Check login before logging it
This commit is contained in:
parent
75b70008e3
commit
e71fad8546
26
Cargo.lock
generated
26
Cargo.lock
generated
@ -428,6 +428,12 @@ version = "0.7.4"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
|
checksum = "96d30a06541fbafbc7f82ed10c06164cfbd2c401138f6addd8404629c4b16711"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "ascii_utils"
|
||||||
|
version = "0.9.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "71938f30533e4d95a6d17aa530939da3842c2ab6f4f84b9dae68447e4129f74a"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "askama"
|
name = "askama"
|
||||||
version = "0.12.1"
|
version = "0.12.1"
|
||||||
@ -604,6 +610,7 @@ dependencies = [
|
|||||||
"lazy_static",
|
"lazy_static",
|
||||||
"light-openid",
|
"light-openid",
|
||||||
"log",
|
"log",
|
||||||
|
"mailchecker",
|
||||||
"mime_guess",
|
"mime_guess",
|
||||||
"qrcode-generator",
|
"qrcode-generator",
|
||||||
"rand",
|
"rand",
|
||||||
@ -1173,6 +1180,15 @@ dependencies = [
|
|||||||
"windows-sys 0.52.0",
|
"windows-sys 0.52.0",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "fast_chemail"
|
||||||
|
version = "0.9.6"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "495a39d30d624c2caabe6312bfead73e7717692b44e0b32df168c275a2e8e9e4"
|
||||||
|
dependencies = [
|
||||||
|
"ascii_utils",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "fastrand"
|
name = "fastrand"
|
||||||
version = "2.0.1"
|
version = "2.0.1"
|
||||||
@ -1781,6 +1797,16 @@ version = "0.4.20"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
|
checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "mailchecker"
|
||||||
|
version = "6.0.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "32a1951055840e30b5c9c60fcadca14b0b9962797a6228d4e5a73e438a3185ed"
|
||||||
|
dependencies = [
|
||||||
|
"fast_chemail",
|
||||||
|
"once_cell",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "memchr"
|
name = "memchr"
|
||||||
version = "2.7.1"
|
version = "2.7.1"
|
||||||
|
@ -39,3 +39,4 @@ light-openid = { version = "1.0.1", features=["crypto-wrapper"] }
|
|||||||
bincode = "2.0.0-rc.3"
|
bincode = "2.0.0-rc.3"
|
||||||
chrono = "0.4.34"
|
chrono = "0.4.34"
|
||||||
lazy_static = "1.4.0"
|
lazy_static = "1.4.0"
|
||||||
|
mailchecker = "6.0.1"
|
@ -6,6 +6,7 @@ use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersAct
|
|||||||
use crate::data::action_logger::{Action, ActionLogger};
|
use crate::data::action_logger::{Action, ActionLogger};
|
||||||
use crate::data::current_user::CurrentUser;
|
use crate::data::current_user::CurrentUser;
|
||||||
use crate::data::user::UserID;
|
use crate::data::user::UserID;
|
||||||
|
use crate::utils::string_utils;
|
||||||
|
|
||||||
#[derive(serde::Deserialize)]
|
#[derive(serde::Deserialize)]
|
||||||
pub struct FindUserNameReq {
|
pub struct FindUserNameReq {
|
||||||
@ -21,6 +22,10 @@ pub async fn find_username(
|
|||||||
req: web::Form<FindUserNameReq>,
|
req: web::Form<FindUserNameReq>,
|
||||||
users: web::Data<Addr<UsersActor>>,
|
users: web::Data<Addr<UsersActor>>,
|
||||||
) -> impl Responder {
|
) -> impl Responder {
|
||||||
|
if !string_utils::is_acceptable_login(&req.username) {
|
||||||
|
return HttpResponse::BadRequest().json("Invalid login!");
|
||||||
|
}
|
||||||
|
|
||||||
let res = users
|
let res = users
|
||||||
.send(FindUserByUsername(req.0.username))
|
.send(FindUserByUsername(req.0.username))
|
||||||
.await
|
.await
|
||||||
|
@ -15,6 +15,7 @@ use crate::data::client::{Client, ClientID, ClientManager};
|
|||||||
use crate::data::current_user::CurrentUser;
|
use crate::data::current_user::CurrentUser;
|
||||||
use crate::data::provider::{Provider, ProviderID, ProvidersManager};
|
use crate::data::provider::{Provider, ProviderID, ProvidersManager};
|
||||||
use crate::data::user::{GeneralSettings, GrantedClients, User, UserID};
|
use crate::data::user::{GeneralSettings, GrantedClients, User, UserID};
|
||||||
|
use crate::utils::string_utils;
|
||||||
use crate::utils::string_utils::rand_str;
|
use crate::utils::string_utils::rand_str;
