2020-01-21 07:02:03 +01:00
|
|
|
use crate::routes::RespondOrRedirect;
|
2019-02-27 13:29:26 +01:00
|
|
|
use lettre::Transport;
|
2019-03-20 17:56:17 +01:00
|
|
|
use rocket::http::ext::IntoOwned;
|
2018-05-19 09:39:59 +02:00
|
|
|
use rocket::{
|
2019-03-20 17:56:17 +01:00
|
|
|
http::{uri::Uri, Cookie, Cookies, SameSite},
|
2019-04-30 12:04:25 +02:00
|
|
|
request::{Form, LenientForm},
|
|
|
|
response::{Flash, Redirect},
|
2019-03-20 17:56:17 +01:00
|
|
|
State,
|
2018-05-19 09:39:59 +02:00
|
|
|
};
|
2018-12-06 18:54:16 +01:00
|
|
|
use rocket_i18n::I18n;
|
2019-03-20 17:56:17 +01:00
|
|
|
use std::{
|
|
|
|
borrow::Cow,
|
|
|
|
sync::{Arc, Mutex},
|
|
|
|
time::Instant,
|
|
|
|
};
|
|
|
|
use validator::{Validate, ValidationError, ValidationErrors};
|
2018-04-24 11:21:39 +02:00
|
|
|
|
2020-01-21 07:02:03 +01:00
|
|
|
use crate::mail::{build_mail, Mailer};
|
|
|
|
use crate::template_utils::{IntoContext, Ructe};
|
2018-06-23 18:36:11 +02:00
|
|
|
use plume_models::{
|
2019-06-04 20:55:17 +02:00
|
|
|
password_reset_requests::*,
|
2019-03-20 17:56:17 +01:00
|
|
|
users::{User, AUTH_COOKIE},
|
2019-04-17 19:31:47 +02:00
|
|
|
Error, PlumeRocket, CONFIG,
|
2018-06-23 18:36:11 +02:00
|
|
|
};
|
2018-12-29 09:36:07 +01:00
|
|
|
|
2018-12-06 18:54:16 +01:00
|
|
|
#[get("/login?<m>")]
|
2019-04-30 12:04:25 +02:00
|
|
|
pub fn new(m: Option<String>, rockets: PlumeRocket) -> Ructe {
|
2018-12-06 18:54:16 +01:00
|
|
|
render!(session::login(
|
2019-04-30 12:04:25 +02:00
|
|
|
&rockets.to_context(),
|
2018-12-13 22:20:19 +01:00
|
|
|
m,
|
2018-12-06 18:54:16 +01:00
|
|
|
&LoginForm::default(),
|
|
|
|
ValidationErrors::default()
|
|
|
|
))
|
2018-06-04 20:21:43 +02:00
|
|
|
}
|
|
|
|
|
2019-03-12 19:40:54 +01:00
|
|
|
#[derive(Default, FromForm, Validate)]
|
2018-12-06 18:54:16 +01:00
|
|
|
pub struct LoginForm {
|
2019-04-01 20:09:29 +02:00
|
|
|
#[validate(length(min = "1", message = "We need an email, or a username to identify you"))]
|
2018-12-06 18:54:16 +01:00
|
|
|
pub email_or_name: String,
|
2018-08-18 12:37:40 +02:00
|
|
|
#[validate(length(min = "1", message = "Your password can't be empty"))]
|
2019-03-20 17:56:17 +01:00
|
|
|
pub password: String,
|
2018-04-23 11:52:44 +02:00
|
|
|
}
|
|
|
|
|
2018-12-06 18:54:16 +01:00
|
|
|
#[post("/login", data = "<form>")]
|
2019-03-20 17:56:17 +01:00
|
|
|
pub fn create(
|
|
|
|
form: LenientForm<LoginForm>,
|
2020-01-21 07:02:03 +01:00
|
|
|
mut cookies: Cookies<'_>,
|
2019-04-17 19:31:47 +02:00
|
|
|
rockets: PlumeRocket,
|
2019-06-14 09:33:30 +02:00
|
|
|
) -> RespondOrRedirect {
|
2019-04-17 19:31:47 +02:00
|
|
|
let conn = &*rockets.conn;
|
2018-11-26 10:21:52 +01:00
|
|
|
let user = User::find_by_email(&*conn, &form.email_or_name)
|
2019-04-17 19:31:47 +02:00
|
|
|
.or_else(|_| User::find_by_fqn(&rockets, &form.email_or_name));
