Can change password by reset
This commit is contained in:
parent
0590197315
commit
56be33070c
55
geneit_backend/Cargo.lock
generated
55
geneit_backend/Cargo.lock
generated
@ -320,6 +320,19 @@ version = "0.21.1"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "3f1e31e207a6b8fb791a38ea3105e6cb541f55e4d029902d3039a4ad07cc4105"
|
checksum = "3f1e31e207a6b8fb791a38ea3105e6cb541f55e4d029902d3039a4ad07cc4105"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "bcrypt"
|
||||||
|
version = "0.14.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "9df288bec72232f78c1ec5fe4e8f1d108aa0265476e93097593c803c8c02062a"
|
||||||
|
dependencies = [
|
||||||
|
"base64",
|
||||||
|
"blowfish",
|
||||||
|
"getrandom",
|
||||||
|
"subtle",
|
||||||
|
"zeroize",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "bitflags"
|
name = "bitflags"
|
||||||
version = "1.3.2"
|
version = "1.3.2"
|
||||||
@ -335,6 +348,16 @@ dependencies = [
|
|||||||
"generic-array",
|
"generic-array",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "blowfish"
|
||||||
|
version = "0.9.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7"
|
||||||
|
dependencies = [
|
||||||
|
"byteorder",
|
||||||
|
"cipher",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "brotli"
|
name = "brotli"
|
||||||
version = "3.3.4"
|
version = "3.3.4"
|
||||||
@ -392,6 +415,16 @@ version = "1.0.0"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "cipher"
|
||||||
|
version = "0.4.4"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
|
||||||
|
dependencies = [
|
||||||
|
"crypto-common",
|
||||||
|
"inout",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "clap"
|
name = "clap"
|
||||||
version = "4.3.0"
|
version = "4.3.0"
|
||||||
@ -734,6 +767,7 @@ dependencies = [
|
|||||||
"actix-remote-ip",
|
"actix-remote-ip",
|
||||||
"actix-web",
|
"actix-web",
|
||||||
"anyhow",
|
"anyhow",
|
||||||
|
"bcrypt",
|
||||||
"clap",
|
"clap",
|
||||||
"diesel",
|
"diesel",
|
||||||
"env_logger",
|
"env_logger",
|
||||||
@ -874,6 +908,15 @@ dependencies = [
|
|||||||
"hashbrown",
|
"hashbrown",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "inout"
|
||||||
|
version = "0.1.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
|
||||||
|
dependencies = [
|
||||||
|
"generic-array",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "instant"
|
name = "instant"
|
||||||
version = "0.1.12"
|
version = "0.1.12"
|
||||||
@ -1516,6 +1559,12 @@ version = "0.10.0"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
|
checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "subtle"
|
||||||
|
version = "2.5.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "syn"
|
name = "syn"
|
||||||
version = "1.0.109"
|
version = "1.0.109"
|
||||||
@ -1894,6 +1943,12 @@ version = "0.48.0"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
|
checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "zeroize"
|
||||||
|
version = "1.6.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "zstd"
|
name = "zstd"
|
||||||
version = "0.12.3+zstd.1.5.2"
|
version = "0.12.3+zstd.1.5.2"
|
||||||
|
@ -19,4 +19,5 @@ actix-remote-ip = "0.1.0"
|
|||||||
mailchecker = "5.0.9"
|
mailchecker = "5.0.9"
|
||||||
redis = "0.23.0"
|
redis = "0.23.0"
|
||||||
lettre = "0.10.4"
|
lettre = "0.10.4"
|
||||||
rand = "0.8.5"
|
rand = "0.8.5"
|
||||||
|
bcrypt = "0.14.0"
|
@ -91,3 +91,50 @@ pub async fn check_reset_password_token(
|
|||||||
|
|
||||||
Ok(HttpResponse::Ok().json(CheckResetPasswordTokenResponse { name: user.name }))
|
Ok(HttpResponse::Ok().json(CheckResetPasswordTokenResponse { name: user.name }))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(serde::Deserialize)]
|
||||||
|
pub struct ResetPasswordBody {
|
||||||
|
token: String,
|
||||||
|
password: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Reset password
|
||||||
|
pub async fn reset_password(remote_ip: RemoteIP, req: web::Json<ResetPasswordBody>) -> HttpResult {
|
||||||
|
// Rate limiting
|
||||||
|
if rate_limiter_service::should_block_action(
|
||||||
|
remote_ip.0,
|
||||||
|
RatedAction::CheckResetPasswordTokenFailed,
|
||||||
|
)
|
||||||
|
.await?
