Automatically remove outdated account creation requests

2023-05-31 11:06:58 +02:00 · 2023-05-31 11:06:58 +02:00 · 7f8e41b618
commit 7f8e41b618
parent 62a52b385e
4 changed files with 26 additions and 3 deletions
--- a/geneit_backend/src/constants.rs
+++ b/geneit_backend/src/constants.rs
@ -1,3 +1,5 @@
+use std::time::Duration;
+
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
 pub struct SizeConstraint {
    min: usize,
@ -31,3 +33,6 @@ impl Default for StaticConstraints {
        }
    }
 }
+
+/// Password reset token duration
+pub const PASSWORD_RESET_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 24);
--- a/geneit_backend/src/controllers/auth_controller.rs
+++ b/geneit_backend/src/controllers/auth_controller.rs
@ -31,6 +31,9 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
        return Ok(HttpResponse::BadRequest().json("Size constraints were not respected!"));
    }

+    // Perform cleanup
+    users_service::delete_not_validated_accounts().await?;
+
    // Check if email is already attached to an account
    if users_service::exists_email(&req.email).await? {
        return Ok(
@ -44,8 +47,6 @@ pub async fn create_account(remote_ip: RemoteIP, req: web::Json<CreateAccountBod
    // Trigger reset password (send mail)
    users_service::request_reset_password(&mut user).await?;

-    // TODO : cleanup in a cron not validated accounts after 24 hours
-
    // Account successfully created
    Ok(HttpResponse::Created().finish())
 }
--- a/geneit_backend/src/services/mail_service.rs
+++ b/geneit_backend/src/services/mail_service.rs
@ -8,7 +8,7 @@ pub async fn send_mail<D: Display>(to: &str, subject: &str, body: D) -> anyhow::
    let conf = AppConfig::get();

    let email = Message::builder()
-        .from(conf.mail_sender.parse()?)
+        .from(format!("GeneIT <{}>", conf.mail_sender).parse()?)
        .to(to.parse()?)
        .subject(subject)
        .header(ContentType::TEXT_PLAIN)
--- a/geneit_backend/src/services/users_service.rs
+++ b/geneit_backend/src/services/users_service.rs
@ -2,6 +2,7 @@

 use crate::app_config::AppConfig;
 use crate::connections::db_connection;
+use crate::constants::PASSWORD_RESET_TOKEN_DURATION;
 use crate::models::{NewUser, User, UserID};
 use crate::schema::users;
 use crate::services::mail_service;
@ -78,3 +79,19 @@ pub async fn request_reset_password(user: &mut User) -> anyhow::Result<()> {

    Ok(())
 }
+
+/// Delete not validated accounts whose reset token has expired
+pub async fn delete_not_validated_accounts() -> anyhow::Result<()> {
+    db_connection::execute(|conn| {
+        diesel::delete(
+            users::dsl::users.filter(
+                users::dsl::time_activate.eq(0).and(
+                    users::dsl::time_gen_reset_token
+                        .lt(time() as i64 - PASSWORD_RESET_TOKEN_DURATION.as_secs() as i64),
+                ),
+            ),
+        )
+        .execute(conn)?;
+        Ok(())
+    })
+}