|
2018-07-06 11:51:19 +02:00
|
|
|
let mut errors = match form.validate() {
|
|
|
|
Ok(_) => ValidationErrors::new(),
|
2019-03-20 17:56:17 +01:00
|
|
|
Err(e) => e,
|
2018-04-23 11:52:44 +02:00
|
|
|
};
|
2018-12-06 18:54:16 +01:00
|
|
|
|
2018-12-29 09:36:07 +01:00
|
|
|
let user_id = if let Ok(user) = user {
|
2018-11-26 10:21:52 +01:00
|
|
|
if !user.auth(&form.password) {
|
2018-10-20 11:04:20 +02:00
|
|
|
let mut err = ValidationError::new("invalid_login");
|
2019-04-02 15:08:07 +02:00
|
|
|
err.message = Some(Cow::from("Invalid username, or password"));
|
2018-12-29 09:36:07 +01:00
|
|
|
errors.add("email_or_name", err);
|
|
|
|
String::new()
|
2018-12-31 11:45:59 +01:00
|
|
|
} else {
|
|
|
|
user.id.to_string()
|
2018-10-20 11:04:20 +02:00
|
|
|
}
|
|
|
|
} else {
|
2018-09-03 19:04:21 +02:00
|
|
|
// Fake password verification, only to avoid different login times
|
|
|
|
// that could be used to see if an email adress is registered or not
|
2019-03-20 17:56:17 +01:00
|
|
|
User::get(&*conn, 1)
|
|
|
|
.map(|u| u.auth(&form.password))
|
|
|
|
.expect("No user is registered");
|
2018-09-03 19:04:21 +02:00
|
|
|
|
2018-08-18 12:37:40 +02:00
|
|
|
let mut err = ValidationError::new("invalid_login");
|
2019-04-01 20:09:29 +02:00
|
|
|
err.message = Some(Cow::from("Invalid username, or password"));
|
2018-12-29 09:36:07 +01:00
|
|
|
errors.add("email_or_name", err);
|
|
|
|
String::new()
|
|
|
|
};
|
2018-08-18 12:37:40 +02:00
|
|
|
|
2019-06-14 09:33:30 +02:00
|
|
|
if !errors.is_empty() {
|
|
|
|
return render!(session::login(&rockets.to_context(), None, &*form, errors)).into();
|
|
|
|
}
|
2018-09-08 01:11:27 +02:00
|
|
|
|
2019-06-14 09:33:30 +02:00
|
|
|
cookies.add_private(
|
|
|
|
Cookie::build(AUTH_COOKIE, user_id)
|
|
|
|
.same_site(SameSite::Lax)
|
|
|
|
.finish(),
|
|
|
|
);
|
|
|
|
let destination = rockets
|
|
|
|
.flash_msg
|
|
|
|
.clone()
|
|
|
|
.and_then(
|
|
|
|
|(name, msg)| {
|
|
|
|
if name == "callback" {
|
|
|
|
Some(msg)
|
|
|
|
} else {
|
|
|
|
None
|
|
|
|
}
|
|
|
|
},
|
|
|
|
)
|
|
|
|
.unwrap_or_else(|| "/".to_owned());
|
2018-09-08 01:11:27 +02:00
|
|
|
|
2019-06-14 09:33:30 +02:00
|
|
|
if let Ok(uri) = Uri::parse(&destination).map(IntoOwned::into_owned) {
|
|
|
|
Flash::success(
|
2019-04-30 12:04:25 +02:00
|
|
|
Redirect::to(uri),
|
|
|
|
i18n!(&rockets.intl.catalog, "You are now connected."),
|
2019-06-14 09:33:30 +02:00
|
|
|
)
|
|
|
|
.into()
|
2018-07-06 11:51:19 +02:00
|
|
|
} else {
|
2019-06-14 09:33:30 +02:00
|
|
|
render!(session::login(
|
|
|
|
&(conn, &rockets.intl.catalog, None, None),
|
2018-12-06 18:54:16 +01:00
|
|
|
None,
|
|
|
|
&*form,
|
|
|
|
errors
|
2019-06-14 09:33:30 +02:00
|
|
|
))
|
|
|
|
.into()
|
2018-04-23 11:52:44 +02:00
|
|
|
}
|
|
|
|
}
|
2018-04-23 13:13:49 +02:00
|
