gorb/backend
4
0
Fork 1
Code Issues 1 Pull requests 1 Projects Releases Packages 1 Wiki Activity Actions

feat: add password reset

Browse source
This commit is contained in:
Radical 2025-05-28 23:13:41 +02:00
parent 695ecd96f1
commit 501141b584
8 changed files with 301 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

59
src/api/v1/auth/login.rs
View file

@ -5,15 +5,14 @@ use argon2::{PasswordHash, PasswordVerifier};
use diesel::{ExpressionMethods, QueryDsl, dsl::insert_into};
use diesel_async::RunQueryDsl;
use serde::Deserialize;
use uuid::Uuid;
use crate::{
Data,
error::Error,
schema::*,
utils::{
EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_access_token, generate_refresh_token,
refresh_token_cookie,
PASSWORD_REGEX, generate_access_token, generate_refresh_token,
refresh_token_cookie, user_uuid_from_identifier
},
};
@ -39,58 +38,20 @@ pub async fn response(
let mut conn = data.pool.get().await?;
if EMAIL_REGEX.is_match(&login_information.username) {
// FIXME: error handling, right now i just want this to work
let (uuid, password): (Uuid, String) = dsl::users
.filter(dsl::email.eq(&login_information.username))
.select((dsl::uuid, dsl::password))
.get_result(&mut conn)
.await?;
let uuid = user_uuid_from_identifier(&mut conn, &login_information.username).await?;
return login(
data.clone(),
uuid,
login_information.password.clone(),
password,
login_information.device_name.clone(),
)
.await;
} else if USERNAME_REGEX.is_match(&login_information.username) {
// FIXME: error handling, right now i just want this to work
let (uuid, password): (Uuid, String) = dsl::users
.filter(dsl::username.eq(&login_information.username))
.select((dsl::uuid, dsl::password))
.get_result(&mut conn)
.await?;
return login(
data.clone(),
uuid,
login_information.password.clone(),
password,
login_information.device_name.clone(),
)
.await;
}
Ok(HttpResponse::Unauthorized().finish())
}
async fn login(
data: actix_web::web::Data<Data>,
uuid: Uuid,
request_password: String,
database_password: String,
device_name: String,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?;
let database_password: String = dsl::users
.filter(dsl::uuid.eq(uuid))
.select(dsl::password)
.get_result(&mut conn)
.await?;
let parsed_hash = PasswordHash::new(&database_password)
.map_err(|e| Error::PasswordHashError(e.to_string()))?;
if data
.argon2
.verify_password(request_password.as_bytes(), &parsed_hash)
.verify_password(login_information.password.as_bytes(), &parsed_hash)
.is_err()
{
return Err(Error::Unauthorized(
@ -110,7 +71,7 @@ async fn login(
rdsl::token.eq(&refresh_token),
rdsl::uuid.eq(uuid),
rdsl::created_at.eq(current_time),
rdsl::device_name.eq(device_name),
rdsl::device_name.eq(&login_information.device_name),
))
.execute(&mut conn)
.await?;

9
src/api/v1/auth/mod.rs
View file

@ -1,12 +1,8 @@
use std::{
sync::LazyLock,
time::{SystemTime, UNIX_EPOCH},
};
use std::time::{SystemTime, UNIX_EPOCH};
use actix_web::{Scope, web};
use diesel::{ExpressionMethods, QueryDsl};
use diesel_async::RunQueryDsl;
use regex::Regex;
use serde::Serialize;
use uuid::Uuid;
@ -17,6 +13,7 @@ mod refresh;
mod register;
mod revoke;
mod verify_email;
mod reset_password;
#[derive(Serialize)]
struct Response {
@ -31,6 +28,8 @@ pub fn web() -> Scope {
.service(revoke::res)
.service(verify_email::get)
.service(verify_email::post)
.service(reset_password::get)
.service(reset_password::post)
}
pub async fn check_access_token(access_token: &str, conn: &mut Conn) -> Result<Uuid, Error> {

90
src/api/v1/auth/reset_password.rs Normal file
View file

@ -0,0 +1,90 @@
//! `/api/v1/auth/reset-password` Endpoints for resetting user password
use actix_web::{HttpResponse, get, post, web};
use chrono::{Duration, Utc};
use serde::Deserialize;
use crate::{
error::Error, structs::PasswordResetToken, Data
};
#[derive(Deserialize)]
struct Query {
identifier: String,
}
/// `GET /api/v1/auth/reset-password` Sends password reset email to user
///
/// requires auth? no
///
/// ### Query Parameters
/// identifier: Email or username
///
/// ### Responses
/// 200 Email sent
/// 429 Too Many Requests
/// 404 Not found
/// 400 Bad request
///
#[get("/reset-password")]
pub async fn get(
query: web::Query<Query>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?;
if let Ok(password_reset_token) = PasswordResetToken::get_with_identifier(&mut conn, query.identifier.clone()).await {
if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(1) {
password_reset_token.delete(&mut conn).await?;
} else {
return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string()))
}
}
PasswordResetToken::new(&data, query.identifier.clone()).await?;
Ok(HttpResponse::Ok().finish())
}
#[derive(Deserialize)]
struct ResetPassword {
password: String,
token: String,
}
/// `POST /api/v1/auth/reset-password` Resets user password
///
/// requires auth? no
///
/// ### Request Example:
/// ```
/// json!({
/// "password": "1608c17a27f6ae3891c23d680c73ae91528f20a54dcf4973e2c3126b9734f48b7253047f2395b51bb8a44a6daa188003",
/// "token": "a3f7e29c1b8d0456e2c9f83b7a1d6e4f5028c3b9a7e1f2d5c6b8a0d3e7f4a2b"
/// });
/// ```
///
/// ### Responses
/// 200 Success
/// 410 Token Expired
/// 404 Not Found
/// 400 Bad Request
///
#[post("/reset-password")]
pub async fn post(
reset_password: web::Json<ResetPassword>,
data: web::Data<Data>,
) -> Result<HttpResponse, Error> {
let mut conn = data.pool.get().await?;
let password_reset_token = PasswordResetToken::get(&mut conn, reset_password.token.clone()).await?;
if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(24) {
password_reset_token.delete(&mut conn).await?;
return Ok(HttpResponse::Gone().finish());
}
password_reset_token.set_password(&data, reset_password.password.clone()).await?;
Ok(HttpResponse::Ok().finish())
}