GeneIT/geneit_backend/src/controllers/users_controller.rs

//! # User controller
//!
//! The actions of the user on his account when he is authenticated.

use crate::constants::StaticConstraints;
use crate::controllers::HttpResult;
use crate::models::User;
use crate::services::login_token_service::LoginToken;
use crate::services::rate_limiter_service::RatedAction;
use crate::services::{rate_limiter_service, users_service};
use actix_remote_ip::RemoteIP;
use actix_web::web::Json;
use actix_web::HttpResponse;

#[derive(serde::Serialize)]
struct UserAPI<'a> {
    #[serde(flatten)]
    user: &'a User,
    has_password: bool,
}

/// Get account information
pub async fn auth_info(token: LoginToken) -> HttpResult {
    let user = users_service::get_by_id(token.user_id).await?;

    Ok(HttpResponse::Ok().json(UserAPI {
        user: &user,
        has_password: user
            .password
            .as_deref()
            .map(|p| !p.is_empty())
            .unwrap_or_default(),
    }))
}

#[derive(serde::Deserialize)]
pub struct ProfileUpdateQuery {
    name: String,
}

/// Update profile information
pub async fn update_profile(token: LoginToken, profile: Json<ProfileUpdateQuery>) -> HttpResult {
    if !StaticConstraints::default()
        .user_name_len
        .validate(&profile.name)
    {
        return Ok(HttpResponse::BadRequest().json("Nom invalide!"));
    }

    let mut user = users_service::get_by_id(token.user_id).await?;
    user.name = profile.0.name;
    users_service::update_account(&user).await?;

    Ok(HttpResponse::Accepted().finish())
}

#[derive(serde::Deserialize)]
pub struct ReplacePasswordQuery {
    old_password: String,
    new_password: String,
}

/// Replace user password
pub async fn replace_password(
    remote_ip: RemoteIP,
    token: LoginToken,
    q: Json<ReplacePasswordQuery>,
) -> HttpResult {
    // Rate limiting
    if rate_limiter_service::should_block_action(
        remote_ip.0,
        RatedAction::RequestReplacePasswordSignedIn,
    )
    .await?
    {
        return Ok(HttpResponse::TooManyRequests().finish());
    }

    if !StaticConstraints::default()
        .password_len
        .validate(&q.new_password)
    {
        return Ok(HttpResponse::BadRequest().json("Invalid new password!"));
    }

    let mut user = users_service::get_by_id(token.user_id).await?;
    if !user.check_password(&q.old_password) {
        rate_limiter_service::record_action(
            remote_ip.0,
            RatedAction::RequestReplacePasswordSignedIn,
        )
        .await?;
        return Ok(HttpResponse::Unauthorized().json("Invalid old password!"));
    }

    users_service::change_password(&mut user, &q.new_password).await?;

    Ok(HttpResponse::Accepted().finish())
}

/// Request delete account
pub async fn request_delete_account(remote_ip: RemoteIP, token: LoginToken) -> HttpResult {
    // Rate limiting
    if rate_limiter_service::should_block_action(remote_ip.0, RatedAction::RequestDeleteAccount)
        .await?
    {
        return Ok(HttpResponse::TooManyRequests().finish());
    }
    rate_limiter_service::record_action(remote_ip.0, RatedAction::RequestDeleteAccount).await?;

    let mut user = users_service::get_by_id(token.user_id).await?;
    users_service::request_delete_account(&mut user).await?;

    Ok(HttpResponse::Accepted().finish())
}

#[derive(serde::Deserialize)]
pub struct DeleteAccountTokenBody {
    token: String,
}

#[derive(serde::Serialize)]
struct CheckDeleteTokenResponse {
    email: String,
}

/// Check delete account token
pub async fn check_delete_token(req: Json<DeleteAccountTokenBody>) -> HttpResult {
    let user = users_service::get_by_account_delete_token(&req.token).await?;

    Ok(HttpResponse::Ok().json(CheckDeleteTokenResponse { email: user.email }))
}

/// Delete account
pub async fn delete_account(req: Json<DeleteAccountTokenBody>) -> HttpResult {
    let user = users_service::get_by_account_delete_token(&req.token).await?;

    users_service::delete_account(&user).await?;

    Ok(HttpResponse::Accepted().finish())
}
Can get user information 2023-05-31 13:52:49 +00:00			`//! # User controller`
			`//!`
			`//! The actions of the user on his account when he is authenticated.`

Can update profile information 2023-06-05 16:52:00 +00:00			`use crate::constants::StaticConstraints;`
Can get user information 2023-05-31 13:52:49 +00:00			`use crate::controllers::HttpResult;`
Can check if password is set aith auth/info route 2023-06-05 16:41:56 +00:00			`use crate::models::User;`
Can get user information 2023-05-31 13:52:49 +00:00			`use crate::services::login_token_service::LoginToken;`
Can replace password 2023-06-05 17:02:51 +00:00			`use crate::services::rate_limiter_service::RatedAction;`
			`use crate::services::{rate_limiter_service, users_service};`
			`use actix_remote_ip::RemoteIP;`
Can update profile information 2023-06-05 16:52:00 +00:00			`use actix_web::web::Json;`
Can get user information 2023-05-31 13:52:49 +00:00			`use actix_web::HttpResponse;`

Can check if password is set aith auth/info route 2023-06-05 16:41:56 +00:00			`#[derive(serde::Serialize)]`
			`struct UserAPI<'a> {`
			`#[serde(flatten)]`
			`user: &'a User,`
			`has_password: bool,`
			`}`

Can get user information 2023-05-31 13:52:49 +00:00			`/// Get account information`
			`pub async fn auth_info(token: LoginToken) -> HttpResult {`
			`let user = users_service::get_by_id(token.user_id).await?;`

