 +103,14 @@ pub async fn change_password_route(
        );
    } else if let Some(req) = req {
        // Invalid password
-        if !user.verify_password(&req.old_pass) {
+        if !users
+            .send(users_actor::VerifyUserPasswordRequest(
+                user.uid.clone(),
+                req.old_pass.clone(),
+            ))
+            .await
+            .unwrap()
+        {
            danger = Some("Old password is invalid!".to_string());
            bruteforce
                .send(bruteforce_actor::RecordFailedAttempt {