Do not consider as valid sessions that are not completely signed in

Disabled accounts can not login
2022-04-03 14:46:58 +02:00 · 2022-04-03 14:42:16 +02:00
3 changed files with 18 additions and 8 deletions
--- a/src/actors/users_actor.rs
+++ b/src/actors/users_actor.rs
@ -7,6 +7,7 @@ use crate::data::user::{User, UserID, verify_password};
 pub enum LoginResult {
    AccountNotFound,
    InvalidPassword,
+    AccountDisabled,
    Success(User),
 }

@ -54,6 +55,10 @@ impl Handler<LoginRequest> for UsersActor {
                    return MessageResult(LoginResult::InvalidPassword);
                }

+                if !user.enabled {
+                    return MessageResult(LoginResult::AccountDisabled);
+                }
+
                MessageResult(LoginResult::Success(user))
            }
        }
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@ -114,6 +114,11 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
                }
            }

+            LoginResult::AccountDisabled => {
+                log::warn!("Failed login for username {} : account is disabled", login);
+                danger = "Your account is disabled!".to_string();
+            }
+
            c => {
                // TODO : add bruteforce detection
                log::warn!("Failed login for username {} : {:?}", login, c);
--- a/src/middlewares/auth_middleware.rs
+++ b/src/middlewares/auth_middleware.rs
@ -11,7 +11,7 @@ use askama::Template;

 use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES};
 use crate::controllers::base_controller::redirect_user_for_login;
-use crate::data::session_identity::{SessionIdentity, SessionIdentityData};
+use crate::data::session_identity::{SessionIdentity, SessionIdentityData, SessionStatus};

 // There are two steps in middleware processing.
 // 1. Middleware initialization, middleware factory gets called with
@ -40,19 +40,19 @@ impl<S, B> Transform<S, ServiceRequest> for AuthMiddleware
 }

 #[derive(Debug)]
-enum SessionStatus {
+enum ConnStatus {
    SignedOut,
    RegularUser,
    Admin,
 }

-impl SessionStatus {
+impl ConnStatus {
    pub fn is_auth(&self) -> bool {
-        !matches!(self, SessionStatus::SignedOut)
+        !matches!(self, ConnStatus::SignedOut)
    }

    pub fn is_admin(&self) -> bool {
-        matches!(self, SessionStatus::Admin)
+        matches!(self, ConnStatus::Admin)
    }
 }

@ -92,9 +92,9 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
            }

            let identity = match SessionIdentity::deserialize_session_data(req.get_identity()) {
-                None => SessionStatus::SignedOut,
-                Some(SessionIdentityData { is_admin: true, .. }) => SessionStatus::Admin,
-                _ => SessionStatus::RegularUser,
+                Some(SessionIdentityData { status: SessionStatus::SignedIn, is_admin: true, .. }) => ConnStatus::Admin,
+                Some(SessionIdentityData { status: SessionStatus::SignedIn, .. }) => ConnStatus::RegularUser,
+                _ => ConnStatus::SignedOut,
            };

            // Redirect user to login page
Author	SHA1	Message	Date
Pierre Hubert	9f5fdd65ab	Do not consider as valid sessions that are not completely signed in	2022-04-03 14:46:58 +02:00
Pierre Hubert	123dc519af	Disabled accounts can not login	2022-04-03 14:42:16 +02:00