Check login before logging it
This commit is contained in:
@ -6,6 +6,7 @@ use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersAct
|
||||
use crate::data::action_logger::{Action, ActionLogger};
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::user::UserID;
|
||||
use crate::utils::string_utils;
|
||||
|
||||
#[derive(serde::Deserialize)]
|
||||
pub struct FindUserNameReq {
|
||||
@ -21,6 +22,10 @@ pub async fn find_username(
|
||||
req: web::Form<FindUserNameReq>,
|
||||
users: web::Data<Addr<UsersActor>>,
|
||||
) -> impl Responder {
|
||||
if !string_utils::is_acceptable_login(&req.username) {
|
||||
return HttpResponse::BadRequest().json("Invalid login!");
|
||||
}
|
||||
|
||||
let res = users
|
||||
.send(FindUserByUsername(req.0.username))
|
||||
.await
|
||||
|
||||
@ -15,6 +15,7 @@ use crate::data::client::{Client, ClientID, ClientManager};
|
||||
use crate::data::current_user::CurrentUser;
|
||||
use crate::data::provider::{Provider, ProviderID, ProvidersManager};
|
||||
use crate::data::user::{GeneralSettings, GrantedClients, User, UserID};
|
||||
use crate::utils::string_utils;
|
||||
use crate::utils::string_utils::rand_str;
|
||||
|
||||
#[derive(Template)]
|
||||
@ -105,7 +106,16 @@ pub async fn users_route(
|
||||
let mut danger = None;
|
||||
let mut success = None;
|
||||
|
||||
if let Some(update) = update_query {
|
||||
// Check update query for invalid input
|
||||
if update_query
|
||||
.as_ref()
|
||||
.map(|l| string_utils::is_acceptable_login(&l.username))
|
||||
== Some(false)
|
||||
{
|
||||
danger = Some("Invalid login provided, the modifications could not be saved!".to_string());
|
||||
}
|
||||
// Perform request (if any)
|
||||
else if let Some(update) = update_query {
|
||||
let edited_user: Option<User> = users
|
||||
.send(users_actor::GetUserRequest(update.uid.clone()))
|
||||
.await
|
||||
|
||||
@ -18,6 +18,7 @@ use crate::data::provider::{Provider, ProvidersManager};
|
||||
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
||||
use crate::data::user::User;
|
||||
use crate::data::webauthn_manager::WebAuthManagerReq;
|
||||
use crate::utils::string_utils;
|
||||
|
||||
pub struct BaseLoginPage<'a> {
|
||||
pub danger: Option<String>,
|
||||
@ -132,6 +133,16 @@ pub async fn login_route(
|
||||
query.redirect.get_encoded()
|
||||
));
|
||||
}
|
||||
// Check if given login is not acceptable
|
||||
else if req
|
||||
.as_ref()
|
||||
.map(|r| string_utils::is_acceptable_login(&r.login))
|
||||
== Some(false)
|
||||
{
|
||||
danger = Some(
|
||||
"Given login could not be processed, because it has an invalid format!".to_string(),
|
||||
);
|
||||
}
|
||||
// Try to authenticate user
|
||||
else if let Some(req) = &req {
|
||||
login = req.login.clone();
|
||||
|
||||
Reference in New Issue
Block a user