Compare commits
6 Commits
1515f50ed9
...
ee4481225e
| Author | SHA1 | Date | |
|---|---|---|---|
| ee4481225e | |||
| ab648dd4f2 | |||
| 73c1b987cd | |||
| 678690855a | |||
| 649d1a6ecf | |||
| 28cc3cd9ae |
@ -107,7 +107,7 @@ impl User {
|
||||
Ok(user)
|
||||
}
|
||||
|
||||
pub async fn read_for_login(pool: &PgPool, email: &str) -> Result<User> {
|
||||
pub async fn read_for_login(pool: &PgPool, email: &str) -> Result<Option<User>> {
|
||||
let record = sqlx::query!(
|
||||
r#"
|
||||
SELECT id,
|
||||
@ -126,25 +126,25 @@ impl User {
|
||||
"#,
|
||||
email,
|
||||
)
|
||||
.fetch_one(pool)
|
||||
.fetch_optional(pool)
|
||||
.await?;
|
||||
|
||||
let result = User {
|
||||
id: record.id,
|
||||
name: record.name,
|
||||
email: record.email,
|
||||
password: record.password,
|
||||
salt: record.salt,
|
||||
role: record.role,
|
||||
function: record.function,
|
||||
area_id: record.areaid,
|
||||
let user = record.map(|r| User {
|
||||
id: r.id,
|
||||
name: r.name,
|
||||
email: r.email,
|
||||
password: r.password,
|
||||
salt: r.salt,
|
||||
role: r.role,
|
||||
function: r.function,
|
||||
area_id: r.areaid,
|
||||
area: None,
|
||||
locked: record.locked,
|
||||
last_login: record.lastlogin,
|
||||
receive_notifications: record.receivenotifications,
|
||||
};
|
||||
locked: r.locked,
|
||||
last_login: r.lastlogin,
|
||||
receive_notifications: r.receivenotifications,
|
||||
});
|
||||
|
||||
Ok(result)
|
||||
Ok(user)
|
||||
}
|
||||
|
||||
pub async fn exists(pool: &PgPool, email: &str) -> Result<Option<i32>> {
|
||||
|
||||
@ -9,20 +9,8 @@ snapshot_kind: text
|
||||
<h3 class="title is-3">geplante Veranstaltungen</h3>
|
||||
<p class="subtitle is-5">in den nächsten 31 Tagen</p>
|
||||
|
||||
<div class="panel p-2">
|
||||
|
||||
<div class="panel-block is-justify-content-space-between">
|
||||
<span>
|
||||
<b>WGT</b> Sonntag, 06.07.2025 10:00 - 20:00
|
||||
</span>
|
||||
<a class="button is-small is-link is-light" href="/calendar?date=2025-07-06">
|
||||
<svg class="icon">
|
||||
<use href="/static/feather-sprite.svg#calendar" />
|
||||
</svg>
|
||||
<span>im Kalender anzeigen</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<div class="notification">
|
||||
Keine Veranstaltungen für diesen Zeitraum geplant.
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,43 @@
|
||||
---
|
||||
source: web/src/endpoints/user/get_changepassword.rs
|
||||
expression: body
|
||||
snapshot_kind: text
|
||||
---
|
||||
<div class="field">
|
||||
<div class="control">
|
||||
<a href="/profile" hx-boost="true" class="button is-link is-light">Schließen</a>
|
||||
</div>
|
||||
</div>
|
||||
<form class="box" hx-post="/users/changepassword" hx-target-422="#error-message"
|
||||
_="on change put '' into #error-message">
|
||||
|
||||
<div class="field">
|
||||
<label class="label" for="currentpassword">aktuelles Passwort:</label>
|
||||
<div class="control">
|
||||
<input class="input" placeholder="**********" name="currentpassword" type="password" required>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="field">
|
||||
<label class="label" for="password">neues Passwort:</label>
|
||||
<div class="control">
|
||||
<input class="input" hx-trigger="keyup changed delay:500ms" hx-target="#password-strength"
|
||||
hx-post="/users/changepassword" hx-target-422="#password-strength" placeholder="**********" name="password"
|
||||
type="password" required hx-swap="outerHTML" maxlength=256 _="on input put '' into #password-strength">
|
||||
</div>
|
||||
<div id="password-strength" class=" mb-3 help content"></div>
|
||||
</div>
|
||||
|
||||
<div class="field">
|
||||
<label class="label" for="passwordretyped">neues Passwort wiederholen:</label>
|
||||
<div class="control">
|
||||