|
||||||
|
|
||||||
#[derive(Template)]
|
#[derive(Template)]
|
||||||
@ -105,7 +106,16 @@ pub async fn users_route(
|
|||||||
let mut danger = None;
|
let mut danger = None;
|
||||||
let mut success = None;
|
let mut success = None;
|
||||||
|
|
||||||
if let Some(update) = update_query {
|
// Check update query for invalid input
|
||||||
|
if update_query
|
||||||
|
.as_ref()
|
||||||
|
.map(|l| string_utils::is_acceptable_login(&l.username))
|
||||||
|
== Some(false)
|
||||||
|
{
|
||||||
|
danger = Some("Invalid login provided, the modifications could not be saved!".to_string());
|
||||||
|
}
|
||||||
|
// Perform request (if any)
|
||||||
|
else if let Some(update) = update_query {
|
||||||
let edited_user: Option<User> = users
|
let edited_user: Option<User> = users
|
||||||
.send(users_actor::GetUserRequest(update.uid.clone()))
|
.send(users_actor::GetUserRequest(update.uid.clone()))
|
||||||
.await
|
.await
|
||||||
|
@ -18,6 +18,7 @@ use crate::data::provider::{Provider, ProvidersManager};
|
|||||||
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
use crate::data::session_identity::{SessionIdentity, SessionStatus};
|
||||||
use crate::data::user::User;
|
use crate::data::user::User;
|
||||||
use crate::data::webauthn_manager::WebAuthManagerReq;
|
use crate::data::webauthn_manager::WebAuthManagerReq;
|
||||||
|
use crate::utils::string_utils;
|
||||||
|
|
||||||
pub struct BaseLoginPage<'a> {
|
pub struct BaseLoginPage<'a> {
|
||||||
pub danger: Option<String>,
|
pub danger: Option<String>,
|
||||||
@ -132,6 +133,16 @@ pub async fn login_route(
|
|||||||
query.redirect.get_encoded()
|
query.redirect.get_encoded()
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
// Check if given login is not acceptable
|
||||||
|
else if req
|
||||||
|
.as_ref()
|
||||||
|
.map(|r| string_utils::is_acceptable_login(&r.login))
|
||||||
|
== Some(false)
|
||||||
|
{
|
||||||
|
danger = Some(
|
||||||
|
"Given login could not be processed, because it has an invalid format!".to_string(),
|
||||||
|
);
|
||||||
|
}
|
||||||
// Try to authenticate user
|
// Try to authenticate user
|
||||||
else if let Some(req) = &req {
|
else if let Some(req) = &req {
|
||||||
login = req.login.clone();
|
login = req.login.clone();
|
||||||
|
@ -311,7 +311,7 @@ impl Eq for User {}
|
|||||||
impl Default for User {
|
impl Default for User {
|
||||||
fn default() -> Self {
|
fn default() -> Self {
|
||||||
Self {
|
Self {
|
||||||
uid: UserID("".to_string()),
|
uid: UserID(uuid::Uuid::new_v4().to_string()),
|
||||||
first_name: "".to_string(),
|
first_name: "".to_string(),
|
||||||
last_name: "".to_string(),
|
last_name: "".to_string(),
|
||||||
username: "".to_string(),
|
username: "".to_string(),
|
||||||
|
@ -36,9 +36,14 @@ pub fn apply_env_vars(val: &str) -> String {
|
|||||||
val
|
val
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Check out whether a given login is acceptable or not
|
||||||
|
pub fn is_acceptable_login(login: &str) -> bool {
|
||||||
|
mailchecker::is_valid(login) || lazy_regex::regex!("^[a-zA-Z0-9-+]+$").is_match(login)
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod test {
|
mod test {
|
||||||
use crate::utils::string_utils::apply_env_vars;
|
use crate::utils::string_utils::{apply_env_vars, is_acceptable_login};
|
||||||
use std::env;
|
use std::env;
|
||||||
|
|
||||||
const VAR_ONE: &str = "VAR_ONE";
|
const VAR_ONE: &str = "VAR_ONE";
|
||||||
@ -56,4 +61,12 @@ mod test {
|
|||||||
let src = format!("This is ${{{}}}", VAR_INVALID);
|
let src = format!("This is ${{{}}}", VAR_INVALID);
|
||||||
assert_eq!(src, apply_env_vars(&src));
|
assert_eq!(src, apply_env_vars(&src));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_is_acceptable_login() {
|
||||||
|
assert!(is_acceptable_login("admin"));
|
||||||
|
assert!(is_acceptable_login("someone@somewhere.fr"));
|
||||||
|
assert!(!is_acceptable_login("someone@somewhere.#fr"));
|
||||||
|
assert!(!is_acceptable_login("bad bad"));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user