WIP

2024-12-02 18:39:00 +01:00 · 2024-12-02 18:39:00 +01:00 · f6b38ae977
commit f6b38ae977
parent b956bdbf05
9 changed files with 219 additions and 12 deletions
--- a/docs/draft.md
+++ b/docs/draft.md
@ -7,3 +7,15 @@ https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path
 ## Oauth2 test

 -> authorize
+
+# User flow
+
+## Invitation
+
+- Create invite
+- GET /invitation?token=blabla
+- GET /reset-password?token=blabla
+- POST /reset-password
+    - we verify if we have an activation token
+    - if we have an activation token on the user, we remove the activation token and we declare the user as registered
+    - redirect to login page
--- a/lib/http_server/src/controllers/ui/invitation.rs
+++ b/lib/http_server/src/controllers/ui/invitation.rs
@ -0,0 +1,49 @@
+use axum::{extract::State, http::StatusCode, response::{Html, IntoResponse, Redirect}, Extension};
+use kernel::models::user::User;
+use log::error;
+use minijinja::context;
+use sqlx::query::Query;
+
+use crate::{renderer::TemplateRenderer, AppState};
+
+
+#[derive(Debug, Serialize, Deserialize)]
+#[fully_pub]
+/// query params described in [RFC6749 section 4.1.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1)
+struct InvitationParams {
+    invitation_token: String
+}
+
+pub async fn use_invitation(
+    State(app_state): State<AppState>,
+    Extension(renderer): Extension<TemplateRenderer>,
+    query_params: Query<InvitationParams>
+) -> impl IntoResponse {
+    // 1. verify activation token
+    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE activation_token = $1")
+        .bind(&query_params.invitation_token)
+        .fetch_one(&app_state.db.0)
+        .await;
+    let user = match user_res {
+        Ok(u) => u,
+        Err(sqlx::Error::RowNotFound) => {
+            return (
+                StatusCode::BAD_REQUEST,
+                Html("Could not find invitation token.")
+            ).into_response();
+        },
+        Err(err) => {
+            error!("Failed to retreive user from invitation token.");
+
+        }
+    };
+    // 2. redirect to reset password page
+    let target_url = format!(
+        "/reset-password?{}",
+        serde_urlencoded::to_string(&[
+            ("reset_password_token", reset_password_token.to_string())
+        ]).expect("To encode URI")
+    );
+    return Redirect::to(&target_url);
+}
+
--- a/lib/http_server/src/controllers/ui/mod.rs
+++ b/lib/http_server/src/controllers/ui/mod.rs
@ -6,3 +6,5 @@ pub mod me;
 pub mod logout;
 pub mod user_panel;
 pub mod apps;
+pub mod invitation;
+pub mod reset_password;
--- a/lib/http_server/src/controllers/ui/reset_password.rs
+++ b/lib/http_server/src/controllers/ui/reset_password.rs
@ -0,0 +1,87 @@
+use axum::{extract::State, http::StatusCode, response::{Html, IntoResponse}, Extension, Form};
+use chrono::{SecondsFormat, Utc};
+use log::{error, info, warn};
+use serde::Deserialize;
+use minijinja::context;
+use fully_pub::fully_pub;
+use sqlx::types::Json;
+use uuid::Uuid;
+
+use crate::{renderer::TemplateRenderer, AppState};
+
+use kernel::models::user::{User, UserStatus};
+use utils::get_password_hash;
+
+pub async fn reset_password_form(
+    State(app_state): State<AppState>
+) -> impl IntoResponse {
+    Html(
+        app_state.templating_env.get_template("pages/reset_password.html").unwrap()
+            .render(context!())
+            .unwrap()
+    )
+}
+
+
+#[derive(Debug, Deserialize)]
+#[fully_pub]
+struct ResetPasswordForm {
+    token: String,
+    password: String,
+    password_confirmation: String
+}
+
+pub async fn perform_reset_password(
+    State(app_state): State<AppState>,
+    Extension(renderer): Extension<TemplateRenderer>,
+    Form(reset_form): Form<ResetPasswordForm>
+) -> impl IntoResponse {
+    // 1. Verify token
+    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
+        .bind(&reset_form.token)
+        .fetch_one(&app_state.db.0)
+        .await;
+    let user = match user_res {
+        Ok(u) => u,
+        Err(sqlx::Error::RowNotFound) => {
+            return (
+                StatusCode::BAD_REQUEST,
+                Html("Could not find reset token.")
+            ).into_response();
+        },
+        Err(err) => {
+            error!("Failed to retreive user from reset password token.");
+        }
+    };
+
+    let password_hash = Some(
+        get_password_hash(register.password)
+            .expect("To process password").1
+    );
+    // save in DB
+    let res = sqlx::query("UPDATE users
+            SET password_hash = $2, password_reset_token = NULL
+            WHERE password_reset_token = $1
+        ")
+        .bind(user.id)
+        .bind(password_hash)
+        .execute(&app_state.db.0)
+        .await;
+    match res {
+        Err(err) => {
+            error!("Cannot register user: {}", err);
+            return renderer.render_with_status(
+                StatusCode::INTERNAL_SERVER_ERROR,
+                "pages/error",
+                context!(error => true)
+            )
+        },
+        Ok(_v) => {
+            info!("Change password of user successfuly.");
+        }
+    };
+
+    Redirect::to("/login")
+}
+
+
--- a/lib/http_server/src/router.rs
+++ b/lib/http_server/src/router.rs
@ -19,6 +19,9 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
        .route("/register", post(ui::register::perform_register))
        .route("/login", get(ui::login::login_form))
        .route("/login", post(ui::login::perform_login))
+        .route("/invitation", get(ui::invitation::use_invitation))
+        .route("/reset-password", get(ui::reset_password::reset_password_form))
+        .route("/reset-passwrod", post(ui::reset_password::perform_reset_password))
        .layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
        .layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));