<input class="input" placeholder="**********" name="passwordretyped" type="password" maxlength=256 required>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="error-message" class="mb-3 help is-danger"></div>
|
||||
|
||||
<div class="level">
|
||||
<input class="button is-primary level-left" type="submit" value="Passwort ändern" />
|
||||
</div>
|
||||
</form>
|
||||
@ -21,42 +21,27 @@ async fn get(user: web::ReqData<User>) -> Result<impl Responder, ApplicationErro
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use crate::{
|
||||
utils::test_helper::{
|
||||
assert_snapshot, read_body, test_get, DbTestContext, RequestConfig, StatusCode,
|
||||
},
|
||||
use crate::utils::test_helper::{
|
||||
assert_snapshot, test_get, DbTestContext, RequestConfig, ServiceResponseExt, StatusCode,
|
||||
};
|
||||
use brass_db::models::{Function, Role};
|
||||
use brass_db::models::Role;
|
||||
use brass_macros::db_test;
|
||||
|
||||
#[db_test]
|
||||
async fn produces_template_when_user_is_admin(context: &DbTestContext) {
|
||||
let app = context.app().await;
|
||||
let config = RequestConfig {
|
||||
uri: "/area/new".to_string(),
|
||||
role: Role::Admin,
|
||||
function: vec![Function::Posten],
|
||||
user_area: 1,
|
||||
};
|
||||
let response = test_get(&context.db_pool, app, &config).await;
|
||||
let config = RequestConfig::new("/area/new").with_role(Role::Admin);
|
||||
|
||||
assert_eq!(StatusCode::OK, response.status());
|
||||
let response = test_get(&context.db_pool, context.app().await, &config).await;
|
||||
let (status, body) = response.into_status_and_body().await;
|
||||
|
||||
let body = read_body(response).await;
|
||||
assert_eq!(StatusCode::OK, status);
|
||||
assert_snapshot!(body);
|
||||
}
|
||||
|
||||
#[db_test]
|
||||
async fn returns_unauthorized_when_user_is_not_admin(context: &DbTestContext) {
|
||||
let app = context.app().await;
|
||||
|
||||
let config = RequestConfig {
|
||||
uri: "/area/new".to_string(),
|
||||
role: Role::AreaManager,
|
||||
function: vec![Function::Posten],
|
||||
user_area: 1,
|
||||
};
|
||||
let response = test_get(&context.db_pool, app, &config).await;
|
||||
let config = RequestConfig::new("/area/new").with_role(Role::AreaManager);
|
||||
let response = test_get(&context.db_pool, context.app().await, &config).await;
|
||||
|
||||
assert_eq!(StatusCode::UNAUTHORIZED, response.status());
|
||||
}
|
||||
|
||||
@ -15,7 +15,11 @@ use brass_db::models::{Assignment, Availability, Event, Role, User};
|
||||
|
||||
#[derive(Template)]
|
||||
#[cfg_attr(not(test), template(path = "overview.html"))]
|
||||
#[cfg_attr(test, template(path = "overview.html", block = "content"), allow(dead_code))]
|
||||
#[cfg_attr(
|
||||
test,
|
||||
template(path = "overview.html", block = "content"),
|
||||
allow(dead_code)
|
||||
)]
|
||||
struct OverviewTemplate {
|
||||
user: User,
|
||||
events: Vec<Event>,
|
||||
@ -68,9 +72,7 @@ async fn get(
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use actix_http::StatusCode;
|
||||
use brass_db::models::{Clothing, Event, EventChangeset, Location};
|
||||
use brass_macros::db_test;
|
||||
use chrono::Utc;
|
||||
|
||||
use crate::utils::test_helper::{
|
||||
assert_snapshot, test_get, DbTestContext, RequestConfig, ServiceResponseExt,
|
||||
@ -79,30 +81,6 @@ mod tests {
|
||||
#[db_test]
|
||||
fn endpoint_produces_template(context: &DbTestContext) {
|
||||
let app = context.app().await;
|
||||
Location::create(&context.db_pool, "Arena Abc", 1)
|
||||
.await
|
||||
.unwrap();
|
||||
Clothing::create(&context.db_pool, "Anzugsordnung")
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let event_changeset = EventChangeset {
|
||||
time: (
|
||||
Utc::now().date_naive().and_hms_opt(10, 0, 0).unwrap(),
|
||||
Utc::now().date_naive().and_hms_opt(20, 0, 0).unwrap(),
|
||||
),
|
||||
name: "WGT".to_string(),
|
||||
location_id: 1,
|
||||
voluntary_wachhabender: false,
|
||||
voluntary_fuehrungsassistent: false,