|
||||||
|
{
|
||||||
|
return Ok(HttpResponse::TooManyRequests().finish());
|
||||||
|
}
|
||||||
|
|
||||||
|
let user = match users_service::get_by_pwd_reset_token(&req.token).await {
|
||||||
|
Ok(t) => t,
|
||||||
|
Err(e) => {
|
||||||
|
rate_limiter_service::record_action(
|
||||||
|
remote_ip.0,
|
||||||
|
RatedAction::CheckResetPasswordTokenFailed,
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
log::error!("Password reset token could not be used: {}", e);
|
||||||
|
return Ok(HttpResponse::NotFound().finish());
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
if !StaticConstraints::default()
|
||||||
|
.password_len
|
||||||
|
.validate(&req.password)
|
||||||
|
{
|
||||||
|
return Ok(HttpResponse::BadRequest().json("Taille du mot de passe invalide!"));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate account, if required
|
||||||
|
users_service::validate_account(&user).await?;
|
||||||
|
|
||||||
|
// Change user password
|
||||||
|
users_service::change_password(&user, &req.password).await?;
|
||||||
|
|
||||||
|
Ok(HttpResponse::Accepted().finish())
|
||||||
|
}
|
||||||
|
@ -31,6 +31,10 @@ async fn main() -> std::io::Result<()> {
|
|||||||
"/auth/check_reset_password_token",
|
"/auth/check_reset_password_token",
|
||||||
web::post().to(auth_controller::check_reset_password_token),
|
web::post().to(auth_controller::check_reset_password_token),
|
||||||
)
|
)
|
||||||
|
.route(
|
||||||
|
"/auth/reset_password",
|
||||||
|
web::post().to(auth_controller::reset_password),
|
||||||
|
)
|
||||||
})
|
})
|
||||||
.bind(AppConfig::get().listen_address.as_str())?
|
.bind(AppConfig::get().listen_address.as_str())?
|
||||||
.run()
|
.run()
|
||||||
|
@ -8,7 +8,9 @@ use crate::schema::users;
|
|||||||
use crate::services::mail_service;
|
use crate::services::mail_service;
|
||||||
use crate::utils::string_utils::rand_str;
|
use crate::utils::string_utils::rand_str;
|
||||||
use crate::utils::time_utils::time;
|
use crate::utils::time_utils::time;
|
||||||
|
use bcrypt::DEFAULT_COST;
|
||||||
use diesel::prelude::*;
|
use diesel::prelude::*;
|
||||||
|
use std::io::ErrorKind;
|
||||||
|
|
||||||
/// Get the information of the user, by its id
|
/// Get the information of the user, by its id
|
||||||
pub async fn get_by_id(id: UserID) -> anyhow::Result<User> {
|
pub async fn get_by_id(id: UserID) -> anyhow::Result<User> {
|
||||||
@ -17,6 +19,13 @@ pub async fn get_by_id(id: UserID) -> anyhow::Result<User> {
|
|||||||
|
|
||||||
/// Get the information of the user, by its password reset token
|
/// Get the information of the user, by its password reset token
|
||||||
pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
|
pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
|
||||||
|
if token.is_empty() {
|
||||||
|
return Err(anyhow::Error::from(std::io::Error::new(
|
||||||
|
ErrorKind::Other,
|
||||||
|
"Token is empty!",
|
||||||
|
)));
|
||||||
|
}
|
||||||
|
|
||||||
db_connection::execute(|conn| {
|
db_connection::execute(|conn| {
|
||||||
Ok(users::table
|
Ok(users::table
|
||||||
.filter(
|
.filter(
|
||||||
@ -109,3 +118,52 @@ pub async fn delete_not_validated_accounts() -> anyhow::Result<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Mark account as validated
|
||||||
|
pub async fn validate_account(user: &User) -> anyhow::Result<()> {
|
||||||
|
if user.time_activate > 0 {
|
||||||
|
log::debug!(
|
||||||
|
"Did not activate account {} because it is already activated!",
|
||||||
|
user.id
|
||||||
|
);
|
||||||
|
return Ok(());
|
||||||
|
}
|
||||||
|
|
||||||
|
mail_service::send_mail(
|
||||||
|
&user.email,
|
||||||
|
"Activation de votre compte GeneIT",
|
||||||
|
"Bonjour,\n\n\
|
||||||
|
Votre compte GeneIT a été activé avec succès !\n\n\
|
||||||
|
Cordialement,\n\n\
|
||||||
|
L'équipe de GeneIT",
|
||||||
|
)
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
db_connection::execute(|conn| {
|
||||||
|
Ok(
|
||||||
|
diesel::update(users::dsl::users.filter(users::dsl::id.eq(user.id)))
|
||||||
|
.set((users::dsl::time_activate.eq(time() as i64),))
|
||||||
|
.execute(conn)?,
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Change user paswsord
|
||||||
|
pub async fn change_password(user: &User, new_password: &str) -> anyhow::Result<()> {
|
||||||
|
let hash = bcrypt::hash(new_password, DEFAULT_COST)?;
|
||||||
|
|
||||||
|
db_connection::execute(|conn| {
|
||||||
|
Ok(
|
||||||
|
diesel::update(users::dsl::users.filter(users::dsl::id.eq(user.id)))
|
||||||
|
.set((
|
||||||
|
users::dsl::password.eq(hash),
|
||||||
|
users::dsl::reset_password_token.eq(None::<String>),
|
||||||
|
))
|
||||||
|
.execute(conn)?,
|
||||||
|
)
|
||||||
|
})?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user