2018-05-19 09:39:59 +02:00
|
|
|
use rocket::{
|
2018-09-30 11:56:12 +02:00
|
|
|
http::{Cookie, Cookies, SameSite, uri::Uri},
|
2018-07-06 11:51:19 +02:00
|
|
|
response::Redirect,
|
2018-06-24 18:58:57 +02:00
|
|
|
request::{LenientForm,FlashMessage}
|
2018-05-19 09:39:59 +02:00
|
|
|
};
|
2018-04-24 11:21:39 +02:00
|
|
|
use rocket_contrib::Template;
|
2018-09-08 01:11:27 +02:00
|
|
|
use rocket::http::ext::IntoOwned;
|
2018-08-18 12:37:40 +02:00
|
|
|
use std::borrow::Cow;
|
2018-07-06 11:51:19 +02:00
|
|
|
use validator::{Validate, ValidationError, ValidationErrors};
|
2018-04-24 11:21:39 +02:00
|
|
|
|
2018-06-23 18:36:11 +02:00
|
|
|
use plume_models::{
|
|
|
|
db_conn::DbConn,
|
|
|
|
users::{User, AUTH_COOKIE}
|
|
|
|
};
|
2018-04-23 11:52:44 +02:00
|
|
|
|
|
|
|
#[get("/login")]
|
2018-09-03 15:59:02 +02:00
|
|
|
fn new(user: Option<User>, conn: DbConn) -> Template {
|
2018-05-10 22:31:52 +02:00
|
|
|
Template::render("session/login", json!({
|
2018-09-03 15:59:02 +02:00
|
|
|
"account": user.map(|u| u.to_json(&*conn)),
|
|
|
|
"errors": null,
|
2018-07-06 19:29:36 +02:00
|
|
|
"form": null
|
2018-05-10 22:31:52 +02:00
|
|
|
}))
|
2018-04-23 11:52:44 +02:00
|
|
|
}
|
|
|
|
|
2018-06-04 20:21:43 +02:00
|
|
|
#[derive(FromForm)]
|
|
|
|
struct Message {
|
|
|
|
m: String
|
|
|
|
}
|
|
|
|
|
|
|
|
#[get("/login?<message>")]
|
2018-09-03 15:59:02 +02:00
|
|
|
fn new_message(user: Option<User>, message: Message, conn: DbConn) -> Template {
|
2018-06-04 20:21:43 +02:00
|
|
|
Template::render("session/login", json!({
|
2018-09-03 15:59:02 +02:00
|
|
|
"account": user.map(|u| u.to_json(&*conn)),
|
2018-07-06 19:29:36 +02:00
|
|
|
"message": message.m,
|
|
|
|
"errors": null,
|
|
|
|
"form": null
|
2018-06-04 20:21:43 +02:00
|
|
|
}))
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-07-06 21:59:17 +02:00
|
|
|
#[derive(FromForm, Validate, Serialize)]
|
2018-04-23 11:52:44 +02:00
|
|
|
struct LoginForm {
|
2018-07-07 22:51:48 +02:00
|
|
|
#[validate(length(min = "1", message = "We need an email or a username to identify you"))]
|
2018-04-23 11:52:44 +02:00
|
|
|
email_or_name: String,
|
2018-08-18 12:37:40 +02:00
|
|
|
#[validate(length(min = "1", message = "Your password can't be empty"))]
|
2018-04-23 11:52:44 +02:00
|
|
|
password: String
|
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/login", data = "<data>")]
|
2018-07-06 11:51:19 +02:00
|
|
|
fn create(conn: DbConn, data: LenientForm<LoginForm>, flash: Option<FlashMessage>, mut cookies: Cookies) -> Result<Redirect, Template> {
|
2018-04-23 11:52:44 +02:00
|
|
|
let form = data.get();
|
2018-07-06 11:51:19 +02:00
|
|
|
let user = User::find_by_email(&*conn, form.email_or_name.to_string())