|
||||
amount_of_posten: 1,
|
||||
clothing: 1,
|
||||
note: None,
|
||||
};
|
||||
|
||||
Event::create(&context.db_pool, event_changeset)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let config = RequestConfig::new("/");
|
||||
let response = test_get(&context.db_pool, app, &config).await;
|
||||
|
||||
@ -41,8 +41,8 @@ pub fn init(cfg: &mut ServiceConfig) {
|
||||
cfg.service(user::get_logout::get);
|
||||
cfg.service(user::get_login::get);
|
||||
cfg.service(user::post_login::post);
|
||||
cfg.service(user::get_reset::get);
|
||||
cfg.service(user::post_reset::post);
|
||||
cfg.service(user::get_reset_password::get);
|
||||
cfg.service(user::post_reset_password::post);
|
||||
cfg.service(user::get_profile::get);
|
||||
cfg.service(user::get_changepassword::get);
|
||||
cfg.service(user::post_changepassword::post);
|
||||
|
||||
@ -15,3 +15,24 @@ pub async fn get(_user: web::ReqData<User>) -> Result<impl Responder, Applicatio
|
||||
|
||||
Ok(template.to_response()?)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use actix_http::StatusCode;
|
||||
use brass_macros::db_test;
|
||||
|
||||
use crate::utils::test_helper::{
|
||||
assert_snapshot, test_get, DbTestContext, RequestConfig, ServiceResponseExt,
|
||||
};
|
||||
|
||||
#[db_test]
|
||||
async fn produces_template_fine(context: &DbTestContext) {
|
||||
let config = RequestConfig::new("/users/changepassword");
|
||||
|
||||
let response = test_get(&context.db_pool, context.app().await, &config).await;
|
||||
let (status, body) = response.into_status_and_body().await;
|
||||
|
||||
assert_eq!(StatusCode::OK, status);
|
||||
assert_snapshot!(body);
|
||||
}
|
||||
}
|
||||
|
||||
@ -31,7 +31,9 @@ pub async fn get(
|
||||
return Ok(HttpResponse::Found()
|
||||
.insert_header((LOCATION, "/"))
|
||||
.finish());
|
||||
} else if let Some(token) = &query.token {
|
||||
}
|
||||
|
||||
if let Some(token) = &query.token {
|
||||
if let Some(_) = PasswordReset::does_token_exist(pool.get_ref(), token).await? {
|
||||
let template = ResetPasswordTemplate {
|
||||
token,
|
||||
@ -12,14 +12,14 @@ pub mod get_new;
|
||||
pub mod get_overview;
|
||||
pub mod get_profile;
|
||||
pub mod get_register;
|
||||
pub mod get_reset;
|
||||
pub mod get_reset_password;
|
||||
pub mod post_changepassword;
|
||||
pub mod post_edit;
|
||||
pub mod post_login;
|
||||
pub mod post_new;
|
||||
pub mod post_register;
|
||||
pub mod post_resend_registration;
|
||||
pub mod post_reset;
|
||||
pub mod post_reset_password;
|
||||
pub mod put_lock;
|
||||
pub mod put_receive_notifications;
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@ use maud::html;
|
||||
use serde::Deserialize;
|
||||
use sqlx::PgPool;
|
||||
|
||||
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError};
|
||||
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader};
|
||||
use brass_db::{models::User, NoneToken};
|
||||
|
||||
#[derive(Deserialize)]
|
||||
@ -11,17 +11,16 @@ struct ChangePasswordForm {
|
||||
currentpassword: String,
|
||||
password: String,
|
||||
passwordretyped: String,
|
||||
dry: Option<bool>,
|
||||
}
|
||||
|
||||
#[actix_web::post("/users/changepassword")]
|
||||
async fn post(
|
||||
user: web::ReqData<User>,
|
||||
header: web::Header<HtmxTargetHeader>,
|
||||
form: web::Form<ChangePasswordForm>,
|
||||
pool: web::Data<PgPool>,
|
||||
) -> Result<impl Responder, ApplicationError> {
|
||||
// TODO: refactor into check if HX-TARGET = #password-strength exists
|
||||
let is_dry = form.dry.unwrap_or(false);
|
||||
let is_dry = header.is_some_and_equal("password-strength");
|
||||
|
||||
let mut builder = PasswordChangeBuilder::<NoneToken>::new(
|
||||
pool.get_ref(),
|
||||
@ -34,9 +33,15 @@ async fn post(
|
||||
let change = builder.build();
|
||||
|
||||
let response = if is_dry {
|
||||
change.validate_for_input().await?
