Can check delete account token

2023-06-06 10:02:41 +02:00 · 2023-06-06 10:02:41 +02:00 · 85e5be0328
commit 85e5be0328
parent 4b8baa2416
4 changed files with 47 additions and 2 deletions
--- a/geneit_backend/src/constants.rs
+++ b/geneit_backend/src/constants.rs
@ -37,5 +37,8 @@ impl Default for StaticConstraints {
 /// Password reset token duration
 pub const PASSWORD_RESET_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 24);

+/// Account deletion token duration
+pub const ACCOUNT_DELETE_TOKEN_DURATION: Duration = Duration::from_secs(3600 * 12);
+
 /// OpenID state duration
 pub const OPEN_ID_STATE_DURATION: Duration = Duration::from_secs(3600);
--- a/geneit_backend/src/controllers/user_controller.rs
+++ b/geneit_backend/src/controllers/user_controller.rs
@ -113,3 +113,20 @@ pub async fn request_delete_account(remote_ip: RemoteIP, token: LoginToken) -> H

    Ok(HttpResponse::Accepted().finish())
 }
+
+#[derive(serde::Deserialize)]
+pub struct DeleteTokenBody {
+    token: String,
+}
+
+#[derive(serde::Serialize)]
+struct CheckDeleteTokenResponse {
+    email: String,
+}
+
+/// Check delete account token
+pub async fn check_delete_token(req: Json<DeleteTokenBody>) -> HttpResult {
+    let token = users_service::get_by_account_delete_token(&req.token).await?;
+
+    Ok(HttpResponse::Ok().json(CheckDeleteTokenResponse { email: token.email }))
+}
--- a/geneit_backend/src/main.rs
+++ b/geneit_backend/src/main.rs
@ -66,6 +66,10 @@ async fn main() -> std::io::Result<()> {
                "/user/request_delete",
                web::get().to(user_controller::request_delete_account),
            )
+            .route(
+                "/user/check_delete_token",
+                web::post().to(user_controller::check_delete_token),
+            )
    })
    .bind(AppConfig::get().listen_address.as_str())?
    .run()
--- a/geneit_backend/src/services/users_service.rs
+++ b/geneit_backend/src/services/users_service.rs
@ -2,7 +2,7 @@

 use crate::app_config::AppConfig;
 use crate::connections::db_connection;
-use crate::constants::PASSWORD_RESET_TOKEN_DURATION;
+use crate::constants::{ACCOUNT_DELETE_TOKEN_DURATION, PASSWORD_RESET_TOKEN_DURATION};
 use crate::models::{NewUser, User, UserID};
 use crate::schema::users;
 use crate::services::mail_service;
@ -47,6 +47,27 @@ pub async fn get_by_pwd_reset_token(token: &str) -> anyhow::Result<User> {
    })
 }

+/// Get the information of a user, by its account deletion token
+pub async fn get_by_account_delete_token(token: &str) -> anyhow::Result<User> {
+    if token.is_empty() {
+        return Err(anyhow::Error::from(std::io::Error::new(
+            ErrorKind::Other,
+            "Token is empty!",
+        )));
+    }
+
+    db_connection::execute(|conn| {
+        Ok(users::table
+            .filter(
+                users::dsl::delete_account_token.eq(token.to_string()).and(
+                    users::dsl::time_gen_delete_account_token
+                        .ge(time() as i64 - ACCOUNT_DELETE_TOKEN_DURATION.as_secs() as i64),
+                ),
+            )
+            .first(conn)?)
+    })
+}
+
 /// Create a new account
 pub async fn create_account(name: &str, email: &str) -> anyhow::Result<User> {
    db_connection::execute(|conn| {
@ -122,7 +143,7 @@ pub async fn request_delete_account(user: &mut User) -> anyhow::Result<()> {
        format!(
            "Bonjour, \n\n\
            Vous avez demandé la suppression de votre compte GeneIT. Cette opération peut être effectuée via le lien suivant : {} \n\n\
-            Ce lien est valide durant 24 heures.\n\n\
+            Ce lien est valide durant 12 heures.\n\n\
            Cordialement,\n\n\
            L'équipe de GeneIT",
            AppConfig::get()