Schwarztee/brass
1
0
Fork 0
Code Issues 16 Pull Requests Packages Projects 1 Releases Wiki Activity

Compare commits

base: Schwarztee:ee4481225e77bced49c7aa92cec95534e8e0edf6
Branches Tags
Schwarztee:master
Schwarztee:1.0.1
Schwarztee:1.0.0
Schwarztee:0.2.2
..
compare: Schwarztee:1515f50ed9a3c38ae8cd86edf4460d4aec70c978
Branches Tags
Schwarztee:master
Schwarztee:1.0.1
Schwarztee:1.0.0
Schwarztee:0.2.2

No commits in common. "ee4481225e77bced49c7aa92cec95534e8e0edf6" and "1515f50ed9a3c38ae8cd86edf4460d4aec70c978" have entirely different histories.
ee4481225e ... 1515f50ed9

21 changed files with 247 additions and 337 deletions
Show Stats Expand all files Collapse all files

32
db/src/models/user.rs
View File

@ -107,7 +107,7 @@ impl User {
Ok(user)
}
pub async fn read_for_login(pool: &PgPool, email: &str) -> Result<Option<User>> {
pub async fn read_for_login(pool: &PgPool, email: &str) -> Result<User> {
let record = sqlx::query!(
r#"
SELECT id,
@ -126,25 +126,25 @@ impl User {
"#,
email,
)
.fetch_optional(pool)
.fetch_one(pool)
.await?;
let user = record.map(|r| User {
id: r.id,
name: r.name,
email: r.email,
password: r.password,
salt: r.salt,
role: r.role,
function: r.function,
area_id: r.areaid,
let result = User {
id: record.id,
name: record.name,
email: record.email,
password: record.password,
salt: record.salt,
role: record.role,
function: record.function,
area_id: record.areaid,
area: None,
locked: r.locked,
last_login: r.lastlogin,
receive_notifications: r.receivenotifications,
});
locked: record.locked,
last_login: record.lastlogin,
receive_notifications: record.receivenotifications,
};
Ok(user)
Ok(result)
}
pub async fn exists(pool: &PgPool, email: &str) -> Result<Option<i32>> {

16
web/snapshots/brass_web__endpoints__availability__get_overview__tests__inner_endpoint_produces_template.snap
View File

@ -9,8 +9,20 @@ snapshot_kind: text
<h3 class="title is-3">geplante Veranstaltungen</h3>
<p class="subtitle is-5">in den nächsten 31 Tagen</p>
<div class="notification">
Keine Veranstaltungen für diesen Zeitraum geplant.
<div class="panel p-2">
<div class="panel-block is-justify-content-space-between">
<span>
<b>WGT</b> &nbsp; Sonntag, 06.07.2025 10:00 - 20:00
</span>
<a class="button is-small is-link is-light" href="/calendar?date=2025-07-06">
<svg class="icon">
<use href="/static/feather-sprite.svg#calendar" />
</svg>
<span>im Kalender anzeigen</span>
</a>
</div>
</div>

43
web/snapshots/brass_web__endpoints__user__get_changepassword__tests__inner_produces_template_fine.snap
View File

@ -1,43 +0,0 @@
---
source: web/src/endpoints/user/get_changepassword.rs
expression: body
snapshot_kind: text
---
<div class="field">
<div class="control">
<a href="/profile" hx-boost="true" class="button is-link is-light">Schließen</a>
</div>
</div>
<form class="box" hx-post="/users/changepassword" hx-target-422="#error-message"
_="on change put '' into #error-message">
<div class="field">
<label class="label" for="currentpassword">aktuelles Passwort:</label>
<div class="control">
<input class="input" placeholder="**********" name="currentpassword" type="password" required>
</div>
</div>
<div class="field">
<label class="label" for="password">neues Passwort:</label>
<div class="control">
<input class="input" hx-trigger="keyup changed delay:500ms" hx-target="#password-strength"
hx-post="/users/changepassword" hx-target-422="#password-strength" placeholder="**********" name="password"
type="password" required hx-swap="outerHTML" maxlength=256 _="on input put '' into #password-strength">
</div>
<div id="password-strength" class=" mb-3 help content"></div>
</div>
<div class="field">
<label class="label" for="passwordretyped">neues Passwort wiederholen:</label>
<div class="control">
<input class="input" placeholder="**********" name="passwordretyped" type="password" maxlength=256 required>
</div>
</div>
<div id="error-message" class="mb-3 help is-danger"></div>
<div class="level">
<input class="button is-primary level-left" type="submit" value="Passwort ändern" />
</div>
</form>