|
||||
match change.validate_for_input().await {
|
||||
Ok(r) => r,
|
||||
Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
|
||||
}
|
||||
} else {
|
||||
change.validate().await?;
|
||||
if let Err(e) = change.validate().await {
|
||||
return Ok(HttpResponse::UnprocessableEntity().body(e.message));
|
||||
}
|
||||
|
||||
change.commit().await?;
|
||||
HttpResponse::Ok().body(
|
||||
html! {
|
||||
|
||||
@ -4,7 +4,7 @@ use brass_db::models::User;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sqlx::PgPool;
|
||||
|
||||
use crate::utils::auth::hash_plain_password_with_salt;
|
||||
use crate::utils::{auth::hash_plain_password_with_salt, ApplicationError};
|
||||
|
||||
#[derive(Deserialize, Serialize)]
|
||||
pub struct LoginForm {
|
||||
@ -18,26 +18,33 @@ async fn post(
|
||||
web::Form(form): web::Form<LoginForm>,
|
||||
request: HttpRequest,
|
||||
pool: web::Data<PgPool>,
|
||||
) -> impl Responder {
|
||||
if let Ok(user) = User::read_for_login(pool.get_ref(), &form.email.to_lowercase()).await {
|
||||
let salt = user.salt.unwrap();
|
||||
) -> Result<impl Responder, ApplicationError> {
|
||||
let not_found_response = HttpResponse::BadRequest().body("E-Mail oder Passwort falsch.");
|
||||
|
||||
let Some(user) = User::read_for_login(pool.get_ref(), &form.email.to_lowercase()).await? else {
|
||||
return Ok(not_found_response);
|
||||
};
|
||||
|
||||
if user.password.is_none() || user.salt.is_none() {
|
||||
return Ok(not_found_response);
|
||||
}
|
||||
|
||||
let password = user.password.unwrap();
|
||||
let salt = user.salt.unwrap();
|
||||
let hash = hash_plain_password_with_salt(&form.password, &salt)?;
|
||||
|
||||
if hash != password {
|
||||
return Ok(not_found_response);
|
||||
}
|
||||
|
||||
let hash = hash_plain_password_with_salt(&form.password, &salt).unwrap();
|
||||
if hash == user.password.unwrap() {
|
||||
Identity::login(&request.extensions(), user.id.to_string()).unwrap();
|
||||
|
||||
User::update_login_timestamp(pool.get_ref(), user.id)
|
||||
.await
|
||||
.unwrap();
|
||||
User::update_login_timestamp(pool.get_ref(), user.id).await?;
|
||||
|
||||
let location = form.next.unwrap_or("/".to_string());
|
||||
|
||||
return HttpResponse::Found()
|
||||
Ok(HttpResponse::Found()
|
||||
.insert_header(("LOCATION", location.clone()))
|
||||
.insert_header(("HX-LOCATION", location))
|
||||
.finish();
|
||||
}
|
||||
}
|
||||
|
||||
HttpResponse::BadRequest().body("E-Mail oder Passwort falsch.")
|
||||
.finish())
|
||||
}
|
||||
|
||||
@ -3,7 +3,7 @@ use maud::html;
|
||||
use serde::Deserialize;
|
||||
use sqlx::PgPool;
|
||||
|
||||
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError};
|
||||
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader};
|
||||
use brass_db::models::Registration;
|
||||
|
||||
#[derive(Deserialize)]
|
||||
@ -11,20 +11,17 @@ struct RegisterForm {
|
||||
token: String,
|
||||
password: String,
|
||||
passwordretyped: String,
|
||||
dry: Option<bool>,
|
||||
}
|
||||
|
||||
#[post("/register")]
|
||||
async fn post(
|
||||
form: web::Form<RegisterForm>,
|
||||
pool: web::Data<PgPool>,
|
||||
header: web::Header<HtmxTargetHeader>,
|
||||
) -> Result<impl Responder, ApplicationError> {
|
||||
// TODO: refactor into check if HX-TARGET = #password-strength exists
|
||||
let is_dry = form.dry.unwrap_or(false);
|
||||
let token =
|
||||
if let Some(token) = Registration::does_token_exist(pool.get_ref(), &form.token).await? {
|
||||
token
|
||||
} else {
|
||||
let is_dry = header.is_some_and_equal("password-strength");
|
||||
|
||||
let Some(token) = Registration::does_token_exist(pool.get_ref(), &form.token).await? else {
|
||||
return Ok(HttpResponse::NoContent().finish());
|
||||
};
|
||||
|
||||
@ -39,9 +36,15 @@ async fn post(
|
||||
let change = builder.build();
|
||||
|
||||
let response = if is_dry {
|
||||
change.validate_for_input().await?