|
|
|
|
.map(|u| Ok(u))
|
|
|
|
.unwrap_or_else(|| User::find_local(&*conn, form.email_or_name.to_string()).map(|u| Ok(u)).unwrap_or(Err(())));
|
2018-08-18 12:37:40 +02:00
|
|
|
|
2018-07-06 11:51:19 +02:00
|
|
|
let mut errors = match form.validate() {
|
|
|
|
Ok(_) => ValidationErrors::new(),
|
|
|
|
Err(e) => e
|
2018-04-23 11:52:44 +02:00
|
|
|
};
|
2018-07-06 11:51:19 +02:00
|
|
|
if let Err(_) = user.clone() {
|
2018-09-03 19:04:21 +02:00
|
|
|
// Fake password verification, only to avoid different login times
|
|
|
|
// that could be used to see if an email adress is registered or not
|
|
|
|
User::get(&*conn, 1).map(|u| u.auth(form.password.clone()));
|
|
|
|
|
2018-08-18 12:37:40 +02:00
|
|
|
let mut err = ValidationError::new("invalid_login");
|
|
|
|
err.message = Some(Cow::from("Invalid username or password"));
|
|
|
|
errors.add("email_or_name", err)
|
2018-07-06 11:51:19 +02:00
|
|
|
} else if !user.clone().expect("User not found").auth(form.password.clone()) {
|
2018-08-18 12:37:40 +02:00
|
|
|
let mut err = ValidationError::new("invalid_login");
|
|
|
|
err.message = Some(Cow::from("Invalid username or password"));
|
|
|
|
errors.add("email_or_name", err)
|
2018-07-06 11:51:19 +02:00
|
|
|
}
|
2018-08-18 12:37:40 +02:00
|
|
|
|
2018-07-06 11:51:19 +02:00
|
|
|
if errors.is_empty() {
|
2018-09-30 11:56:12 +02:00
|
|
|
cookies.add_private(Cookie::build(AUTH_COOKIE, user.unwrap().id.to_string())
|
|
|
|
.same_site(SameSite::Lax)
|
|
|
|
.finish());
|
2018-09-08 01:11:27 +02:00
|
|
|
|
|
|
|
let destination = flash
|
|
|
|
.and_then(|f| if f.name() == "callback" {
|
|
|
|
Some(f.msg().to_owned())
|
|
|
|
} else {
|
|
|
|
None
|
|
|
|
})
|
|
|
|
.unwrap_or("/".to_owned());
|
|
|
|
|
|
|
|
let uri = Uri::parse(&destination)
|
|
|
|
.map(|x| x.into_owned())
|
|
|
|
.map_err(|_| {
|
|
|
|
Template::render("session/login", json!({
|
|
|
|
"account": null,
|
|
|
|
"errors": errors.inner(),
|
|
|
|
"form": form
|
|
|
|
}))
|
|
|
|
})?;
|
|
|
|
|
|
|
|
Ok(Redirect::to(uri))
|
2018-07-06 11:51:19 +02:00
|
|
|
} else {
|
2018-08-18 12:37:40 +02:00
|
|
|
println!("{:?}", errors);
|
2018-07-06 11:51:19 +02:00
|
|
|
Err(Template::render("session/login", json!({
|
2018-08-18 12:37:40 +02:00
|
|
|
"account": null,
|
2018-07-06 19:29:36 +02:00
|
|
|
"errors": errors.inner(),
|
|
|
|
"form": form
|
2018-07-06 11:51:19 +02:00
|
|
|
})))
|
2018-04-23 11:52:44 +02:00
|
|
|
}
|
|
|
|
}
|
2018-04-23 13:13:49 +02:00
|
|
|
|
|
|
|
#[get("/logout")]
|
|
|
|
fn delete(mut cookies: Cookies) -> Redirect {
|
|
|
|
let cookie = cookies.get_private(AUTH_COOKIE).unwrap();
|
|
|
|
cookies.remove_private(cookie);
|
|
|
|
Redirect::to("/")
|
|
|
|
}
|