33
web/src/endpoints/area/get_new.rs
View File

@ -21,27 +21,42 @@ async fn get(user: web::ReqData<User>) -> Result<impl Responder, ApplicationErro
#[cfg(test)]
mod tests {
use crate::utils::test_helper::{
assert_snapshot, test_get, DbTestContext, RequestConfig, ServiceResponseExt, StatusCode,
use crate::{
utils::test_helper::{
assert_snapshot, read_body, test_get, DbTestContext, RequestConfig, StatusCode,
},
};
use brass_db::models::Role;
use brass_db::models::{Function, Role};
use brass_macros::db_test;
#[db_test]
async fn produces_template_when_user_is_admin(context: &DbTestContext) {
let config = RequestConfig::new("/area/new").with_role(Role::Admin);
let app = context.app().await;
let config = RequestConfig {
uri: "/area/new".to_string(),
role: Role::Admin,
function: vec![Function::Posten],
user_area: 1,
};
let response = test_get(&context.db_pool, app, &config).await;
let response = test_get(&context.db_pool, context.app().await, &config).await;
let (status, body) = response.into_status_and_body().await;
assert_eq!(StatusCode::OK, response.status());
assert_eq!(StatusCode::OK, status);
let body = read_body(response).await;
assert_snapshot!(body);
}
#[db_test]
async fn returns_unauthorized_when_user_is_not_admin(context: &DbTestContext) {
let config = RequestConfig::new("/area/new").with_role(Role::AreaManager);
let response = test_get(&context.db_pool, context.app().await, &config).await;
let app = context.app().await;
let config = RequestConfig {
uri: "/area/new".to_string(),
role: Role::AreaManager,
function: vec![Function::Posten],
user_area: 1,
};
let response = test_get(&context.db_pool, app, &config).await;
assert_eq!(StatusCode::UNAUTHORIZED, response.status());
}

32
web/src/endpoints/availability/get_overview.rs
View File

@ -15,11 +15,7 @@ use brass_db::models::{Assignment, Availability, Event, Role, User};
#[derive(Template)]
#[cfg_attr(not(test), template(path = "overview.html"))]
#[cfg_attr(
test,
template(path = "overview.html", block = "content"),
allow(dead_code)
)]
#[cfg_attr(test, template(path = "overview.html", block = "content"), allow(dead_code))]
struct OverviewTemplate {
user: User,
events: Vec<Event>,
@ -72,7 +68,9 @@ async fn get(
#[cfg(test)]
mod tests {
use actix_http::StatusCode;
use brass_db::models::{Clothing, Event, EventChangeset, Location};
use brass_macros::db_test;
use chrono::Utc;
use crate::utils::test_helper::{
assert_snapshot, test_get, DbTestContext, RequestConfig, ServiceResponseExt,
@ -81,6 +79,30 @@ mod tests {
#[db_test]
fn endpoint_produces_template(context: &DbTestContext) {
let app = context.app().await;
Location::create(&context.db_pool, "Arena Abc", 1)
.await
.unwrap();
Clothing::create(&context.db_pool, "Anzugsordnung")
.await
.unwrap();
let event_changeset = EventChangeset {
time: (
Utc::now().date_naive().and_hms_opt(10, 0, 0).unwrap(),
Utc::now().date_naive().and_hms_opt(20, 0, 0).unwrap(),
),
name: "WGT".to_string(),
location_id: 1,
voluntary_wachhabender: false,
voluntary_fuehrungsassistent: false,
amount_of_posten: 1,
clothing: 1,
note: None,
};
Event::create(&context.db_pool, event_changeset)
.await
.unwrap();
let config = RequestConfig::new("/");
let response = test_get(&context.db_pool, app, &config).await;

4
web/src/endpoints/mod.rs
View File

@ -41,8 +41,8 @@ pub fn init(cfg: &mut ServiceConfig) {
cfg.service(user::get_logout::get);
cfg.service(user::get_login::get);
cfg.service(user::post_login::post);
cfg.service(user::get_reset_password::get);
cfg.service(user::post_reset_password::post);
cfg.service(user::get_reset::get);
cfg.service(user::post_reset::post);
cfg.service(user::get_profile::get);
cfg.service(user::get_changepassword::get);
cfg.service(user::post_changepassword::post);

