Plume/src/routes/session.rs

116 lines
3.5 KiB
Rust
Raw Normal View History

2018-05-19 09:39:59 +02:00
use rocket::{
http::{Cookie, Cookies, SameSite, uri::Uri},
2018-07-06 11:51:19 +02:00
response::Redirect,
2018-06-24 18:58:57 +02:00
request::{LenientForm,FlashMessage}
2018-05-19 09:39:59 +02:00
};
2018-04-24 11:21:39 +02:00
use rocket_contrib::Template;
use rocket::http::ext::IntoOwned;
2018-08-18 12:37:40 +02:00
use std::borrow::Cow;
2018-07-06 11:51:19 +02:00
use validator::{Validate, ValidationError, ValidationErrors};
2018-04-24 11:21:39 +02:00
use plume_models::{
db_conn::DbConn,
users::{User, AUTH_COOKIE}
};
2018-04-23 11:52:44 +02:00
#[get("/login")]
2018-09-03 15:59:02 +02:00
fn new(user: Option<User>, conn: DbConn) -> Template {
2018-05-10 22:31:52 +02:00
Template::render("session/login", json!({
2018-09-03 15:59:02 +02:00
"account": user.map(|u| u.to_json(&*conn)),
"errors": null,
"form": null
2018-05-10 22:31:52 +02:00
}))
2018-04-23 11:52:44 +02:00
}
#[derive(FromForm)]
struct Message {
m: String
}
#[get("/login?<message>")]
2018-09-03 15:59:02 +02:00
fn new_message(user: Option<User>, message: Message, conn: DbConn) -> Template {
Template::render("session/login", json!({
2018-09-03 15:59:02 +02:00
"account": user.map(|u| u.to_json(&*conn)),
"message": message.m,
"errors": null,
"form": null
}))
}
2018-07-06 21:59:17 +02:00
#[derive(FromForm, Validate, Serialize)]
2018-04-23 11:52:44 +02:00
struct LoginForm {
#[validate(length(min = "1", message = "We need an email or a username to identify you"))]
2018-04-23 11:52:44 +02:00
email_or_name: String,
2018-08-18 12:37:40 +02:00
#[validate(length(min = "1", message = "Your password can't be empty"))]
2018-04-23 11:52:44 +02:00
password: String
}
#[post("/login", data = "<data>")]
2018-07-06 11:51:19 +02:00
fn create(conn: DbConn, data: LenientForm<LoginForm>, flash: Option<FlashMessage>, mut cookies: Cookies) -> Result<Redirect, Template> {
2018-04-23 11:52:44 +02:00
let form = data.get();
let user = User::find_by_email(&*conn, &form.email_or_name)
.or_else(|| User::find_local(&*conn, &form.email_or_name));
2018-07-06 11:51:19 +02:00
let mut errors = match form.validate() {
Ok(_) => ValidationErrors::new(),
Err(e) => e
2018-04-23 11:52:44 +02:00
};
if let Some(user) = user.clone() {
if !user.auth(&form.password) {
let mut err = ValidationError::new("invalid_login");
err.message = Some(Cow::from("Invalid username or password"));
errors.add("email_or_name", err)
}
} else {
// Fake password verification, only to avoid different login times
// that could be used to see if an email adress is registered or not
User::get(&*conn, 1).map(|u| u.auth(&form.password));
2018-08-18 12:37:40 +02:00
let mut err = ValidationError::new("invalid_login");
err.message = Some(Cow::from("Invalid username or password"));
errors.add("email_or_name", err)
2018-07-06 11:51:19 +02:00
}
2018-08-18 12:37:40 +02:00
2018-07-06 11:51:19 +02:00
if errors.is_empty() {
cookies.add_private(Cookie::build(AUTH_COOKIE, user.unwrap().id.to_string())
.same_site(SameSite::Lax)
.finish());
let destination = flash
.and_then(|f| if f.name() == "callback" {
Some(f.msg().to_owned())
} else {
None
})
.unwrap_or_else(|| "/".to_owned());
let uri = Uri::parse(&destination)
.map(|x| x.into_owned())
.map_err(|_| {
Template::render("session/login", json!({
"account": null,
"errors": errors.inner(),
"form": form
}))
})?;
Ok(Redirect::to(uri))
2018-07-06 11:51:19 +02:00
} else {
2018-08-18 12:37:40 +02:00
println!("{:?}", errors);
2018-07-06 11:51:19 +02:00
Err(Template::render("session/login", json!({
2018-08-18 12:37:40 +02:00
"account": null,
"errors": errors.inner(),
"form": form
2018-07-06 11:51:19 +02:00
})))
2018-04-23 11:52:44 +02:00
}
}
2018-04-23 13:13:49 +02:00
#[get("/logout")]
fn delete(mut cookies: Cookies) -> Redirect {
if let Some(cookie) = cookies.get_private(AUTH_COOKIE) {
cookies.remove_private(cookie);
}
2018-04-23 13:13:49 +02:00
Redirect::to("/")
}