User can delete his own 2FA login history

2022-11-12 11:50:32 +01:00
parent 7887ccaa41
commit cc4a8a962b
5 changed files with 80 additions and 20 deletions
--- a/src/actors/users_actor.rs
+++ b/src/actors/users_actor.rs
@ -55,6 +55,10 @@ pub struct ChangePasswordResult(pub bool);
 #[rtype(result = "bool")]
 pub struct AddSuccessful2FALogin(pub UserID, pub IpAddr);

+#[derive(Message)]
+#[rtype(result = "bool")]
+pub struct Clear2FALoginHistory(pub UserID);
+
 #[derive(Debug)]
 pub struct UpdateUserResult(pub bool);

@ -125,6 +129,13 @@ impl Handler<AddSuccessful2FALogin> for UsersActor {
    }
 }

+impl Handler<Clear2FALoginHistory> for UsersActor {
+    type Result = <Clear2FALoginHistory as actix::Message>::Result;
+    fn handle(&mut self, msg: Clear2FALoginHistory, _ctx: &mut Self::Context) -> Self::Result {
+        self.manager.clear_2fa_login_history(&msg.0)
+    }
+}
+
 impl Handler<GetUserRequest> for UsersActor {
    type Result = MessageResult<GetUserRequest>;

--- a/src/controllers/two_factor_api.rs
+++ b/src/controllers/two_factor_api.rs
@ -120,3 +120,15 @@ pub async fn delete_factor(
        HttpResponse::Ok().body("Removed factor!")
    }
 }
+
+pub async fn clear_login_history(
+    user: CurrentUser,
+    users: web::Data<Addr<UsersActor>>,
+) -> impl Responder {
+    users
+        .send(users_actor::Clear2FALoginHistory(user.uid.clone()))
+        .await
+        .unwrap();
+
+    HttpResponse::Ok().body("History successfully cleared")
+}
--- a/src/data/user.rs
+++ b/src/data/user.rs
@ -313,4 +313,11 @@ impl EntityManager<User> {
            user
        })
    }
+
+    pub fn clear_2fa_login_history(&mut self, id: &UserID) -> bool {
+        self.update_user(id, |mut user| {
+            user.last_successful_2fa = Default::default();
+            user
+        })
+    }
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -192,6 +192,11 @@ async fn main() -> std::io::Result<()> {
                "/settings/api/two_factor/delete_factor",
                web::post().to(two_factor_api::delete_factor),
            )
+            .route(
+                "/settings/api/two_factor/clear_login_history",
+                // Use POST to prevent CSRF
+                web::post().to(two_factor_api::clear_login_history),
+            )
            // Admin routes
            .route(
                "/admin",