Plume/plume-models/src/password_reset_requests.rs
Rob Watson 4b205fa995 Store password reset requests in database (#610)
* Store password reset requests in database

Signed-off-by: Rob Watson <rfwatson@users.noreply.github.com>

* Refactor password reset request expiry handling

* Integrate sqlite

* Fix formatting
2019-06-04 19:55:17 +01:00

165 lines
5.3 KiB
Rust

use chrono::{offset::Utc, Duration, NaiveDateTime};
use diesel::{ExpressionMethods, QueryDsl, RunQueryDsl};
use schema::password_reset_requests;
use {Connection, Error, Result};
#[derive(Clone, Identifiable, Queryable)]
pub struct PasswordResetRequest {
pub id: i32,
pub email: String,
pub token: String,
pub expiration_date: NaiveDateTime,
}
#[derive(Insertable)]
#[table_name = "password_reset_requests"]
pub struct NewPasswordResetRequest {
pub email: String,
pub token: String,
pub expiration_date: NaiveDateTime,
}
const TOKEN_VALIDITY_HOURS: i64 = 2;
impl PasswordResetRequest {
pub fn insert(conn: &Connection, email: &str) -> Result<String> {
// first, delete other password reset tokens associated with this email:
let existing_requests =
password_reset_requests::table.filter(password_reset_requests::email.eq(email));
diesel::delete(existing_requests).execute(conn)?;
// now, generate a random token, set the expiry date,
// and insert it into the DB:
let token = plume_common::utils::random_hex();
let expiration_date = Utc::now()
.naive_utc()
.checked_add_signed(Duration::hours(TOKEN_VALIDITY_HOURS))
.expect("could not calculate expiration date");
let new_request = NewPasswordResetRequest {
email: email.to_owned(),
token: token.clone(),
expiration_date,
};
diesel::insert_into(password_reset_requests::table)
.values(new_request)
.execute(conn)
.map_err(Error::from)?;
Ok(token)
}
pub fn find_by_token(conn: &Connection, token: &str) -> Result<Self> {
let token = password_reset_requests::table
.filter(password_reset_requests::token.eq(token))
.first::<Self>(conn)
.map_err(Error::from)?;
if token.expiration_date < Utc::now().naive_utc() {
return Err(Error::Expired);
}
Ok(token)
}
pub fn find_and_delete_by_token(conn: &Connection, token: &str) -> Result<Self> {
let request = Self::find_by_token(&conn, &token)?;
let filter =
password_reset_requests::table.filter(password_reset_requests::id.eq(request.id));
diesel::delete(filter).execute(conn)?;
Ok(request)
}
}
#[cfg(test)]
mod tests {
use super::*;
use diesel::Connection;
use tests::db;
use users::tests as user_tests;
#[test]
fn test_insert_and_find_password_reset_request() {
let conn = db();
conn.test_transaction::<_, (), _>(|| {
user_tests::fill_database(&conn);
let admin_email = "admin@example.com";
let token = PasswordResetRequest::insert(&conn, admin_email)
.expect("couldn't insert new request");
let request = PasswordResetRequest::find_by_token(&conn, &token)
.expect("couldn't retrieve request");
assert!(&token.len() > &32);
assert_eq!(&request.email, &admin_email);
Ok(())
});
}
#[test]
fn test_insert_delete_previous_password_reset_request() {
let conn = db();
conn.test_transaction::<_, (), _>(|| {
user_tests::fill_database(&conn);
let admin_email = "admin@example.com";
PasswordResetRequest::insert(&conn, &admin_email).expect("couldn't insert new request");
PasswordResetRequest::insert(&conn, &admin_email)
.expect("couldn't insert second request");
let count = password_reset_requests::table.count().get_result(&*conn);
assert_eq!(Ok(1), count);
Ok(())
});
}
#[test]
fn test_find_password_reset_request_by_token_time() {
let conn = db();
conn.test_transaction::<_, (), _>(|| {
user_tests::fill_database(&conn);
let admin_email = "admin@example.com";
let token = "abcdef";
let now = Utc::now().naive_utc();
diesel::insert_into(password_reset_requests::table)
.values((
password_reset_requests::email.eq(&admin_email),
password_reset_requests::token.eq(&token),
password_reset_requests::expiration_date.eq(now),
))
.execute(&*conn)
.expect("could not insert request");
match PasswordResetRequest::find_by_token(&conn, &token) {
Err(Error::Expired) => (),
_ => panic!("Received unexpected result finding expired token"),
}
Ok(())
});
}
#[test]
fn test_find_and_delete_password_reset_request() {
let conn = db();
conn.test_transaction::<_, (), _>(|| {
user_tests::fill_database(&conn);
let admin_email = "admin@example.com";
let token = PasswordResetRequest::insert(&conn, &admin_email)
.expect("couldn't insert new request");
PasswordResetRequest::find_and_delete_by_token(&conn, &token)
.expect("couldn't find and delete request");
let count = password_reset_requests::table.count().get_result(&*conn);
assert_eq!(Ok(0), count);
Ok(())
});
}
}