|
||||
match change.validate_for_input().await {
|
||||
Ok(r) => r,
|
||||
Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
|
||||
}
|
||||
} else {
|
||||
change.validate().await?;
|
||||
if let Err(e) = change.validate().await {
|
||||
return Ok(HttpResponse::UnprocessableEntity().body(e.message));
|
||||
}
|
||||
|
||||
change.commit().await?;
|
||||
HttpResponse::Ok().body(
|
||||
html! {
|
||||
|
||||
@ -1,90 +0,0 @@
|
||||
use actix_web::{web, HttpResponse, Responder};
|
||||
use maud::html;
|
||||
use serde::Deserialize;
|
||||
use sqlx::PgPool;
|
||||
|
||||
use crate::{
|
||||
mail::Mailer,
|
||||
utils::{password_change::PasswordChangeBuilder, ApplicationError},
|
||||
};
|
||||
use brass_db::models::{PasswordReset, User};
|
||||
|
||||
#[derive(Deserialize, Debug)]
|
||||
struct ResetPasswordForm {
|
||||
email: Option<String>,
|
||||
token: Option<String>,
|
||||
password: Option<String>,
|
||||
passwordretyped: Option<String>,
|
||||
dry: Option<bool>,
|
||||
}
|
||||
|
||||
#[actix_web::post("/reset-password")]
|
||||
async fn post(
|
||||
form: web::Form<ResetPasswordForm>,
|
||||
pool: web::Data<PgPool>,
|
||||
mailer: web::Data<Mailer>,
|
||||
) -> Result<impl Responder, ApplicationError> {
|
||||
if form.email.is_some()
|
||||
&& form.token.is_none()
|
||||
&& form.password.is_none()
|
||||
&& form.passwordretyped.is_none()
|
||||
{
|
||||
if let Ok(user) =
|
||||
User::read_for_login(pool.get_ref(), &form.email.as_ref().unwrap().to_lowercase()).await
|
||||
{
|
||||
let reset = PasswordReset::insert_new_for_user(pool.get_ref(), user.id).await?;
|
||||
mailer
|
||||
.send_forgot_password_mail(&user, &reset.token)
|
||||
.await?;
|
||||
}
|
||||
|
||||
Ok(HttpResponse::Ok().body("E-Mail versandt!"))
|
||||
} else if form.email.is_none()
|
||||
&& form.token.is_some()
|
||||
&& form.password.is_some()
|
||||
&& form.passwordretyped.is_some()
|
||||
{
|
||||
// TODO: refactor into check if HX-TARGET = #password-strength exists
|
||||
let is_dry = form.dry.is_some_and(|b| b);
|
||||
|
||||
let token = if let Some(token) =
|
||||
PasswordReset::does_token_exist(pool.get_ref(), form.token.as_ref().unwrap()).await?
|
||||
{
|
||||
token
|
||||
} else {
|
||||
return Ok(HttpResponse::NoContent().finish());
|
||||
};
|
||||
|
||||
let mut builder = PasswordChangeBuilder::<PasswordReset>::new(
|
||||
pool.get_ref(),
|
||||
token.userid,
|
||||
&form.password.as_ref().unwrap(),
|
||||
&form.passwordretyped.as_ref().unwrap(),
|
||||
)
|
||||
.with_token(token);
|
||||
|
||||
let change = builder.build();
|
||||
|
||||
let response = if is_dry {
|
||||
change.validate_for_input().await?
|
||||
} else {
|
||||
change.validate().await?;
|
||||
change.commit().await?;
|
||||
HttpResponse::Ok().body(
|
||||
html! {
|
||||
div class="block mb-3" {
|
||||
"Passwort erfolgreich geändert."
|
||||
}
|
||||
a class="block button is-primary" hx-boost="true" href="/login"{
|
||||
"Zum Login"
|
||||
}
|
||||
}
|
||||
.into_string(),
|
||||
)
|
||||
};
|
||||
|
||||
return Ok(response);
|
||||
} else {
|
||||
return Ok(HttpResponse::BadRequest().finish());
|
||||
}
|
||||
}
|
||||
89
web/src/endpoints/user/post_reset_password.rs
Normal file
89
web/src/endpoints/user/post_reset_password.rs
Normal file
@ -0,0 +1,89 @@
|
||||
use actix_web::{web, Either, HttpResponse, Responder};
|
||||
use maud::html;
|
||||
use serde::Deserialize;
|
||||
use sqlx::PgPool;
|
||||
|
||||
use crate::{
|
||||
mail::Mailer,
|
||||
utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader},
|
||||
};
|
||||
use brass_db::models::{PasswordReset, User};
|
||||
|
||||
#[derive(Deserialize, Debug)]
|
||||
struct RequestResetPasswordForm {
|
||||
email: String,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug)]
|
||||
struct ResetPasswordForm {
|
||||
token: String,
|
||||
password: String,
|
||||
passwordretyped: String,
|
||||
}
|
||||
|
||||
#[actix_web::post("/reset-password")]
|
||||
async fn post(
|
||||
form: Either<web::Form<RequestResetPasswordForm>, web::Form<ResetPasswordForm>>,
|
||||
header: web::Header<HtmxTargetHeader>,
|
||||
pool: web::Data<PgPool>,
|
||||
mailer: web::Data<Mailer>,
|
||||
) -> Result<impl Responder, ApplicationError> {
|
||||
match form {
|
||||
Either::Left(form) => {
|
||||
if let Some(user) =
|
||||
User::read_for_login(pool.get_ref(), &form.email.to_lowercase()).await?