21
web/src/endpoints/user/get_changepassword.rs
View File

@ -15,24 +15,3 @@ pub async fn get(_user: web::ReqData<User>) -> Result<impl Responder, Applicatio
Ok(template.to_response()?)
}
#[cfg(test)]
mod tests {
use actix_http::StatusCode;
use brass_macros::db_test;
use crate::utils::test_helper::{
assert_snapshot, test_get, DbTestContext, RequestConfig, ServiceResponseExt,
};
#[db_test]
async fn produces_template_fine(context: &DbTestContext) {
let config = RequestConfig::new("/users/changepassword");
let response = test_get(&context.db_pool, context.app().await, &config).await;
let (status, body) = response.into_status_and_body().await;
assert_eq!(StatusCode::OK, status);
assert_snapshot!(body);
}
}

4
web/src/endpoints/user/get_reset_password.rs → web/src/endpoints/user/get_reset.rs
View File

@ -31,9 +31,7 @@ pub async fn get(
return Ok(HttpResponse::Found()
.insert_header((LOCATION, "/"))
.finish());
}
if let Some(token) = &query.token {
} else if let Some(token) = &query.token {
if let Some(_) = PasswordReset::does_token_exist(pool.get_ref(), token).await? {
let template = ResetPasswordTemplate {
token,

4
web/src/endpoints/user/mod.rs
View File

@ -12,14 +12,14 @@ pub mod get_new;
pub mod get_overview;
pub mod get_profile;
pub mod get_register;
pub mod get_reset_password;
pub mod get_reset;
pub mod post_changepassword;
pub mod post_edit;
pub mod post_login;
pub mod post_new;
pub mod post_register;
pub mod post_resend_registration;
pub mod post_reset_password;
pub mod post_reset;
pub mod put_lock;
pub mod put_receive_notifications;

17
web/src/endpoints/user/post_changepassword.rs
View File

@ -3,7 +3,7 @@ use maud::html;
use serde::Deserialize;
use sqlx::PgPool;
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader};
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError};
use brass_db::{models::User, NoneToken};
#[derive(Deserialize)]
@ -11,16 +11,17 @@ struct ChangePasswordForm {
currentpassword: String,
password: String,
passwordretyped: String,
dry: Option<bool>,
}
#[actix_web::post("/users/changepassword")]
async fn post(
user: web::ReqData<User>,
header: web::Header<HtmxTargetHeader>,
form: web::Form<ChangePasswordForm>,
pool: web::Data<PgPool>,
) -> Result<impl Responder, ApplicationError> {
let is_dry = header.is_some_and_equal("password-strength");
// TODO: refactor into check if HX-TARGET = #password-strength exists
let is_dry = form.dry.unwrap_or(false);
let mut builder = PasswordChangeBuilder::<NoneToken>::new(
pool.get_ref(),
@ -33,15 +34,9 @@ async fn post(
let change = builder.build();
let response = if is_dry {
match change.validate_for_input().await {
Ok(r) => r,
Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
}
change.validate_for_input().await?
} else {
if let Err(e) = change.validate().await {
return Ok(HttpResponse::UnprocessableEntity().body(e.message));
}
change.validate().await?;
change.commit().await?;
HttpResponse::Ok().body(
html! {