Can check if password is set aith auth/info route 2023-06-05 16:41:56 +00:00			`Ok(HttpResponse::Ok().json(UserAPI {`
			`user: &user,`
			`has_password: user`
			`.password`
			`.as_deref()`
			`.map(\|p\| !p.is_empty())`
			`.unwrap_or_default(),`
			`}))`
Can get user information 2023-05-31 13:52:49 +00:00			`}`
Can update profile information 2023-06-05 16:52:00 +00:00
			`#[derive(serde::Deserialize)]`
Can replace password 2023-06-05 17:02:51 +00:00			`pub struct ProfileUpdateQuery {`
Can update profile information 2023-06-05 16:52:00 +00:00			`name: String,`
			`}`

			`/// Update profile information`
Can replace password 2023-06-05 17:02:51 +00:00			`pub async fn update_profile(token: LoginToken, profile: Json<ProfileUpdateQuery>) -> HttpResult {`
Can update profile information 2023-06-05 16:52:00 +00:00			`if !StaticConstraints::default()`
			`.user_name_len`
			`.validate(&profile.name)`
			`{`
			`return Ok(HttpResponse::BadRequest().json("Nom invalide!"));`
			`}`

			`let mut user = users_service::get_by_id(token.user_id).await?;`
			`user.name = profile.0.name;`
Refactor users_service 2023-06-05 17:11:28 +00:00			`users_service::update_account(&user).await?;`
Can update profile information 2023-06-05 16:52:00 +00:00
			`Ok(HttpResponse::Accepted().finish())`
			`}`
Can replace password 2023-06-05 17:02:51 +00:00
			`#[derive(serde::Deserialize)]`
			`pub struct ReplacePasswordQuery {`
			`old_password: String,`
			`new_password: String,`
			`}`

			`/// Replace user password`
			`pub async fn replace_password(`
			`remote_ip: RemoteIP,`
			`token: LoginToken,`
			`q: Json<ReplacePasswordQuery>,`
			`) -> HttpResult {`
			`// Rate limiting`
			`if rate_limiter_service::should_block_action(`
			`remote_ip.0,`
			`RatedAction::RequestReplacePasswordSignedIn,`
			`)`
			`.await?`
			`{`
			`return Ok(HttpResponse::TooManyRequests().finish());`
			`}`

			`if !StaticConstraints::default()`
			`.password_len`
Can replace password 2023-06-05 17:04:31 +00:00			`.validate(&q.new_password)`
Can replace password 2023-06-05 17:02:51 +00:00			`{`
Can replace user password from profile 2023-06-14 13:23:23 +00:00			`return Ok(HttpResponse::BadRequest().json("Invalid new password!"));`
Can replace password 2023-06-05 17:02:51 +00:00			`}`

Refactor users_service 2023-06-05 17:11:28 +00:00			`let mut user = users_service::get_by_id(token.user_id).await?;`
Can replace password 2023-06-05 17:02:51 +00:00			`if !user.check_password(&q.old_password) {`
			`rate_limiter_service::record_action(`
			`remote_ip.0,`
			`RatedAction::RequestReplacePasswordSignedIn,`
			`)`
			`.await?;`
Can replace user password from profile 2023-06-14 13:23:23 +00:00			`return Ok(HttpResponse::Unauthorized().json("Invalid old password!"));`
Can replace password 2023-06-05 17:02:51 +00:00			`}`

Refactor users_service 2023-06-05 17:11:28 +00:00			`users_service::change_password(&mut user, &q.new_password).await?;`
Can replace password 2023-06-05 17:02:51 +00:00
			`Ok(HttpResponse::Accepted().finish())`
			`}`
Can request account deletion 2023-06-06 07:47:52 +00:00
			`/// Request delete account`
			`pub async fn request_delete_account(remote_ip: RemoteIP, token: LoginToken) -> HttpResult {`
			`// Rate limiting`
			`if rate_limiter_service::should_block_action(remote_ip.0, RatedAction::RequestDeleteAccount)`
			`.await?`
			`{`
			`return Ok(HttpResponse::TooManyRequests().finish());`
			`}`
			`rate_limiter_service::record_action(remote_ip.0, RatedAction::RequestDeleteAccount).await?;`

			`let mut user = users_service::get_by_id(token.user_id).await?;`
			`users_service::request_delete_account(&mut user).await?;`

			`Ok(HttpResponse::Accepted().finish())`
			`}`
Can check delete account token 2023-06-06 08:02:41 +00:00
			`#[derive(serde::Deserialize)]`
Can delete account 2023-06-06 08:19:54 +00:00			`pub struct DeleteAccountTokenBody {`
Can check delete account token 2023-06-06 08:02:41 +00:00			`token: String,`
			`}`

			`#[derive(serde::Serialize)]`
			`struct CheckDeleteTokenResponse {`
			`email: String,`
			`}`

			`/// Check delete account token`
Can delete account 2023-06-06 08:19:54 +00:00			`pub async fn check_delete_token(req: Json<DeleteAccountTokenBody>) -> HttpResult {`
			`let user = users_service::get_by_account_delete_token(&req.token).await?;`
Can check delete account token 2023-06-06 08:02:41 +00:00
Can delete account 2023-06-06 08:19:54 +00:00			`Ok(HttpResponse::Ok().json(CheckDeleteTokenResponse { email: user.email }))`
			`}`

			`/// Delete account`
			`pub async fn delete_account(req: Json<DeleteAccountTokenBody>) -> HttpResult {`
			`let user = users_service::get_by_account_delete_token(&req.token).await?;`

			`users_service::delete_account(&user).await?;`

			`Ok(HttpResponse::Accepted().finish())`
Can check delete account token 2023-06-06 08:02:41 +00:00			`}`