|
||||
{
|
||||
let reset = PasswordReset::insert_new_for_user(pool.get_ref(), user.id).await?;
|
||||
mailer
|
||||
.send_forgot_password_mail(&user, &reset.token)
|
||||
.await?;
|
||||
}
|
||||
|
||||
return Ok(HttpResponse::Ok().body("E-Mail versandt!"));
|
||||
}
|
||||
Either::Right(form) => {
|
||||
let is_dry = header.is_some_and_equal("password-strength");
|
||||
|
||||
let Some(token) = PasswordReset::does_token_exist(pool.get_ref(), &form.token).await?
|
||||
else {
|
||||
return Ok(HttpResponse::NoContent().finish());
|
||||
};
|
||||
|
||||
let mut builder = PasswordChangeBuilder::<PasswordReset>::new(
|
||||
pool.get_ref(),
|
||||
token.userid,
|
||||
&form.password,
|
||||
&form.passwordretyped,
|
||||
)
|
||||
.with_token(token);
|
||||
|
||||
let change = builder.build();
|
||||
|
||||
let response = if is_dry {
|
||||
match change.validate_for_input().await {
|
||||
Ok(r) => r,
|
||||
Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
|
||||
}
|
||||
} else {
|
||||
if let Err(e) = change.validate().await {
|
||||
return Ok(HttpResponse::UnprocessableEntity().body(e.message));
|
||||
}
|
||||
|
||||
change.commit().await?;
|
||||
HttpResponse::Ok().body(
|
||||
html! {
|
||||
div class="block mb-3" {
|
||||
"Passwort erfolgreich geändert."
|
||||
}
|
||||
a class="block button is-primary" hx-boost="true" href="/login"{
|
||||
"Zum Login"
|
||||
}
|
||||
}
|
||||
.into_string(),
|
||||
)
|
||||
};
|
||||
|
||||
return Ok(response);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,8 +1,6 @@
|
||||
use actix_web::{http::StatusCode, HttpResponse};
|
||||
use thiserror::Error;
|
||||
|
||||
use super::password_change::PasswordChangeError;
|
||||
|
||||
#[derive(Debug, Error)]
|
||||
pub enum ApplicationError {
|
||||
#[error("unsupported value for enum")]
|
||||
@ -25,11 +23,6 @@ pub enum ApplicationError {
|
||||
Hash(#[from] argon2::password_hash::Error),
|
||||
#[error("templating failed")]
|
||||
Template(#[from] askama::Error),
|
||||
#[error("{}", inner.message)]
|
||||
PasswordChange {
|
||||
#[from]
|
||||
inner: PasswordChangeError,
|
||||
},
|
||||
}
|
||||
|
||||
impl actix_web::error::ResponseError for ApplicationError {
|
||||
@ -45,7 +38,6 @@ impl actix_web::error::ResponseError for ApplicationError {
|
||||
ApplicationError::Hash(_) => StatusCode::INTERNAL_SERVER_ERROR,
|
||||
ApplicationError::Template(_) => StatusCode::INTERNAL_SERVER_ERROR,
|
||||
ApplicationError::EmailStubTransport(_) => StatusCode::INTERNAL_SERVER_ERROR,
|
||||
ApplicationError::PasswordChange { .. } => StatusCode::BAD_REQUEST,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
47
web/src/utils/htmx_target_header.rs
Normal file
47
web/src/utils/htmx_target_header.rs
Normal file
@ -0,0 +1,47 @@
|
||||
use std::str::FromStr;
|
||||
|
||||
use actix_http::header::{Header, HeaderName, HeaderValue, InvalidHeaderValue, TryIntoHeaderValue};
|
||||
use actix_web::error::ParseError;
|
||||
|
||||
#[derive(Debug)]
|
||||
pub struct HtmxTargetHeader(Option<String>);
|
||||
|
||||
impl Header for HtmxTargetHeader {
|
||||
fn name() -> HeaderName {
|
||||
HeaderName::from_str("HX-Target").unwrap()
|
||||
}
|
||||
|
||||
fn parse<M: actix_web::HttpMessage>(msg: &M) -> Result<Self, actix_web::error::ParseError> {
|
||||
let header = msg.headers().get(Self::name());
|
||||
if let Some(line) = header {
|
||||
let line = line.to_str().map_err(|_| ParseError::Header)?;
|
||||
|
||||
if line.is_empty() {
|
||||
return Err(ParseError::Header);
|
||||
}
|
||||
|
||||
return Ok(self::HtmxTargetHeader(Some(line.to_string())));
|
||||
} else {
|
||||
Ok(self::HtmxTargetHeader(None))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl TryIntoHeaderValue for HtmxTargetHeader {
|
||||
type Error = InvalidHeaderValue;
|
||||
|
||||
#[inline]
|
||||
fn try_into_value(self) -> Result<HeaderValue, Self::Error> {
