feat: add password reset

2025-05-28 23:13:41 +02:00 · 2025-05-28 23:13:41 +02:00 · 501141b584
commit 501141b584
parent 695ecd96f1
8 changed files with 301 additions and 61 deletions
--- a/src/api/v1/auth/login.rs
+++ b/src/api/v1/auth/login.rs
@ -5,15 +5,14 @@ use argon2::{PasswordHash, PasswordVerifier};
 use diesel::{ExpressionMethods, QueryDsl, dsl::insert_into};
 use diesel_async::RunQueryDsl;
 use serde::Deserialize;
-use uuid::Uuid;

 use crate::{
    Data,
    error::Error,
    schema::*,
    utils::{
-        EMAIL_REGEX, PASSWORD_REGEX, USERNAME_REGEX, generate_access_token, generate_refresh_token,
-        refresh_token_cookie,
+        PASSWORD_REGEX, generate_access_token, generate_refresh_token,
+        refresh_token_cookie, user_uuid_from_identifier
    },
 };

@ -39,58 +38,20 @@ pub async fn response(

    let mut conn = data.pool.get().await?;

-    if EMAIL_REGEX.is_match(&login_information.username) {
-        // FIXME: error handling, right now i just want this to work
-        let (uuid, password): (Uuid, String) = dsl::users
-            .filter(dsl::email.eq(&login_information.username))
-            .select((dsl::uuid, dsl::password))
-            .get_result(&mut conn)
-            .await?;
+    let uuid = user_uuid_from_identifier(&mut conn, &login_information.username).await?;

-        return login(
-            data.clone(),
-            uuid,
-            login_information.password.clone(),
-            password,
-            login_information.device_name.clone(),
-        )
-        .await;
-    } else if USERNAME_REGEX.is_match(&login_information.username) {
-        // FIXME: error handling, right now i just want this to work
-        let (uuid, password): (Uuid, String) = dsl::users
-            .filter(dsl::username.eq(&login_information.username))
-            .select((dsl::uuid, dsl::password))
-            .get_result(&mut conn)
-            .await?;
-
-        return login(
-            data.clone(),
-            uuid,
-            login_information.password.clone(),
-            password,
-            login_information.device_name.clone(),
-        )
-        .await;
-    }
-
-    Ok(HttpResponse::Unauthorized().finish())
-}
-
-async fn login(
-    data: actix_web::web::Data<Data>,
-    uuid: Uuid,
-    request_password: String,
-    database_password: String,
-    device_name: String,
-) -> Result<HttpResponse, Error> {
-    let mut conn = data.pool.get().await?;
+    let database_password: String = dsl::users
+        .filter(dsl::uuid.eq(uuid))
+        .select(dsl::password)
+        .get_result(&mut conn)
+        .await?;

    let parsed_hash = PasswordHash::new(&database_password)
        .map_err(|e| Error::PasswordHashError(e.to_string()))?;

    if data
        .argon2
-        .verify_password(request_password.as_bytes(), &parsed_hash)
+        .verify_password(login_information.password.as_bytes(), &parsed_hash)
        .is_err()
    {
        return Err(Error::Unauthorized(
@ -110,7 +71,7 @@ async fn login(
            rdsl::token.eq(&refresh_token),
            rdsl::uuid.eq(uuid),
            rdsl::created_at.eq(current_time),
-            rdsl::device_name.eq(device_name),
+            rdsl::device_name.eq(&login_information.device_name),
        ))
        .execute(&mut conn)
        .await?;
--- a/src/api/v1/auth/mod.rs
+++ b/src/api/v1/auth/mod.rs
@ -1,12 +1,8 @@
-use std::{
-    sync::LazyLock,
-    time::{SystemTime, UNIX_EPOCH},
-};
+use std::time::{SystemTime, UNIX_EPOCH};

 use actix_web::{Scope, web};
 use diesel::{ExpressionMethods, QueryDsl};
 use diesel_async::RunQueryDsl;
-use regex::Regex;
 use serde::Serialize;
 use uuid::Uuid;

@ -17,6 +13,7 @@ mod refresh;
 mod register;
 mod revoke;
 mod verify_email;
+mod reset_password;

 #[derive(Serialize)]
 struct Response {
@ -31,6 +28,8 @@ pub fn web() -> Scope {
        .service(revoke::res)
        .service(verify_email::get)
        .service(verify_email::post)
+        .service(reset_password::get)
+        .service(reset_password::post)
 }

 pub async fn check_access_token(access_token: &str, conn: &mut Conn) -> Result<Uuid, Error> {
--- a/src/api/v1/auth/reset_password.rs
+++ b/src/api/v1/auth/reset_password.rs
@ -0,0 +1,90 @@
+//! `/api/v1/auth/reset-password` Endpoints for resetting user password
+
+use actix_web::{HttpResponse, get, post, web};
+use chrono::{Duration, Utc};
+use serde::Deserialize;
+
+use crate::{
+    error::Error, structs::PasswordResetToken, Data
+};
+
+#[derive(Deserialize)]
+struct Query {
+    identifier: String,
+}
+
+/// `GET /api/v1/auth/reset-password` Sends password reset email to user
+/// 
+/// requires auth? no
+/// 
+/// ### Query Parameters
+/// identifier: Email or username
+/// 
+/// ### Responses
+/// 200 Email sent
+/// 429 Too Many Requests
+/// 404 Not found
+/// 400 Bad request
+/// 
+#[get("/reset-password")]
+pub async fn get(
+    query: web::Query<Query>,
+    data: web::Data<Data>,
+) -> Result<HttpResponse, Error> {
+    let mut conn = data.pool.get().await?;
+
+    if let Ok(password_reset_token) = PasswordResetToken::get_with_identifier(&mut conn, query.identifier.clone()).await {
+        if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(1) {
+            password_reset_token.delete(&mut conn).await?;
+        } else {
+            return Err(Error::TooManyRequests("Please allow 1 hour before sending a new email".to_string()))
+        }
+    }
+
+    PasswordResetToken::new(&data, query.identifier.clone()).await?;
+
+    Ok(HttpResponse::Ok().finish())
+}
+
+#[derive(Deserialize)]
+struct ResetPassword {
+    password: String,
+    token: String,
+}
+
+/// `POST /api/v1/auth/reset-password` Resets user password
+/// 
+/// requires auth? no
+/// 
+/// ### Request Example:
+/// ```
+/// json!({
+///     "password": "1608c17a27f6ae3891c23d680c73ae91528f20a54dcf4973e2c3126b9734f48b7253047f2395b51bb8a44a6daa188003",
+///     "token": "a3f7e29c1b8d0456e2c9f83b7a1d6e4f5028c3b9a7e1f2d5c6b8a0d3e7f4a2b"
+/// });
+/// ```
+/// 
+/// ### Responses
+/// 200 Success
+/// 410 Token Expired
+/// 404 Not Found
+/// 400 Bad Request
+/// 
+#[post("/reset-password")]
+pub async fn post(
+    reset_password: web::Json<ResetPassword>,
+    data: web::Data<Data>,
+) -> Result<HttpResponse, Error> {
+    let mut conn = data.pool.get().await?;
+
+    let password_reset_token = PasswordResetToken::get(&mut conn, reset_password.token.clone()).await?;
+
+    if Utc::now().signed_duration_since(password_reset_token.created_at) > Duration::hours(24) {
+        password_reset_token.delete(&mut conn).await?;
+        return Ok(HttpResponse::Gone().finish());
+    }
+
+    password_reset_token.set_password(&data, reset_password.password.clone()).await?;
+
+    Ok(HttpResponse::Ok().finish())
+}