Can request password reset

This commit is contained in:
Pierre HUBERT 2023-05-31 13:56:18 +02:00
parent 56be33070c
commit 5ed74260a8
4 changed files with 54 additions and 6 deletions

View File

@ -51,6 +51,41 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
Ok(HttpResponse::Created().finish()) Ok(HttpResponse::Created().finish())
} }
#[derive(serde::Deserialize)]
pub struct RequestResetPasswordBody {
mail: String,
}
/// Request the creation of a new password reset link
pub async fn request_reset_password(
remote_ip: RemoteIP,
req: web::Json<RequestResetPasswordBody>,
) -> HttpResult {
// Rate limiting
if rate_limiter_service::should_block_action(
remote_ip.0,
RatedAction::RequestNewPasswordResetLink,
)
.await?
{
return Ok(HttpResponse::TooManyRequests().finish());
}
rate_limiter_service::record_action(remote_ip.0, RatedAction::RequestNewPasswordResetLink)
.await?;
match users_service::get_by_mail(&req.mail).await {
Ok(mut user) => users_service::request_reset_password(&mut user).await?,
Err(e) => {
log::error!(
"Could not locate user account {}! (error silently ignored)",
e
);
}
}
Ok(HttpResponse::Created().finish())
}
#[derive(serde::Deserialize)] #[derive(serde::Deserialize)]
pub struct CheckResetPasswordTokenBody { pub struct CheckResetPasswordTokenBody {
token: String, token: String,

View File

@ -27,6 +27,10 @@ async fn main() -> std::io::Result<()> {
"/auth/create_account", "/auth/create_account",
web::post().to(auth_controller::create_account), web::post().to(auth_controller::create_account),
) )
.route(
"/auth/request_reset_password",
web::post().to(auth_controller::request_reset_password),
)
.route( .route(
"/auth/check_reset_password_token", "/auth/check_reset_password_token",
web::post().to(auth_controller::check_reset_password_token), web::post().to(auth_controller::check_reset_password_token),

View File

@ -7,6 +7,7 @@ use std::time::Duration;
pub enum RatedAction { pub enum RatedAction {
CreateAccount, CreateAccount,
CheckResetPasswordTokenFailed, CheckResetPasswordTokenFailed,
RequestNewPasswordResetLink,
} }
impl RatedAction { impl RatedAction {
@ -14,6 +15,7 @@ impl RatedAction {
match self { match self {
RatedAction::CreateAccount => "create-account", RatedAction::CreateAccount => "create-account",
RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token", RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token",
RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk",
} }
} }
@ -21,14 +23,12 @@ impl RatedAction {
match self { match self {
RatedAction::CreateAccount => 5, RatedAction::CreateAccount => 5,
RatedAction::CheckResetPasswordTokenFailed => 100, RatedAction::CheckResetPasswordTokenFailed => 100,
RatedAction::RequestNewPasswordResetLink => 5,
} }
} }
fn keep_seconds(&self) -> u64 { fn keep_seconds(&self) -> u64 {
match self { 3600
RatedAction::CreateAccount => 3600,
RatedAction::CheckResetPasswordTokenFailed => 3600,
}
} }
fn key(&self, ip: IpAddr) -> String { fn key(&self, ip: IpAddr) -> String {

View File

@ -12,12 +12,21 @@ use bcrypt::DEFAULT_COST;
use diesel::prelude::*; use diesel::prelude::*;
use std::io::ErrorKind; use std::io::ErrorKind;
/// Get the information of the user, by its id /// Get the information of a user, by its id
pub async fn get_by_id(id: UserID) -> anyhow::Result<User> { pub async fn get_by_id(id: UserID) -> anyhow::Result<User> {
db_connection::execute(|conn| Ok(users::table.filter(users::dsl::id.eq(id.0)).first(conn)?)) db_connection::execute(|conn| Ok(users::table.filter(users::dsl::id.eq(id.0)).first(conn)?))
} }
/// Get the information of the user, by its password reset token /// Get the information of a user, by its mail
pub async fn get_by_mail(mail: &str) -> anyhow::Result<User> {
db_connection::execute(|conn| {
Ok(users::table
.filter(users::dsl::email.eq(mail))
.first(conn)?)
})
}
/// Get the information of a user, by its password reset token
pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> { pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
if token.is_empty() { if token.is_empty() {
return Err(anyhow::Error::from(std::io::Error::new( return Err(anyhow::Error::from(std::io::Error::new(