Can check the validity of a password reset token
This commit is contained in:
parent
7f8e41b618
commit
0590197315
@ -50,3 +50,44 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
|
||||
// Account successfully created
|
||||
Ok(HttpResponse::Created().finish())
|
||||
}
|
||||
|
||||
#[derive(serde::Deserialize)]
|
||||
pub struct CheckResetPasswordTokenBody {
|
||||
token: String,
|
||||
}
|
||||
|
||||
#[derive(serde::Serialize)]
|
||||
pub struct CheckResetPasswordTokenResponse {
|
||||
name: String,
|
||||
}
|
||||
|
||||
/// Check reset password token
|
||||
pub async fn check_reset_password_token(
|
||||
remote_ip: RemoteIP,
|
||||
req: web::Json<CheckResetPasswordTokenBody>,
|
||||
) -> HttpResult {
|
||||
// Rate limiting
|
||||
if rate_limiter_service::should_block_action(
|
||||
remote_ip.0,
|
||||
RatedAction::CheckResetPasswordTokenFailed,
|
||||
)
|
||||
.await?
|
||||
{
|
||||
return Ok(HttpResponse::TooManyRequests().finish());
|
||||
}
|
||||
|
||||
let user = match users_service::get_by_pwd_reset_token(&req.token).await {
|
||||
Ok(t) => t,
|
||||
Err(e) => {
|
||||
rate_limiter_service::record_action(
|
||||
remote_ip.0,
|
||||
RatedAction::CheckResetPasswordTokenFailed,
|
||||
)
|
||||
.await?;
|
||||
log::error!("Password reset token could not be used: {}", e);
|
||||
return Ok(HttpResponse::NotFound().finish());
|
||||
}
|
||||
};
|
||||
|
||||
Ok(HttpResponse::Ok().json(CheckResetPasswordTokenResponse { name: user.name }))
|
||||
}
|
||||
|
@ -27,6 +27,10 @@ async fn main() -> std::io::Result<()> {
|
||||
"/auth/create_account",
|
||||
web::post().to(auth_controller::create_account),
|
||||
)
|
||||
.route(
|
||||
"/auth/check_reset_password_token",
|
||||
web::post().to(auth_controller::check_reset_password_token),
|
||||
)
|
||||
})
|
||||
.bind(AppConfig::get().listen_address.as_str())?
|
||||
.run()
|
||||
|
@ -6,24 +6,28 @@ use std::time::Duration;
|
||||
#[derive(Debug, Copy, Clone)]
|
||||
pub enum RatedAction {
|
||||
CreateAccount,
|
||||
CheckResetPasswordTokenFailed,
|
||||
}
|
||||
|
||||
impl RatedAction {
|
||||
fn id(&self) -> &'static str {
|
||||
match self {
|
||||
RatedAction::CreateAccount => "create-account",
|
||||
RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token",
|
||||
}
|
||||
}
|
||||
|
||||
fn limit(&self) -> usize {
|
||||
match self {
|
||||
RatedAction::CreateAccount => 5,
|
||||
RatedAction::CheckResetPasswordTokenFailed => 100,
|
||||
}
|
||||
}
|
||||
|
||||
fn keep_seconds(&self) -> u64 {
|
||||
match self {
|
||||
RatedAction::CreateAccount => 3600,
|
||||
RatedAction::CheckResetPasswordTokenFailed => 3600,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -10,11 +10,25 @@ use crate::utils::string_utils::rand_str;
|
||||
use crate::utils::time_utils::time;
|
||||
use diesel::prelude::*;
|
||||
|
||||
/// Get the information of the user
|
||||
/// Get the information of the user, by its id
|
||||
pub async fn get_by_id(id: UserID) -> anyhow::Result<User> {
|
||||
db_connection::execute(|conn| Ok(users::table.filter(users::dsl::id.eq(id.0)).first(conn)?))
|
||||
}
|
||||
|
||||
/// Get the information of the user, by its password reset token
|
||||
pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
|
||||
db_connection::execute(|conn| {
|
||||
Ok(users::table
|
||||
.filter(
|
||||
users::dsl::reset_password_token.eq(token.to_string()).and(
|
||||
users::dsl::time_gen_reset_token
|
||||
.ge(time() as i64 - PASSWORD_RESET_TOKEN_DURATION.as_secs() as i64),
|
||||
),
|
||||
)
|
||||
.first(conn)?)
|
||||
})
|
||||
}
|
||||
|
||||
/// Create a new account
|
||||
pub async fn create_account(name: &str, email: &str) -> anyhow::Result<User> {
|
||||
db_connection::execute(|conn| {
|
||||
|
Loading…
Reference in New Issue
Block a user