|
|
|
|
|
|
#[get("/logout")]
|
2020-01-21 07:02:03 +01:00
|
|
|
pub fn delete(mut cookies: Cookies<'_>, intl: I18n) -> Flash<Redirect> {
|
2018-11-26 10:21:52 +01:00
|
|
|
if let Some(cookie) = cookies.get_private(AUTH_COOKIE) {
|
|
|
|
cookies.remove_private(cookie);
|
|
|
|
}
|
2019-04-30 12:04:25 +02:00
|
|
|
Flash::success(
|
|
|
|
Redirect::to("/"),
|
|
|
|
i18n!(intl.catalog, "You are now logged off."),
|
|
|
|
)
|
2018-04-23 13:13:49 +02:00
|
|
|
}
|
2019-02-27 13:29:26 +01:00
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct ResetRequest {
|
|
|
|
pub mail: String,
|
|
|
|
pub id: String,
|
|
|
|
pub creation_date: Instant,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl PartialEq for ResetRequest {
|
|
|
|
fn eq(&self, other: &Self) -> bool {
|
|
|
|
self.id == other.id
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[get("/password-reset")]
|
2019-04-30 12:04:25 +02:00
|
|
|
pub fn password_reset_request_form(rockets: PlumeRocket) -> Ructe {
|
2019-02-27 13:29:26 +01:00
|
|
|
render!(session::password_reset_request(
|
2019-04-30 12:04:25 +02:00
|
|
|
&rockets.to_context(),
|
2019-02-27 13:29:26 +01:00
|
|
|
&ResetForm::default(),
|
|
|
|
ValidationErrors::default()
|
|
|
|
))
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(FromForm, Validate, Default)]
|
|
|
|
pub struct ResetForm {
|
|
|
|
#[validate(email)]
|
|
|
|
pub email: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/password-reset", data = "<form>")]
|
|
|
|
pub fn password_reset_request(
|
2020-01-21 07:02:03 +01:00
|
|
|
mail: State<'_, Arc<Mutex<Mailer>>>,
|
2019-02-27 13:29:26 +01:00
|
|
|
form: Form<ResetForm>,
|
2019-04-30 12:04:25 +02:00
|
|
|
rockets: PlumeRocket,
|
2019-02-27 13:29:26 +01:00
|
|
|
) -> Ructe {
|
2019-06-04 20:55:17 +02:00
|
|
|
if User::find_by_email(&*rockets.conn, &form.email).is_ok() {
|
|
|
|
let token = PasswordResetRequest::insert(&*rockets.conn, &form.email)
|
|
|
|
.expect("password_reset_request::insert: error");
|
2019-02-27 13:29:26 +01:00
|
|
|
|
2019-06-04 20:55:17 +02:00
|
|
|
let url = format!("https://{}/password-reset/{}", CONFIG.base_url, token);
|
2019-02-27 13:29:26 +01:00
|
|
|
if let Some(message) = build_mail(
|
|
|
|
form.email.clone(),
|
2019-04-30 12:04:25 +02:00
|
|
|
i18n!(rockets.intl.catalog, "Password reset"),
|
2019-06-04 20:55:17 +02:00
|
|
|
i18n!(rockets.intl.catalog, "Here is the link to reset your password: {0}"; url),
|
2019-02-27 13:29:26 +01:00
|
|
|
) {
|
2019-03-19 14:37:56 +01:00
|
|
|
if let Some(ref mut mail) = *mail.lock().unwrap() {
|
2019-03-20 17:56:17 +01:00
|
|
|
mail.send(message.into())
|
2019-04-01 20:09:29 +02:00
|
|
|
.map_err(|_| eprintln!("Couldn't send password reset email"))
|
2019-03-20 17:56:17 +01:00
|
|
|
.ok();
|
|
|
|
}
|
2019-02-27 13:29:26 +01:00
|
|
|
}
|
|
|
|
}
|
