Store password reset requests in database (#610)
* Store password reset requests in database Signed-off-by: Rob Watson <rfwatson@users.noreply.github.com> * Refactor password reset request expiry handling * Integrate sqlite * Fix formatting
This commit is contained in:
committed by
Baptiste Gelez
parent
e7126ae335
commit
4b205fa995
@@ -65,6 +65,7 @@ pub enum Error {
|
||||
Unauthorized,
|
||||
Url,
|
||||
Webfinger,
|
||||
Expired,
|
||||
}
|
||||
|
||||
impl From<bcrypt::BcryptError> for Error {
|
||||
@@ -367,6 +368,7 @@ pub mod medias;
|
||||
pub mod mentions;
|
||||
pub mod migrations;
|
||||
pub mod notifications;
|
||||
pub mod password_reset_requests;
|
||||
pub mod plume_rocket;
|
||||
pub mod post_authors;
|
||||
pub mod posts;
|
||||
|
||||
@@ -0,0 +1,164 @@
|
||||
use chrono::{offset::Utc, Duration, NaiveDateTime};
|
||||
use diesel::{ExpressionMethods, QueryDsl, RunQueryDsl};
|
||||
use schema::password_reset_requests;
|
||||
use {Connection, Error, Result};
|
||||
|
||||
#[derive(Clone, Identifiable, Queryable)]
|
||||
pub struct PasswordResetRequest {
|
||||
pub id: i32,
|
||||
pub email: String,
|
||||
pub token: String,
|
||||
pub expiration_date: NaiveDateTime,
|
||||
}
|
||||
|
||||
#[derive(Insertable)]
|
||||
#[table_name = "password_reset_requests"]
|
||||
pub struct NewPasswordResetRequest {
|
||||
pub email: String,
|
||||
pub token: String,
|
||||
pub expiration_date: NaiveDateTime,
|
||||
}
|
||||
|
||||
const TOKEN_VALIDITY_HOURS: i64 = 2;
|
||||
|
||||
impl PasswordResetRequest {
|
||||
pub fn insert(conn: &Connection, email: &str) -> Result<String> {
|
||||
// first, delete other password reset tokens associated with this email:
|
||||
let existing_requests =
|
||||
password_reset_requests::table.filter(password_reset_requests::email.eq(email));
|
||||
diesel::delete(existing_requests).execute(conn)?;
|
||||
|
||||
// now, generate a random token, set the expiry date,
|
||||
// and insert it into the DB:
|
||||
let token = plume_common::utils::random_hex();
|
||||
let expiration_date = Utc::now()
|
||||
.naive_utc()
|
||||
.checked_add_signed(Duration::hours(TOKEN_VALIDITY_HOURS))
|
||||
.expect("could not calculate expiration date");
|
||||
let new_request = NewPasswordResetRequest {
|
||||
email: email.to_owned(),
|
||||
token: token.clone(),
|
||||
expiration_date,
|
||||
};
|
||||
diesel::insert_into(password_reset_requests::table)
|
||||
.values(new_request)
|
||||
.execute(conn)
|
||||
.map_err(Error::from)?;
|
||||
|
||||
Ok(token)
|
||||
}
|
||||
|
||||
pub fn find_by_token(conn: &Connection, token: &str) -> Result<Self> {
|
||||
let token = password_reset_requests::table
|
||||
.filter(password_reset_requests::token.eq(token))
|
||||
.first::<Self>(conn)
|
||||
.map_err(Error::from)?;
|
||||
|
||||
if token.expiration_date < Utc::now().naive_utc() {
|
||||
return Err(Error::Expired);
|
||||
}
|
||||
|
||||
Ok(token)
|
||||
}
|
||||
|
||||
pub fn find_and_delete_by_token(conn: &Connection, token: &str) -> Result<Self> {
|
||||
let request = Self::find_by_token(&conn, &token)?;
|
||||
|
||||
let filter =
|
||||
password_reset_requests::table.filter(password_reset_requests::id.eq(request.id));
|
||||
diesel::delete(filter).execute(conn)?;
|
||||
|
||||
Ok(request)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use diesel::Connection;
|
||||