--- a/lib/http_server/src/templates/pages/error.html
+++ b/lib/http_server/src/templates/pages/error.html
@ -0,0 +1,11 @@
+{% extends "layouts/base.html" %}
+{% block body %}
+<h1>Internal server error</h1>
+
+{% if error %}
+<div class="alert alert-danger">
+    We are sorry. We've rencountered an unrecoverable error.
+</div>
+{% endif }
+{% endblock %}
+
--- a/lib/http_server/src/templates/pages/reset_password.html
+++ b/lib/http_server/src/templates/pages/reset_password.html
@ -0,0 +1,35 @@
+{% extends "layouts/base.html" %}
+{% block body %}
+<h1>{{ title }}</h1>
+<!-- Reset password form -->
+{% if error %}
+<div class="alert alert-danger">
+    Error: {{ error }}
+</div>
+{% endif %}
+{% if info %}
+<div class="alert alert-info">
+    Info: {{ info }}
+</div>
+{% endif %}
+<form id="reset-password-form" method="post">
+    <div class="mb-3">
+        <label for="password" class="form-label">New password</label>
+        <input
+            id="password" name="password" type="password"
+            required
+            class="form-control"
+        />
+    </div>
+    <div class="mb-3">
+        <label for="password" class="form-label">New password confirmation</label>
+        <input
+            id="password_confirmation" name="password_confirmation" type="password"
+            required
+            class="form-control"
+        />
+    </div>
+
+    <button type="submit" class="btn btn-primary">Change password</button>
+</form>
+{% endblock %}
--- a/migrations/all.sql
+++ b/migrations/all.sql
@ -1,18 +1,19 @@
 DROP TABLE IF EXISTS users;
 CREATE TABLE users (
-    id                  TEXT PRIMARY KEY,
-    handle              TEXT NOT NULL UNIQUE,
-    full_name           TEXT,
-    email               TEXT UNIQUE,
-    website             TEXT,
-    picture             BLOB,
-    roles               TEXT NOT NULL, -- json array of user roles
+    id                   TEXT PRIMARY KEY,
+    handle               TEXT NOT NULL UNIQUE,
+    full_name            TEXT,
+    email                TEXT UNIQUE,
+    website              TEXT,
+    picture              BLOB,
+    roles                TEXT NOT NULL, -- json array of user roles

-    status              TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
-    password_hash       TEXT,
-    activation_token    TEXT,
-    last_login_at       DATETIME,
-    created_at          DATETIME NOT NULL
+    status               TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
+    password_hash        TEXT,
+    activation_token     TEXT,
+    reset_password_token TEXT,
+    last_login_at        DATETIME,
+    created_at           DATETIME NOT NULL
 );

 DROP TABLE IF EXISTS authorizations;
--- a/tests/manual/create_test_user.sql
+++ b/tests/manual/create_test_user.sql
@ -3,3 +3,10 @@ INSERT INTO users
    VALUES
    ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');

+
+INSERT INTO users
+    (id, handle, email, roles, status, activation_token, created_at)
+    VALUES
+    ('30991ade-755e-453c-bdbb-53337376059', 'new_user', 'new-user@example.org', '[]', 'Disabled',
+    'A909-Z439-L128-O328', '2024-11-30T00:00:00Z');
+