45
web/src/endpoints/user/post_login.rs
View File

@ -4,7 +4,7 @@ use brass_db::models::User;
use serde::{Deserialize, Serialize};
use sqlx::PgPool;
use crate::utils::{auth::hash_plain_password_with_salt, ApplicationError};
use crate::utils::auth::hash_plain_password_with_salt;
#[derive(Deserialize, Serialize)]
pub struct LoginForm {
@ -18,33 +18,26 @@ async fn post(
web::Form(form): web::Form<LoginForm>,
request: HttpRequest,
pool: web::Data<PgPool>,
) -> Result<impl Responder, ApplicationError> {
let not_found_response = HttpResponse::BadRequest().body("E-Mail oder Passwort falsch.");
) -> impl Responder {
if let Ok(user) = User::read_for_login(pool.get_ref(), &form.email.to_lowercase()).await {
let salt = user.salt.unwrap();
let Some(user) = User::read_for_login(pool.get_ref(), &form.email.to_lowercase()).await? else {
return Ok(not_found_response);
};
let hash = hash_plain_password_with_salt(&form.password, &salt).unwrap();
if hash == user.password.unwrap() {
Identity::login(&request.extensions(), user.id.to_string()).unwrap();
if user.password.is_none() || user.salt.is_none() {
return Ok(not_found_response);
User::update_login_timestamp(pool.get_ref(), user.id)
.await
.unwrap();
let location = form.next.unwrap_or("/".to_string());
return HttpResponse::Found()
.insert_header(("LOCATION", location.clone()))
.insert_header(("HX-LOCATION", location))
.finish();
}
}
let password = user.password.unwrap();
let salt = user.salt.unwrap();
let hash = hash_plain_password_with_salt(&form.password, &salt)?;
if hash != password {
return Ok(not_found_response);
}
Identity::login(&request.extensions(), user.id.to_string()).unwrap();
User::update_login_timestamp(pool.get_ref(), user.id).await?;
let location = form.next.unwrap_or("/".to_string());
Ok(HttpResponse::Found()
.insert_header(("LOCATION", location.clone()))
.insert_header(("HX-LOCATION", location))
.finish())
HttpResponse::BadRequest().body("E-Mail oder Passwort falsch.")
}

27
web/src/endpoints/user/post_register.rs
View File

@ -3,7 +3,7 @@ use maud::html;
use serde::Deserialize;
use sqlx::PgPool;
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader};
use crate::utils::{password_change::PasswordChangeBuilder, ApplicationError};
use brass_db::models::Registration;
#[derive(Deserialize)]
@ -11,19 +11,22 @@ struct RegisterForm {
token: String,
password: String,
passwordretyped: String,
dry: Option<bool>,
}
#[post("/register")]
async fn post(
form: web::Form<RegisterForm>,
pool: web::Data<PgPool>,
header: web::Header<HtmxTargetHeader>,
) -> Result<impl Responder, ApplicationError> {
let is_dry = header.is_some_and_equal("password-strength");
let Some(token) = Registration::does_token_exist(pool.get_ref(), &form.token).await? else {
return Ok(HttpResponse::NoContent().finish());
};
// TODO: refactor into check if HX-TARGET = #password-strength exists
let is_dry = form.dry.unwrap_or(false);
let token =
if let Some(token) = Registration::does_token_exist(pool.get_ref(), &form.token).await? {
token
} else {
return Ok(HttpResponse::NoContent().finish());
};
let mut builder = PasswordChangeBuilder::<Registration>::new(
pool.get_ref(),
@ -36,15 +39,9 @@ async fn post(
let change = builder.build();
let response = if is_dry {
match change.validate_for_input().await {
Ok(r) => r,
Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
}
change.validate_for_input().await?
} else {
if let Err(e) = change.validate().await {
return Ok(HttpResponse::UnprocessableEntity().body(e.message));
}
change.validate().await?;
change.commit().await?;
HttpResponse::Ok().body(
html! {

90
web/src/endpoints/user/post_reset.rs Normal file
View File

@ -0,0 +1,90 @@
use actix_web::{web, HttpResponse, Responder};
use maud::html;
use serde::Deserialize;
use sqlx::PgPool;
use crate::{
mail::Mailer,
utils::{password_change::PasswordChangeBuilder, ApplicationError},
};
use brass_db::models::{PasswordReset, User};
#[derive(Deserialize, Debug)]
struct ResetPasswordForm {
email: Option<String>,
token: Option<String>,
password: Option<String>,
passwordretyped: Option<String>,
dry: Option<bool>,
}
#[actix_web::post("/reset-password")]
async fn post(
form: web::Form<ResetPasswordForm>,
pool: web::Data<PgPool>,
mailer: web::Data<Mailer>,
) -> Result<impl Responder, ApplicationError> {
if form.email.is_some()
&& form.token.is_none()
&& form.password.is_none()
&& form.passwordretyped.is_none()
{
if let Ok(user) =
User::read_for_login(pool.get_ref(), &form.email.as_ref().unwrap().to_lowercase()).await
{
let reset = PasswordReset::insert_new_for_user(pool.get_ref(), user.id).await?;
mailer
.send_forgot_password_mail(&user, &reset.token)
.await?;
}
Ok(HttpResponse::Ok().body("E-Mail versandt!"))
} else if form.email.is_none()
&& form.token.is_some()
&& form.password.is_some()
&& form.passwordretyped.is_some()
{
// TODO: refactor into check if HX-TARGET = #password-strength exists
let is_dry = form.dry.is_some_and(|b| b);
let token = if let Some(token) =
PasswordReset::does_token_exist(pool.get_ref(), form.token.as_ref().unwrap()).await?
{
token
} else {
return Ok(HttpResponse::NoContent().finish());
};
let mut builder = PasswordChangeBuilder::<PasswordReset>::new(
pool.get_ref(),
token.userid,
&form.password.as_ref().unwrap(),
&form.passwordretyped.as_ref().unwrap(),
)
.with_token(token);
let change = builder.build();
let response = if is_dry {
change.validate_for_input().await?
} else {
change.validate().await?;
change.commit().await?;
HttpResponse::Ok().body(
html! {
div class="block mb-3" {
"Passwort erfolgreich geändert."
}
a class="block button is-primary" hx-boost="true" href="/login"{
"Zum Login"
}
}
.into_string(),
)
};
return Ok(response);
} else {
return Ok(HttpResponse::BadRequest().finish());
}
}