use tests::db;
|
||||
use users::tests as user_tests;
|
||||
|
||||
#[test]
|
||||
fn test_insert_and_find_password_reset_request() {
|
||||
let conn = db();
|
||||
conn.test_transaction::<_, (), _>(|| {
|
||||
user_tests::fill_database(&conn);
|
||||
let admin_email = "admin@example.com";
|
||||
|
||||
let token = PasswordResetRequest::insert(&conn, admin_email)
|
||||
.expect("couldn't insert new request");
|
||||
let request = PasswordResetRequest::find_by_token(&conn, &token)
|
||||
.expect("couldn't retrieve request");
|
||||
|
||||
assert!(&token.len() > &32);
|
||||
assert_eq!(&request.email, &admin_email);
|
||||
|
||||
Ok(())
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_insert_delete_previous_password_reset_request() {
|
||||
let conn = db();
|
||||
conn.test_transaction::<_, (), _>(|| {
|
||||
user_tests::fill_database(&conn);
|
||||
let admin_email = "admin@example.com";
|
||||
|
||||
PasswordResetRequest::insert(&conn, &admin_email).expect("couldn't insert new request");
|
||||
PasswordResetRequest::insert(&conn, &admin_email)
|
||||
.expect("couldn't insert second request");
|
||||
|
||||
let count = password_reset_requests::table.count().get_result(&*conn);
|
||||
assert_eq!(Ok(1), count);
|
||||
|
||||
Ok(())
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_find_password_reset_request_by_token_time() {
|
||||
let conn = db();
|
||||
conn.test_transaction::<_, (), _>(|| {
|
||||
user_tests::fill_database(&conn);
|
||||
let admin_email = "admin@example.com";
|
||||
let token = "abcdef";
|
||||
let now = Utc::now().naive_utc();
|
||||
|
||||
diesel::insert_into(password_reset_requests::table)
|
||||
.values((
|
||||
password_reset_requests::email.eq(&admin_email),
|
||||
password_reset_requests::token.eq(&token),
|
||||
password_reset_requests::expiration_date.eq(now),
|
||||
))
|
||||
.execute(&*conn)
|
||||
.expect("could not insert request");
|
||||
|
||||
match PasswordResetRequest::find_by_token(&conn, &token) {
|
||||
Err(Error::Expired) => (),
|
||||
_ => panic!("Received unexpected result finding expired token"),
|
||||
}
|
||||
|
||||
Ok(())
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_find_and_delete_password_reset_request() {
|
||||
let conn = db();
|
||||
conn.test_transaction::<_, (), _>(|| {
|
||||
user_tests::fill_database(&conn);
|
||||
let admin_email = "admin@example.com";
|
||||
|
||||
let token = PasswordResetRequest::insert(&conn, &admin_email)
|
||||
.expect("couldn't insert new request");
|
||||
PasswordResetRequest::find_and_delete_by_token(&conn, &token)
|
||||
.expect("couldn't find and delete request");
|
||||
|
||||
let count = password_reset_requests::table.count().get_result(&*conn);
|
||||
assert_eq!(Ok(0), count);
|
||||
|
||||
Ok(())
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -141,6 +141,15 @@ table! {
|
||||
}
|
||||
}
|
||||
|
||||
table! {
|
||||
password_reset_requests (id) {
|
||||
id -> Int4,
|
||||
email -> Varchar,
|
||||
token -> Varchar,
|
||||
expiration_date -> Timestamp,
|
||||
}
|
||||
}
|
||||
|
||||
table! {
|
||||
post_authors (id) {
|
||||
id -> Int4,
|
||||
@@ -247,6 +256,7 @@ allow_tables_to_appear_in_same_query!(
|
||||
medias,
|
||||
mentions,
|
||||
notifications,
|
||||
password_reset_requests,
|
||||
post_authors,
|
||||
posts,
|
||||
reshares,
|
||||
|
||||
Reference in New Issue
Block a user