Can request password reset

geneit_backend/src/controllers/auth_controller.rs

@@ -51,6 +51,41 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
     Ok(HttpResponse::Created().finish())
 }
 
+#[derive(serde::Deserialize)]
+pub struct RequestResetPasswordBody {
+    mail: String,
+}
+
+/// Request the creation of a new password reset link
+pub async fn request_reset_password(
+    remote_ip: RemoteIP,
+    req: web::Json<RequestResetPasswordBody>,
+) -> HttpResult {
+    // Rate limiting
+    if rate_limiter_service::should_block_action(
+        remote_ip.0,
+        RatedAction::RequestNewPasswordResetLink,
+    )
+    .await?
+    {
+        return Ok(HttpResponse::TooManyRequests().finish());
+    }
+    rate_limiter_service::record_action(remote_ip.0, RatedAction::RequestNewPasswordResetLink)
+        .await?;
+
+    match users_service::get_by_mail(&req.mail).await {
+        Ok(mut user) => users_service::request_reset_password(&mut user).await?,
+        Err(e) => {
+            log::error!(
+                "Could not locate user account {}! (error silently ignored)",
+                e
+            );
+        }
+    }
+
+    Ok(HttpResponse::Created().finish())
+}
+
 #[derive(serde::Deserialize)]
 pub struct CheckResetPasswordTokenBody {
     token: String,

geneit_backend/src/main.rs

@@ -27,6 +27,10 @@ async fn main() -> std::io::Result<()> {
                 "/auth/create_account",
                 web::post().to(auth_controller::create_account),
             )
+            .route(
+                "/auth/request_reset_password",
+                web::post().to(auth_controller::request_reset_password),
+            )
             .route(
                 "/auth/check_reset_password_token",
                 web::post().to(auth_controller::check_reset_password_token),

geneit_backend/src/services/rate_limiter_service.rs

@@ -7,6 +7,7 @@ use std::time::Duration;
 pub enum RatedAction {
     CreateAccount,
     CheckResetPasswordTokenFailed,
+    RequestNewPasswordResetLink,
 }
 
 impl RatedAction {
@@ -14,6 +15,7 @@ impl RatedAction {
         match self {
             RatedAction::CreateAccount => "create-account",
             RatedAction::CheckResetPasswordTokenFailed => "check-reset-password-token",
+            RatedAction::RequestNewPasswordResetLink => "req-pwd-reset-lnk",
         }
     }
 
@@ -21,14 +23,12 @@ impl RatedAction {
         match self {
             RatedAction::CreateAccount => 5,
             RatedAction::CheckResetPasswordTokenFailed => 100,
+            RatedAction::RequestNewPasswordResetLink => 5,
         }
     }
 
     fn keep_seconds(&self) -> u64 {
-        match self {
-            RatedAction::CreateAccount => 3600,
-            RatedAction::CheckResetPasswordTokenFailed => 3600,
-        }
+        3600
     }
 
     fn key(&self, ip: IpAddr) -> String {

geneit_backend/src/services/users_service.rs

@@ -12,12 +12,21 @@ use bcrypt::DEFAULT_COST;
 use diesel::prelude::*;
 use std::io::ErrorKind;
 
-/// Get the information of the user, by its id
+/// Get the information of a user, by its id
 pub async fn get_by_id(id: UserID) -> anyhow::Result<User> {
     db_connection::execute(|conn| Ok(users::table.filter(users::dsl::id.eq(id.0)).first(conn)?))
 }
 
-/// Get the information of the user, by its password reset token
+/// Get the information of a user, by its mail
+pub async fn get_by_mail(mail: &str) -> anyhow::Result<User> {
+    db_connection::execute(|conn| {
+        Ok(users::table
+            .filter(users::dsl::email.eq(mail))
+            .first(conn)?)
+    })
+}
+
+/// Get the information of a user, by its password reset token
 pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
     if token.is_empty() {
         return Err(anyhow::Error::from(std::io::Error::new(