From 85e5be032894e4a75c434a3103518f393079e442 Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Tue, 6 Jun 2023 10:02:41 +0200 Subject: [PATCH] Can check delete account token --- geneit_backend/src/constants.rs | 3 +++ .../src/controllers/user_controller.rs | 17 +++++++++++++ geneit_backend/src/main.rs | 4 +++ geneit_backend/src/services/users_service.rs | 25 +++++++++++++++++-- 4 files changed, 47 insertions(+), 2 deletions(-) diff --git a/geneit_backend/src/constants.rs b/geneit_backend/src/constants.rs index 726a638..e6ecac8 100644 --- a/geneit_backend/src/constants.rs +++ b/geneit_backend/src/constants.rs @@ -37,5 +37,8 @@ impl Default for StaticConstraints { /// Password reset token duration pub const PASSWORD_RESET_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 24); +/// Account deletion token duration +pub const ACCOUNT_DELETE_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 12); + /// OpenID state duration pub const OPEN_ID_STATE_DURATION: Duration = Duration::from_secs(3600); diff --git a/geneit_backend/src/controllers/user_controller.rs b/geneit_backend/src/controllers/user_controller.rs index a18f59c..bebbf8b 100644 --- a/geneit_backend/src/controllers/user_controller.rs +++ b/geneit_backend/src/controllers/user_controller.rs @@ -113,3 +113,20 @@ pub async fn request_delete_account(remote_ip: RemoteIP, token: LoginToken) -> H Ok(HttpResponse::Accepted().finish()) } + +#[derive(serde::Deserialize)] +pub struct DeleteTokenBody { + token: String, +} + +#[derive(serde::Serialize)] +struct CheckDeleteTokenResponse { + email: String, +} + +/// Check delete account token +pub async fn check_delete_token(req: Json) -> HttpResult { + let token = users_service::get_by_account_delete_token(&req.token).await?; + + Ok(HttpResponse::Ok().json(CheckDeleteTokenResponse { email: token.email })) +} diff --git a/geneit_backend/src/main.rs b/geneit_backend/src/main.rs index 07af848..a9b2b5f 100644 --- a/geneit_backend/src/main.rs +++ b/geneit_backend/src/main.rs @@ -66,6 +66,10 @@ async fn main() -> std::io::Result<()> { "/user/request_delete", web::get().to(user_controller::request_delete_account), ) + .route( + "/user/check_delete_token", + web::post().to(user_controller::check_delete_token), + ) }) .bind(AppConfig::get().listen_address.as_str())? .run() diff --git a/geneit_backend/src/services/users_service.rs b/geneit_backend/src/services/users_service.rs index abfacfa..52544d7 100644 --- a/geneit_backend/src/services/users_service.rs +++ b/geneit_backend/src/services/users_service.rs @@ -2,7 +2,7 @@ use crate::app_config::AppConfig; use crate::connections::db_connection; -use crate::constants::PASSWORD_RESET_TOKEN_DURATION; +use crate::constants::{ACCOUNT_DELETE_TOKEN_DURATION, PASSWORD_RESET_TOKEN_DURATION}; use crate::models::{NewUser, User, UserID}; use crate::schema::users; use crate::services::mail_service; @@ -47,6 +47,27 @@ pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result { }) } +/// Get the information of a user, by its account deletion token +pub async fn get_by_account_delete_token(token: &str) -> anyhow::Result { + if token.is_empty() { + return Err(anyhow::Error::from(std::io::Error::new( + ErrorKind::Other, + "Token is empty!", + ))); + } + + db_connection::execute(|conn| { + Ok(users::table + .filter( + users::dsl::delete_account_token.eq(token.to_string()).and( + users::dsl::time_gen_delete_account_token + .ge(time() as i64 - ACCOUNT_DELETE_TOKEN_DURATION.as_secs() as i64), + ), + ) + .first(conn)?) + }) +} + /// Create a new account pub async fn create_account(name: &str, email: &str) -> anyhow::Result { db_connection::execute(|conn| { @@ -122,7 +143,7 @@ pub async fn request_delete_account(user: &mut User) -> anyhow::Result<()> { format!( "Bonjour, \n\n\ Vous avez demandé la suppression de votre compte GeneIT. Cette opération peut être effectuée via le lien suivant : {} \n\n\ - Ce lien est valide durant 24 heures.\n\n\ + Ce lien est valide durant 12 heures.\n\n\ Cordialement,\n\n\ L'équipe de GeneIT", AppConfig::get()