feat(reset_password): add invitation and reset password activation basic flow

lib/http_server/src/controllers/ui/mod.rs

@@ -6,3 +6,4 @@ pub mod me;
 pub mod logout;
 pub mod user_panel;
 pub mod apps;
+pub mod reset_password;

lib/http_server/src/controllers/ui/register.rs

@@ -51,7 +51,7 @@ pub async fn perform_register(
         password_hash,
         status: UserStatus::Active,
         roles: Json(Vec::new()), // take the default role in the config
-        activation_token: None,
+        reset_password_token: None,
         created_at: Utc::now(),
         website: None,
         last_login_at: None

lib/http_server/src/controllers/ui/reset_password.rs

@@ -0,0 +1,139 @@
+use axum::{extract::{MatchedPath, Query, State}, http::StatusCode, response::{Html, IntoResponse, Redirect}, Extension, Form};
+use log::{error, info};
+use serde::{Deserialize, Serialize};
+use minijinja::context;
+use fully_pub::fully_pub;
+
+use crate::{renderer::TemplateRenderer, AppState};
+
+use kernel::models::user::{User, UserStatus};
+use utils::get_password_hash;
+
+#[derive(Debug, Deserialize, Serialize)]
+#[fully_pub]
+enum ResetPasswordReason {
+    LostPassword,
+    Invitation
+}
+
+#[derive(Debug, Deserialize, Serialize)]
+#[fully_pub]
+struct ResetPasswordQueryParams {
+    token: String
+}
+
+pub async fn reset_password_form(
+    State(app_state): State<AppState>,
+    path: MatchedPath,
+    Extension(renderer): Extension<TemplateRenderer>,
+    Query(query_params): Query<ResetPasswordQueryParams>
+) -> impl IntoResponse {
+    let reason: ResetPasswordReason = match path.as_str() {
+        "/invitation" => ResetPasswordReason::Invitation,
+        "/reset-password" => ResetPasswordReason::LostPassword,
+        _ => unreachable!()
+    };
+    // 1. Verify token
+    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
+        .bind(&query_params.token)
+        .fetch_one(&app_state.db.0)
+        .await;
+    let _user = match user_res {
+        Ok(u) => u,
+        Err(sqlx::Error::RowNotFound) => {
+            return (
+                StatusCode::BAD_REQUEST,
+                Html("Invalid reset password token.")
+            ).into_response();
+        },
+        Err(err) => {
+            error!("Failed to retreive user from reset password token. {}", err);
+            return (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Html("Internal server error: Failed to retreive user.")
+            ).into_response();
+        }
+    };
+    renderer.render(
+        "pages/reset_password",
+        context!(
+            reason => reason,
+            token => query_params.token,
+        )
+    ).into_response()
+}
+
+
+#[derive(Debug, Deserialize)]
+#[fully_pub]
+struct ResetPasswordForm {
+    token: String,
+    password: String,
+    password_confirmation: String
+}
+
+pub async fn perform_reset_password(
+    State(app_state): State<AppState>,
+    Form(reset_form): Form<ResetPasswordForm>
+) -> impl IntoResponse {
+    // 1. Verify token
+    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
+        .bind(&reset_form.token)
+        .fetch_one(&app_state.db.0)
+        .await;
+    let user = match user_res {
+        Ok(u) => u,
+        Err(sqlx::Error::RowNotFound) => {
+            return (
+                StatusCode::BAD_REQUEST,
+                Html("Invalid reset password token.")
+            ).into_response();
+        },
+        Err(err) => {
+            error!("Failed to retreive user from reset password token. {}", err);
+            return (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Html("Internal server error: Failed to retreive user.")
+            ).into_response();
+        }
+    };
+    if reset_form.password != reset_form.password_confirmation {
+        return (
+            StatusCode::BAD_REQUEST,
+            Html("Form data error: The two passwords are differents.")
+        ).into_response();
+    }
+
+    let password_hash = Some(
+        get_password_hash(reset_form.password)
+            .expect("To process password").1
+    );
+    if user.status == UserStatus::Invited {
+        info!("The password of an Invited user was set: activation of user account");
+        // TODO: send welcome email
+    }
+    let res = sqlx::query("UPDATE users
+            SET password_hash = $2, status = $3, reset_password_token = NULL
+            WHERE id = $1
+        ")
+        .bind(user.id)
+        .bind(password_hash)
+        .bind(UserStatus::Active)
+        .execute(&app_state.db.0)
+        .await;
+    match res {
+        Err(err) => {
+            error!("Cannot update user: {}", err);
+            return (
+                StatusCode::INTERNAL_SERVER_ERROR,
+                Html("Internal server error: Failed to update user.")
+            ).into_response();
+        },
+        Ok(_v) => {
+            info!("Changed user's password successfuly.");
+        }
+    };
+    // TODO: add either "Successfully changed password" or "Account enabled successfully" message 
+    Redirect::to("/login").into_response()
+}
+

lib/http_server/src/router.rs

@@ -19,6 +19,9 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
         .route("/register", post(ui::register::perform_register))
         .route("/login", get(ui::login::login_form))
         .route("/login", post(ui::login::perform_login))
+        .route("/invitation", get(ui::reset_password::reset_password_form))
+        .route("/reset-password", get(ui::reset_password::reset_password_form))
+        .route("/reset-password", post(ui::reset_password::perform_reset_password))
         .layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
         .layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));
 

lib/http_server/src/templates/pages/error.html

@@ -0,0 +1,11 @@
+{% extends "layouts/base.html" %}
+{% block body %}
+<h1>Internal server error</h1>
+
+{% if error %}
+<div class="alert alert-danger">
+    We are sorry. We've rencountered an unrecoverable error.
+</div>
+{% endif %}
+{% endblock %}
+

lib/http_server/src/templates/pages/reset_password.html

@@ -0,0 +1,54 @@
+{% extends "layouts/base.html" %}
+{% block body %}
+{% if reason == "Invitation" %}
+<h1>Invitation</h1>
+{% endif %}
+{% if reason == "LostPassword" %}
+<h1>Reset your password</h1>
+{% endif %}
+<!-- Reset password form -->
+{% if error %}
+<div class="alert alert-danger">
+    Error: {{ error }}
+</div>
+{% endif %}
+{% if info %}
+<div class="alert alert-info">
+    Info: {{ info }}
+</div>
+{% endif %}
+{% if reason == "Invitation" %}
+<p>
+    Pour activer votre compte, veuillez définir votre mot de passe.
+</p>
+{% endif %}
+{% if reason == "LostPassword" %}
+<p>
+    Votre mot de passe est perdu, veuillez définir un nouveau mot de passe.
+</p>
+{% endif %}
+<form id="reset-password-form" method="post" action="/reset-password">
+    <div class="mb-3">
+        <label for="password" class="form-label">New password</label>
+        <input
+            id="password" name="password" type="password"
+            required
+            class="form-control"
+        />
+    </div>
+    <div class="mb-3">
+        <label for="password" class="form-label">New password confirmation</label>
+        <input
+            id="password_confirmation" name="password_confirmation" type="password"
+            required
+            class="form-control"
+        />
+    </div>
+    <input
+        id="token" name="token" type="hidden"
+        value="{{ token }}"
+    />
+
+    <button type="submit" class="btn btn-primary">Change password</button>
+</form>
+{% endblock %}