Automatically remove outdated account creation requests

This commit is contained in:
Pierre HUBERT 2023-05-31 11:06:58 +02:00
parent 62a52b385e
commit 7f8e41b618
4 changed files with 26 additions and 3 deletions

View File

@ -1,3 +1,5 @@
use std::time::Duration;
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)] #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct SizeConstraint { pub struct SizeConstraint {
min: usize, min: usize,
@ -31,3 +33,6 @@ impl Default for StaticConstraints {
} }
} }
} }
/// Password reset token duration
pub const PASSWORD_RESET_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 24);

View File

@ -31,6 +31,9 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
return Ok(HttpResponse::BadRequest().json("Size constraints were not respected!")); return Ok(HttpResponse::BadRequest().json("Size constraints were not respected!"));
} }
// Perform cleanup
users_service::delete_not_validated_accounts().await?;
// Check if email is already attached to an account // Check if email is already attached to an account
if users_service::exists_email(&req.email).await? { if users_service::exists_email(&req.email).await? {
return Ok( return Ok(
@ -44,8 +47,6 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
// Trigger reset password (send mail) // Trigger reset password (send mail)
users_service::request_reset_password(&mut user).await?; users_service::request_reset_password(&mut user).await?;
// TODO : cleanup in a cron not validated accounts after 24 hours
// Account successfully created // Account successfully created
Ok(HttpResponse::Created().finish()) Ok(HttpResponse::Created().finish())
} }

View File

@ -8,7 +8,7 @@ pub async fn send_mail<D: Display>(to: &str, subject: &str, body: D) -> anyhow::
let conf = AppConfig::get(); let conf = AppConfig::get();
let email = Message::builder() let email = Message::builder()
.from(conf.mail_sender.parse()?) .from(format!("GeneIT <{}>", conf.mail_sender).parse()?)
.to(to.parse()?) .to(to.parse()?)
.subject(subject) .subject(subject)
.header(ContentType::TEXT_PLAIN) .header(ContentType::TEXT_PLAIN)

View File

@ -2,6 +2,7 @@
use crate::app_config::AppConfig; use crate::app_config::AppConfig;
use crate::connections::db_connection; use crate::connections::db_connection;
use crate::constants::PASSWORD_RESET_TOKEN_DURATION;
use crate::models::{NewUser, User, UserID}; use crate::models::{NewUser, User, UserID};
use crate::schema::users; use crate::schema::users;
use crate::services::mail_service; use crate::services::mail_service;
@ -78,3 +79,19 @@ pub async fn request_reset_password(user: &mut User) -> anyhow::Result<()> {
Ok(()) Ok(())
} }
/// Delete not validated accounts whose reset token has expired
pub async fn delete_not_validated_accounts() -> anyhow::Result<()> {
db_connection::execute(|conn| {
diesel::delete(
users::dsl::users.filter(
users::dsl::time_activate.eq(0).and(
users::dsl::time_gen_reset_token
.lt(time() as i64 - PASSWORD_RESET_TOKEN_DURATION.as_secs() as i64),
),
),
)
.execute(conn)?;
Ok(())
})
}