diff --git a/geneit_backend/src/controllers/auth_controller.rs b/geneit_backend/src/controllers/auth_controller.rs index d8e5f48..e6fd233 100644 --- a/geneit_backend/src/controllers/auth_controller.rs +++ b/geneit_backend/src/controllers/auth_controller.rs @@ -51,6 +51,41 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json, +) -> HttpResult { + // Rate limiting + if rate_limiter_service::should_block_action( + remote_ip.0, + RatedAction::RequestNewPasswordResetLink, + ) + .await? + { + return Ok(HttpResponse::TooManyRequests().finish()); + } + rate_limiter_service::record_action(remote_ip.0, RatedAction::RequestNewPasswordResetLink) + .await?; + + match users_service::get_by_mail(&req.mail).await { + Ok(mut user) => users_service::request_reset_password(&mut user).await?, + Err(e) => { + log::error!( + "Could not locate user account {}! (error silently ignored)", + e + ); + } + } + + Ok(HttpResponse::Created().finish()) +} + #[derive(serde::Deserialize)] pub struct CheckResetPasswordTokenBody { token: String, diff --git a/geneit_backend/src/main.rs b/geneit_backend/src/main.rs index fd71cd7..adbf0df 100644 --- a/geneit_backend/src/main.rs +++ b/geneit_backend/src/main.rs @@ -27,6 +27,10 @@ async fn main() -> std::io::Result<()> { "/auth/create_account", web::post().to(auth_controller::create_account), ) + .route( + "/auth/request_reset_password", + web::post().to(auth_controller::request_reset_password), + ) .route( "/auth/check_reset_password_token", web::post().to(auth_controller::check_reset_password_token), diff --git a/geneit_backend/src/services/rate_limiter_service.rs b/geneit_backend/src/services/rate_limiter_service.rs index b4a3254..05cc39b 100644 --- a/geneit_backend/src/services/rate_limiter_service.rs +++ b/geneit_backend/src/services/rate_limiter_service.rs @@ -7,6 +7,7 @@ use std::time::Duration; pub enum RatedAction { CreateAccount, CheckResetPasswordTokenFailed, + RequestNewPasswordResetLink, } impl RatedAction { @@ -14,6 +15,7 @@ impl RatedAction { match self { RatedAction::CreateAccount => "create-account", RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token", + RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk", } } @@ -21,14 +23,12 @@ impl RatedAction { match self { RatedAction::CreateAccount => 5, RatedAction::CheckResetPasswordTokenFailed => 100, + RatedAction::RequestNewPasswordResetLink => 5, } } fn keep_seconds(&self) -> u64 { - match self { - RatedAction::CreateAccount => 3600, - RatedAction::CheckResetPasswordTokenFailed => 3600, - } + 3600 } fn key(&self, ip: IpAddr) -> String { diff --git a/geneit_backend/src/services/users_service.rs b/geneit_backend/src/services/users_service.rs index bb1bf2c..c5c6e06 100644 --- a/geneit_backend/src/services/users_service.rs +++ b/geneit_backend/src/services/users_service.rs @@ -12,12 +12,21 @@ use bcrypt::DEFAULT_COST; use diesel::prelude::*; use std::io::ErrorKind; -/// Get the information of the user, by its id +/// Get the information of a user, by its id pub async fn get_by_id(id: UserID) -> anyhow::Result { db_connection::execute(|conn| Ok(users::table.filter(users::dsl::id.eq(id.0)).first(conn)?)) } -/// Get the information of the user, by its password reset token +/// Get the information of a user, by its mail +pub async fn get_by_mail(mail: &str) -> anyhow::Result { + db_connection::execute(|conn| { + Ok(users::table + .filter(users::dsl::email.eq(mail)) + .first(conn)?) + }) +} + +/// Get the information of a user, by its password reset token pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result { if token.is_empty() { return Err(anyhow::Error::from(std::io::Error::new(