89
web/src/endpoints/user/post_reset_password.rs
View File

@ -1,89 +0,0 @@
use actix_web::{web, Either, HttpResponse, Responder};
use maud::html;
use serde::Deserialize;
use sqlx::PgPool;
use crate::{
mail::Mailer,
utils::{password_change::PasswordChangeBuilder, ApplicationError, HtmxTargetHeader},
};
use brass_db::models::{PasswordReset, User};
#[derive(Deserialize, Debug)]
struct RequestResetPasswordForm {
email: String,
}
#[derive(Deserialize, Debug)]
struct ResetPasswordForm {
token: String,
password: String,
passwordretyped: String,
}
#[actix_web::post("/reset-password")]
async fn post(
form: Either<web::Form<RequestResetPasswordForm>, web::Form<ResetPasswordForm>>,
header: web::Header<HtmxTargetHeader>,
pool: web::Data<PgPool>,
mailer: web::Data<Mailer>,
) -> Result<impl Responder, ApplicationError> {
match form {
Either::Left(form) => {
if let Some(user) =
User::read_for_login(pool.get_ref(), &form.email.to_lowercase()).await?
{
let reset = PasswordReset::insert_new_for_user(pool.get_ref(), user.id).await?;
mailer
.send_forgot_password_mail(&user, &reset.token)
.await?;
}
return Ok(HttpResponse::Ok().body("E-Mail versandt!"));
}
Either::Right(form) => {
let is_dry = header.is_some_and_equal("password-strength");
let Some(token) = PasswordReset::does_token_exist(pool.get_ref(), &form.token).await?
else {
return Ok(HttpResponse::NoContent().finish());
};
let mut builder = PasswordChangeBuilder::<PasswordReset>::new(
pool.get_ref(),
token.userid,
&form.password,
&form.passwordretyped,
)
.with_token(token);
let change = builder.build();
let response = if is_dry {
match change.validate_for_input().await {
Ok(r) => r,
Err(e) => HttpResponse::UnprocessableEntity().body(e.message),
}
} else {
if let Err(e) = change.validate().await {
return Ok(HttpResponse::UnprocessableEntity().body(e.message));
}
change.commit().await?;
HttpResponse::Ok().body(
html! {
div class="block mb-3" {
"Passwort erfolgreich geändert."
}
a class="block button is-primary" hx-boost="true" href="/login"{
"Zum Login"
}
}
.into_string(),
)
};
return Ok(response);
}
}
}

8
web/src/utils/application_error.rs
View File

@ -1,6 +1,8 @@
use actix_web::{http::StatusCode, HttpResponse};
use thiserror::Error;
use super::password_change::PasswordChangeError;
#[derive(Debug, Error)]
pub enum ApplicationError {
#[error("unsupported value for enum")]
@ -23,6 +25,11 @@ pub enum ApplicationError {
Hash(#[from] argon2::password_hash::Error),
#[error("templating failed")]
Template(#[from] askama::Error),
#[error("{}", inner.message)]
PasswordChange {
#[from]
inner: PasswordChangeError,
},
}
impl actix_web::error::ResponseError for ApplicationError {
@ -38,6 +45,7 @@ impl actix_web::error::ResponseError for ApplicationError {
ApplicationError::Hash(_) => StatusCode::INTERNAL_SERVER_ERROR,
ApplicationError::Template(_) => StatusCode::INTERNAL_SERVER_ERROR,
ApplicationError::EmailStubTransport(_) => StatusCode::INTERNAL_SERVER_ERROR,
ApplicationError::PasswordChange { .. } => StatusCode::BAD_REQUEST,
}
}

