Can check delete account token

geneit_backend/src/constants.rs

@@ -37,5 +37,8 @@ impl Default for StaticConstraints {
 /// Password reset token duration
 pub const PASSWORD_RESET_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 24);
 
+/// Account deletion token duration
+pub const ACCOUNT_DELETE_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 12);
+
 /// OpenID state duration
 pub const OPEN_ID_STATE_DURATION: Duration = Duration::from_secs(3600);

geneit_backend/src/controllers/user_controller.rs

@@ -113,3 +113,20 @@ pub async fn request_delete_account(remote_ip: RemoteIP, token: LoginToken) -> H
 
     Ok(HttpResponse::Accepted().finish())
 }
+
+#[derive(serde::Deserialize)]
+pub struct DeleteTokenBody {
+    token: String,
+}
+
+#[derive(serde::Serialize)]
+struct CheckDeleteTokenResponse {
+    email: String,
+}
+
+/// Check delete account token
+pub async fn check_delete_token(req: Json<DeleteTokenBody>) -> HttpResult {
+    let token = users_service::get_by_account_delete_token(&req.token).await?;
+
+    Ok(HttpResponse::Ok().json(CheckDeleteTokenResponse { email: token.email }))
+}

geneit_backend/src/main.rs

@@ -66,6 +66,10 @@ async fn main() -> std::io::Result<()> {
                 "/user/request_delete",
                 web::get().to(user_controller::request_delete_account),
             )
+            .route(
+                "/user/check_delete_token",
+                web::post().to(user_controller::check_delete_token),
+            )
     })
     .bind(AppConfig::get().listen_address.as_str())?
     .run()

geneit_backend/src/services/users_service.rs

@@ -2,7 +2,7 @@
 
 use crate::app_config::AppConfig;
 use crate::connections::db_connection;
-use crate::constants::PASSWORD_RESET_TOKEN_DURATION;
+use crate::constants::{ACCOUNT_DELETE_TOKEN_DURATION, PASSWORD_RESET_TOKEN_DURATION};
 use crate::models::{NewUser, User, UserID};
 use crate::schema::users;
 use crate::services::mail_service;
@@ -47,6 +47,27 @@ pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
     })
 }
 
+/// Get the information of a user, by its account deletion token
+pub async fn get_by_account_delete_token(token: &str) -> anyhow::Result<User> {
+    if token.is_empty() {
+        return Err(anyhow::Error::from(std::io::Error::new(
+            ErrorKind::Other,
+            "Token is empty!",
+        )));
+    }
+
+    db_connection::execute(|conn| {
+        Ok(users::table
+            .filter(
+                users::dsl::delete_account_token.eq(token.to_string()).and(
+                    users::dsl::time_gen_delete_account_token
+                        .ge(time() as i64 - ACCOUNT_DELETE_TOKEN_DURATION.as_secs() as i64),
+                ),
+            )
+            .first(conn)?)
+    })
+}
+
 /// Create a new account
 pub async fn create_account(name: &str, email: &str) -> anyhow::Result<User> {
     db_connection::execute(|conn| {
@@ -122,7 +143,7 @@ pub async fn request_delete_account(user: &mut User) -> anyhow::Result<()> {
         format!(
             "Bonjour, \n\n\
             Vous avez demandé la suppression de votre compte GeneIT. Cette opération peut être effectuée via le lien suivant : {} \n\n\
-            Ce lien est valide durant 24 heures.\n\n\
+            Ce lien est valide durant 12 heures.\n\n\
             Cordialement,\n\n\
             L'équipe de GeneIT",
             AppConfig::get()