|
||||
if let Some(s) = self.0 {
|
||||
return s.try_into_value();
|
||||
} else {
|
||||
HeaderValue::from_str("")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl HtmxTargetHeader {
|
||||
pub fn is_some_and_equal(&self, target: &str) -> bool {
|
||||
self.0.as_ref().is_some_and(|t| t == target)
|
||||
}
|
||||
}
|
||||
@ -3,6 +3,7 @@ mod application_error;
|
||||
pub mod auth;
|
||||
mod date_time_format;
|
||||
pub mod event_planning_template;
|
||||
mod htmx_target_header;
|
||||
pub mod manage_commands;
|
||||
pub mod password_change;
|
||||
mod template_response_trait;
|
||||
@ -13,6 +14,7 @@ pub mod test_helper;
|
||||
pub use app_customization::Customization;
|
||||
pub use application_error::ApplicationError;
|
||||
pub use date_time_format::DateTimeFormat;
|
||||
pub use htmx_target_header::HtmxTargetHeader;
|
||||
pub use template_response_trait::TemplateResponse;
|
||||
|
||||
use chrono::{NaiveDate, Utc};
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
use maud::html;
|
||||
use thiserror::Error;
|
||||
use tracing::error;
|
||||
use zxcvbn::{
|
||||
feedback::{Suggestion, Warning},
|
||||
Entropy,
|
||||
@ -17,6 +18,28 @@ pub struct PasswordChangeError {
|
||||
pub message: String,
|
||||
}
|
||||
|
||||
impl PasswordChangeError {
|
||||
pub fn new(message: &str) -> Self {
|
||||
PasswordChangeError {
|
||||
message: message.to_string(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl From<sqlx::Error> for PasswordChangeError {
|
||||
fn from(value: sqlx::Error) -> Self {
|
||||
error!(error = %value, "database error while validation input");
|
||||
Self::new("Datenbankfehler beim Validieren!")
|
||||
}
|
||||
}
|
||||
|
||||
impl From<argon2::password_hash::Error> for PasswordChangeError {
|
||||
fn from(value: argon2::password_hash::Error) -> Self {
|
||||
error!(error = %value, "argon2 hash error while validation input");
|
||||
Self::new("Hashingfehler beim Validieren!")
|
||||
}
|
||||
}
|
||||
|
||||
fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
|
||||
let feedback = entropy.feedback().unwrap();
|
||||
|
||||
@ -62,11 +85,11 @@ fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
|
||||
"Vorschlag"
|
||||
};
|
||||
|
||||
let suggestion = feedback
|
||||
let suggestions = feedback
|
||||
.suggestions()
|
||||
.iter()
|
||||
.map(|s| {
|
||||
let inner = match s {
|
||||
match s {
|
||||
Suggestion::UseAFewWordsAvoidCommonPhrases => "Mehrere Wörter verwenden, aber allgemeine Phrasen vermeiden.",
|
||||
Suggestion::NoNeedForSymbolsDigitsOrUppercaseLetters => "Es ist möglich, starke Passwörter zu erstellen, ohne Symbole, Zahlen oder Großbuchstaben zu verwenden.",
|
||||
Suggestion::AddAnotherWordOrTwo => "Weitere Wörter, die weniger häufig vorkommen, hinzufügen.",
|
||||
@ -80,12 +103,10 @@ fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
|
||||
Suggestion::AvoidRecentYears => "Die jüngsten Jahreszahlen vermeiden.",
|
||||
Suggestion::AvoidYearsThatAreAssociatedWithYou => "Jahre, die mit persönlichen Daten in Verbindung gebracht werden können, vermeiden.",
|
||||
Suggestion::AvoidDatesAndYearsThatAreAssociatedWithYou => "Daten, die mit persönlichen Daten in Verbindung gebracht werden können, vermeiden.",
|
||||
};
|
||||
}
|
||||
|
||||
format!("<li>{inner}</li>")
|
||||
})
|
||||
.collect::<Vec<String>>()
|
||||
.join("");
|
||||
.collect::<Vec<&str>>();
|
||||
|
||||
html!(
|
||||
{
|
||||
@ -93,7 +114,9 @@ fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
|
||||
p { ( warning )}
|
||||
(vorschlag_text) ":"
|
||||
ul {
|
||||
(suggestion)
|
||||
@for s in &suggestions {
|
||||
li { (s) }
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -28,7 +28,7 @@ where
|
||||
T: Token,
|
||||
{
|
||||
/// should be called after password input has changed to hint the user of any input related problems
|