47
web/src/utils/htmx_target_header.rs
View File

@ -1,47 +0,0 @@
use std::str::FromStr;
use actix_http::header::{Header, HeaderName, HeaderValue, InvalidHeaderValue, TryIntoHeaderValue};
use actix_web::error::ParseError;
#[derive(Debug)]
pub struct HtmxTargetHeader(Option<String>);
impl Header for HtmxTargetHeader {
fn name() -> HeaderName {
HeaderName::from_str("HX-Target").unwrap()
}
fn parse<M: actix_web::HttpMessage>(msg: &M) -> Result<Self, actix_web::error::ParseError> {
let header = msg.headers().get(Self::name());
if let Some(line) = header {
let line = line.to_str().map_err(|_| ParseError::Header)?;
if line.is_empty() {
return Err(ParseError::Header);
}
return Ok(self::HtmxTargetHeader(Some(line.to_string())));
} else {
Ok(self::HtmxTargetHeader(None))
}
}
}
impl TryIntoHeaderValue for HtmxTargetHeader {
type Error = InvalidHeaderValue;
#[inline]
fn try_into_value(self) -> Result<HeaderValue, Self::Error> {
if let Some(s) = self.0 {
return s.try_into_value();
} else {
HeaderValue::from_str("")
}
}
}
impl HtmxTargetHeader {
pub fn is_some_and_equal(&self, target: &str) -> bool {
self.0.as_ref().is_some_and(|t| t == target)
}
}

2
web/src/utils/mod.rs
View File

@ -3,7 +3,6 @@ mod application_error;
pub mod auth;
mod date_time_format;
pub mod event_planning_template;
mod htmx_target_header;
pub mod manage_commands;
pub mod password_change;
mod template_response_trait;
@ -14,7 +13,6 @@ pub mod test_helper;
pub use app_customization::Customization;
pub use application_error::ApplicationError;
pub use date_time_format::DateTimeFormat;
pub use htmx_target_header::HtmxTargetHeader;
pub use template_response_trait::TemplateResponse;
use chrono::{NaiveDate, Utc};

37
web/src/utils/password_change/mod.rs
View File

@ -1,6 +1,5 @@
use maud::html;
use thiserror::Error;
use tracing::error;
use zxcvbn::{
feedback::{Suggestion, Warning},
Entropy,
@ -18,28 +17,6 @@ pub struct PasswordChangeError {
pub message: String,
}
impl PasswordChangeError {
pub fn new(message: &str) -> Self {
PasswordChangeError {
message: message.to_string(),
}
}
}
impl From<sqlx::Error> for PasswordChangeError {
fn from(value: sqlx::Error) -> Self {
error!(error = %value, "database error while validation input");
Self::new("Datenbankfehler beim Validieren!")
}
}
impl From<argon2::password_hash::Error> for PasswordChangeError {
fn from(value: argon2::password_hash::Error) -> Self {
error!(error = %value, "argon2 hash error while validation input");
Self::new("Hashingfehler beim Validieren!")
}
}
fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
let feedback = entropy.feedback().unwrap();
@ -85,11 +62,11 @@ fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
"Vorschlag"
};
let suggestions = feedback
let suggestion = feedback
.suggestions()
.iter()
.map(|s| {
match s {
let inner = match s {
Suggestion::UseAFewWordsAvoidCommonPhrases => "Mehrere Wörter verwenden, aber allgemeine Phrasen vermeiden.",
Suggestion::NoNeedForSymbolsDigitsOrUppercaseLetters => "Es ist möglich, starke Passwörter zu erstellen, ohne Symbole, Zahlen oder Großbuchstaben zu verwenden.",
Suggestion::AddAnotherWordOrTwo => "Weitere Wörter, die weniger häufig vorkommen, hinzufügen.",
@ -103,10 +80,12 @@ fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
Suggestion::AvoidRecentYears => "Die jüngsten Jahreszahlen vermeiden.",
Suggestion::AvoidYearsThatAreAssociatedWithYou => "Jahre, die mit persönlichen Daten in Verbindung gebracht werden können, vermeiden.",
Suggestion::AvoidDatesAndYearsThatAreAssociatedWithYou => "Daten, die mit persönlichen Daten in Verbindung gebracht werden können, vermeiden.",
}
};
format!("<li>{inner}</li>")
})
.collect::<Vec<&str>>();
.collect::<Vec<String>>()
.join("");
html!(
{
@ -114,9 +93,7 @@ fn generate_help_message_for_entropy(entropy: &Entropy) -> String {
p { ( warning )}
(vorschlag_text) ":"
ul {
@for s in &suggestions {
li { (s) }
}
(suggestion)
}
}