2019-04-30 12:04:25 +02:00
|
|
|
render!(session::password_reset_request_ok(&rockets.to_context()))
|
2019-02-27 13:29:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#[get("/password-reset/<token>")]
|
2019-06-04 20:55:17 +02:00
|
|
|
pub fn password_reset_form(token: String, rockets: PlumeRocket) -> Result<Ructe, Ructe> {
|
|
|
|
PasswordResetRequest::find_by_token(&*rockets.conn, &token)
|
|
|
|
.map_err(|err| password_reset_error_response(err, &rockets))?;
|
|
|
|
|
2019-02-27 13:29:26 +01:00
|
|
|
Ok(render!(session::password_reset(
|
2019-04-30 12:04:25 +02:00
|
|
|
&rockets.to_context(),
|
2019-02-27 13:29:26 +01:00
|
|
|
&NewPasswordForm::default(),
|
|
|
|
ValidationErrors::default()
|
|
|
|
)))
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(FromForm, Default, Validate)]
|
2019-03-20 17:56:17 +01:00
|
|
|
#[validate(schema(
|
|
|
|
function = "passwords_match",
|
|
|
|
skip_on_field_errors = "false",
|
|
|
|
message = "Passwords are not matching"
|
|
|
|
))]
|
2019-02-27 13:29:26 +01:00
|
|
|
pub struct NewPasswordForm {
|
|
|
|
pub password: String,
|
|
|
|
pub password_confirmation: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
fn passwords_match(form: &NewPasswordForm) -> Result<(), ValidationError> {
|
|
|
|
if form.password != form.password_confirmation {
|
|
|
|
Err(ValidationError::new("password_match"))
|
|
|
|
} else {
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[post("/password-reset/<token>", data = "<form>")]
|
|
|
|
pub fn password_reset(
|
|
|
|
token: String,
|
2019-03-20 17:56:17 +01:00
|
|
|
form: Form<NewPasswordForm>,
|
2019-04-30 12:04:25 +02:00
|
|
|
rockets: PlumeRocket,
|
|
|
|
) -> Result<Flash<Redirect>, Ructe> {
|
2019-02-27 13:29:26 +01:00
|
|
|
form.validate()
|
2019-06-04 20:55:17 +02:00
|
|
|
.map_err(|err| render!(session::password_reset(&rockets.to_context(), &form, err)))?;
|
|
|
|
|
|
|
|
PasswordResetRequest::find_and_delete_by_token(&*rockets.conn, &token)
|
|
|
|
.and_then(|request| User::find_by_email(&*rockets.conn, &request.email))
|
|
|
|
.and_then(|user| user.reset_password(&*rockets.conn, &form.password))
|
|
|
|
.map_err(|err| password_reset_error_response(err, &rockets))?;
|
|
|
|
|
|
|
|
Ok(Flash::success(
|
|
|
|
Redirect::to(uri!(
|
|
|
|
new: m = _
|
|
|
|
)),
|
|
|
|
i18n!(
|
|
|
|
rockets.intl.catalog,
|
|
|
|
"Your password was successfully reset."
|
|
|
|
),
|
|
|
|
))
|
2019-02-27 13:29:26 +01:00
|
|
|
}
|
|
|
|
|
2019-06-04 20:55:17 +02:00
|
|
|
fn password_reset_error_response(err: Error, rockets: &PlumeRocket) -> Ructe {
|
|
|
|
match err {
|
|
|
|
Error::Expired => render!(session::password_reset_request_expired(
|
|
|
|
&rockets.to_context()
|
|
|
|
)),
|
|
|
|
_ => render!(errors::not_found(&rockets.to_context())),
|
|
|
|
}
|
2019-02-27 13:29:26 +01:00
|
|
|
}
|