||||
pub async fn validate_for_input(&self) -> Result<HttpResponse, ApplicationError> {
|
||||
pub async fn validate_for_input(&self) -> Result<HttpResponse, PasswordChangeError> {
|
||||
if self.password.chars().count() > 256 {
|
||||
return Err(PasswordChangeError {
|
||||
message: html! {
|
||||
@ -68,7 +68,7 @@ where
|
||||
}
|
||||
|
||||
/// should be called after the form is fully filled and submit is clicked
|
||||
pub async fn validate(&self) -> Result<(), ApplicationError> {
|
||||
pub async fn validate(&self) -> Result<(), PasswordChangeError> {
|
||||
self.validate_for_input().await?;
|
||||
|
||||
if let Some(current_password) = self.current_password {
|
||||
|
||||
@ -4,19 +4,17 @@
|
||||
<section class="section">
|
||||
<div class="container">
|
||||
<h1 class="title">{{ title }}</h1>
|
||||
<form class="box" hx-post="{{ endpoint }}" hx-params="not dry" hx-target-400="#error-message-retype"
|
||||
hx-on:input="document.getElementById('error-message-retype').innerHTML = ''">
|
||||
<form class="box" hx-post="{{ endpoint }}" hx-target-422="#error-message-retype"
|
||||
_="on input put '' into #error-message-retype">
|
||||
<input type="hidden" name="token" value="{{ token }}" />
|
||||
|
||||
<input type="hidden" name="dry" value="true" />
|
||||
|
||||
<div class="field">
|
||||
<label class="label" for="password">{{ new_password_label }}</label>
|
||||
<div class="control">
|
||||
<input class="input" hx-post="{{ endpoint }}" hx-params="*" hx-trigger="keyup changed delay:500ms"
|
||||
hx-target="#password-strength" hx-target-400="#password-strength" placeholder="**********" name="password"
|
||||
type="password" required hx-swap="outerHTML" maxlength=256
|
||||
hx-on:input="document.getElementById('password-strength').innerHTML = ''">
|
||||
<input class="input" hx-post="{{ endpoint }}" hx-trigger="keyup changed delay:500ms"
|
||||
hx-target="#password-strength" hx-target-422="#password-strength" placeholder="**********"
|
||||
name="password" type="password" required hx-swap="outerHTML" maxlength=256
|
||||
_="on input put '' into #password-strength">
|
||||
</div>
|
||||
<div id="password-strength" class="mb-3 help content"></div>
|
||||
</div>
|
||||
|
||||
@ -3,10 +3,8 @@
|
||||
<a href="/profile" hx-boost="true" class="button is-link is-light">Schließen</a>
|
||||
</div>
|
||||
</div>
|
||||
<form class="box" hx-post="/users/changepassword" hx-params="not dry" hx-target-400="#error-message"
|
||||
hx-on:change="document.getElementById('error-message').innerHTML = ''">
|
||||
|
||||
<input type="hidden" name="dry" value="true" />
|
||||
<form class="box" hx-post="/users/changepassword" hx-target-422="#error-message"
|
||||
_="on change put '' into #error-message">
|
||||
|
||||
<div class="field">
|
||||
<label class="label" for="currentpassword">aktuelles Passwort:</label>
|
||||
@ -18,10 +16,9 @@
|
||||
<div class="field">
|
||||
<label class="label" for="password">neues Passwort:</label>
|
||||
<div class="control">
|
||||
<input class="input" hx-post="/users/changepassword" hx-params="*" hx-trigger="keyup changed delay:500ms"
|
||||
hx-target="#password-strength" hx-target-400="#password-strength" placeholder="**********" name="password"
|
||||
type="password" required hx-swap="outerHTML" maxlength=256
|
||||
hx-on:input="document.getElementById('password-strength').innerHTML = ''">
|
||||
<input class="input" hx-trigger="keyup changed delay:500ms" hx-target="#password-strength"
|
||||
hx-post="/users/changepassword" hx-target-422="#password-strength" placeholder="**********" name="password"
|
||||
type="password" required hx-swap="outerHTML" maxlength=256 _="on input put '' into #password-strength">
|
||||
</div>
|
||||
<div id="password-strength" class=" mb-3 help content"></div>
|
||||
</div>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user