4
web/src/utils/password_change/password_change.rs
View File

@ -28,7 +28,7 @@ where
T: Token,
{
/// should be called after password input has changed to hint the user of any input related problems
pub async fn validate_for_input(&self) -> Result<HttpResponse, PasswordChangeError> {
pub async fn validate_for_input(&self) -> Result<HttpResponse, ApplicationError> {
if self.password.chars().count() > 256 {
return Err(PasswordChangeError {
message: html! {
@ -68,7 +68,7 @@ where
}
/// should be called after the form is fully filled and submit is clicked
pub async fn validate(&self) -> Result<(), PasswordChangeError> {
pub async fn validate(&self) -> Result<(), ApplicationError> {
self.validate_for_input().await?;
if let Some(current_password) = self.current_password {

14
web/templates/user/change_password.html
View File

@ -4,17 +4,19 @@
<section class="section">
<div class="container">
<h1 class="title">{{ title }}</h1>
<form class="box" hx-post="{{ endpoint }}" hx-target-422="#error-message-retype"
_="on input put '' into #error-message-retype">
<form class="box" hx-post="{{ endpoint }}" hx-params="not dry" hx-target-400="#error-message-retype"
hx-on:input="document.getElementById('error-message-retype').innerHTML = ''">
<input type="hidden" name="token" value="{{ token }}" />
<input type="hidden" name="dry" value="true" />
<div class="field">
<label class="label" for="password">{{ new_password_label }}</label>
<div class="control">
<input class="input" hx-post="{{ endpoint }}" hx-trigger="keyup changed delay:500ms"
hx-target="#password-strength" hx-target-422="#password-strength" placeholder="**********"
name="password" type="password" required hx-swap="outerHTML" maxlength=256
_="on input put '' into #password-strength">
<input class="input" hx-post="{{ endpoint }}" hx-params="*" hx-trigger="keyup changed delay:500ms"
hx-target="#password-strength" hx-target-400="#password-strength" placeholder="**********" name="password"
type="password" required hx-swap="outerHTML" maxlength=256
hx-on:input="document.getElementById('password-strength').innerHTML = ''">
</div>
<div id="password-strength" class="mb-3 help content"></div>
</div>

15
web/templates/user/profile_change_password.html
View File

@ -3,8 +3,10 @@
<a href="/profile" hx-boost="true" class="button is-link is-light">Schließen</a>
</div>
</div>
<form class="box" hx-post="/users/changepassword" hx-target-422="#error-message"
_="on change put '' into #error-message">
<form class="box" hx-post="/users/changepassword" hx-params="not dry" hx-target-400="#error-message"
hx-on:change="document.getElementById('error-message').innerHTML = ''">
<input type="hidden" name="dry" value="true" />
<div class="field">
<label class="label" for="currentpassword">aktuelles Passwort:</label>
@ -16,11 +18,12 @@
<div class="field">
<label class="label" for="password">neues Passwort:</label>
<div class="control">
<input class="input" hx-trigger="keyup changed delay:500ms" hx-target="#password-strength"
hx-post="/users/changepassword" hx-target-422="#password-strength" placeholder="**********" name="password"
type="password" required hx-swap="outerHTML" maxlength=256 _="on input put '' into #password-strength">
<input class="input" hx-post="/users/changepassword" hx-params="*" hx-trigger="keyup changed delay:500ms"
hx-target="#password-strength" hx-target-400="#password-strength" placeholder="**********" name="password"
type="password" required hx-swap="outerHTML" maxlength=256
hx-on:input="document.getElementById('password-strength').innerHTML = ''">
</div>
<div id="password-strength" class=" mb-3 help content"></div>
<div id="password-strength" class="mb-3 help content"></div>
</div>
<div class="field">