mbess/minauthator
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Activity Actions

WIP

Browse source
This commit is contained in:
Matthieu Bessat 2024-12-02 18:39:00 +01:00
parent b956bdbf05
commit f6b38ae977
9 changed files with 219 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/draft.md
View file

@ -7,3 +7,15 @@ https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path
## Oauth2 test
-> authorize
# User flow
## Invitation
- Create invite
- GET /invitation?token=blabla
- GET /reset-password?token=blabla
- POST /reset-password
- we verify if we have an activation token
- if we have an activation token on the user, we remove the activation token and we declare the user as registered
- redirect to login page

49
lib/http_server/src/controllers/ui/invitation.rs Normal file
View file

@ -0,0 +1,49 @@
use axum::{extract::State, http::StatusCode, response::{Html, IntoResponse, Redirect}, Extension};
use kernel::models::user::User;
use log::error;
use minijinja::context;
use sqlx::query::Query;
use crate::{renderer::TemplateRenderer, AppState};
#[derive(Debug, Serialize, Deserialize)]
#[fully_pub]
/// query params described in [RFC6749 section 4.1.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1)
struct InvitationParams {
invitation_token: String
}
pub async fn use_invitation(
State(app_state): State<AppState>,
Extension(renderer): Extension<TemplateRenderer>,
query_params: Query<InvitationParams>
) -> impl IntoResponse {
// 1. verify activation token
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE activation_token = $1")
.bind(&query_params.invitation_token)
.fetch_one(&app_state.db.0)
.await;
let user = match user_res {
Ok(u) => u,
Err(sqlx::Error::RowNotFound) => {
return (
StatusCode::BAD_REQUEST,
Html("Could not find invitation token.")
).into_response();
},
Err(err) => {
error!("Failed to retreive user from invitation token.");
}
};
// 2. redirect to reset password page
let target_url = format!(
"/reset-password?{}",
serde_urlencoded::to_string(&[
("reset_password_token", reset_password_token.to_string())
]).expect("To encode URI")
);
return Redirect::to(&target_url);
}

2
lib/http_server/src/controllers/ui/mod.rs
View file

@ -6,3 +6,5 @@ pub mod me;
pub mod logout;
pub mod user_panel;
pub mod apps;
pub mod invitation;
pub mod reset_password;

87
lib/http_server/src/controllers/ui/reset_password.rs Normal file
View file

@ -0,0 +1,87 @@
use axum::{extract::State, http::StatusCode, response::{Html, IntoResponse}, Extension, Form};
use chrono::{SecondsFormat, Utc};
use log::{error, info, warn};
use serde::Deserialize;
use minijinja::context;
use fully_pub::fully_pub;
use sqlx::types::Json;
use uuid::Uuid;
use crate::{renderer::TemplateRenderer, AppState};
use kernel::models::user::{User, UserStatus};
use utils::get_password_hash;
pub async fn reset_password_form(
State(app_state): State<AppState>
) -> impl IntoResponse {
Html(
app_state.templating_env.get_template("pages/reset_password.html").unwrap()
.render(context!())
.unwrap()
)
}
#[derive(Debug, Deserialize)]
#[fully_pub]
struct ResetPasswordForm {
token: String,
password: String,
password_confirmation: String
}
pub async fn perform_reset_password(
State(app_state): State<AppState>,
Extension(renderer): Extension<TemplateRenderer>,
Form(reset_form): Form<ResetPasswordForm>
) -> impl IntoResponse {
// 1. Verify token
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
.bind(&reset_form.token)
.fetch_one(&app_state.db.0)
.await;
let user = match user_res {
Ok(u) => u,
Err(sqlx::Error::RowNotFound) => {
return (
StatusCode::BAD_REQUEST,
Html("Could not find reset token.")
).into_response();
},
Err(err) => {
error!("Failed to retreive user from reset password token.");
}
};
let password_hash = Some(
get_password_hash(register.password)
.expect("To process password").1
);
// save in DB
let res = sqlx::query("UPDATE users
SET password_hash = $2, password_reset_token = NULL
WHERE password_reset_token = $1
")
.bind(user.id)
.bind(password_hash)
.execute(&app_state.db.0)
.await;
match res {
Err(err) => {
error!("Cannot register user: {}", err);
return renderer.render_with_status(
StatusCode::INTERNAL_SERVER_ERROR,
"pages/error",
context!(error => true)
)
},
Ok(_v) => {
info!("Change password of user successfuly.");
}
};
Redirect::to("/login")
}

3
lib/http_server/src/router.rs
View file

@ -19,6 +19,9 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
.route("/register", post(ui::register::perform_register))
.route("/login", get(ui::login::login_form))
.route("/login", post(ui::login::perform_login))
.route("/invitation", get(ui::invitation::use_invitation))
.route("/reset-password", get(ui::reset_password::reset_password_form))
.route("/reset-passwrod", post(ui::reset_password::perform_reset_password))
.layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
.layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));

11
lib/http_server/src/templates/pages/error.html Normal file
View file

@ -0,0 +1,11 @@
{% extends "layouts/base.html" %}
{% block body %}
<h1>Internal server error</h1>
{% if error %}
<div class="alert alert-danger">
We are sorry. We've rencountered an unrecoverable error.
</div>
{% endif }
{% endblock %}

35
lib/http_server/src/templates/pages/reset_password.html Normal file
View file

@ -0,0 +1,35 @@
{% extends "layouts/base.html" %}
{% block body %}
<h1>{{ title }}</h1>
<!-- Reset password form -->
{% if error %}
<div class="alert alert-danger">
Error: {{ error }}
</div>
{% endif %}
{% if info %}
<div class="alert alert-info">
Info: {{ info }}
</div>
{% endif %}
<form id="reset-password-form" method="post">
<div class="mb-3">
<label for="password" class="form-label">New password</label>
<input
id="password" name="password" type="password"
required
class="form-control"
/>
</div>
<div class="mb-3">
<label for="password" class="form-label">New password confirmation</label>
<input
id="password_confirmation" name="password_confirmation" type="password"
required
class="form-control"
/>
</div>
<button type="submit" class="btn btn-primary">Change password</button>
</form>
{% endblock %}

25
migrations/all.sql
View file

@ -1,18 +1,19 @@
DROP TABLE IF EXISTS users;
CREATE TABLE users (
id TEXT PRIMARY KEY,
handle TEXT NOT NULL UNIQUE,
full_name TEXT,
email TEXT UNIQUE,
website TEXT,
picture BLOB,
roles TEXT NOT NULL, -- json array of user roles
id TEXT PRIMARY KEY,
handle TEXT NOT NULL UNIQUE,
full_name TEXT,
email TEXT UNIQUE,
website TEXT,
picture BLOB,
roles TEXT NOT NULL, -- json array of user roles
status TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
password_hash TEXT,
activation_token TEXT,
last_login_at DATETIME,
created_at DATETIME NOT NULL
status TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
password_hash TEXT,
activation_token TEXT,
reset_password_token TEXT,
last_login_at DATETIME,
created_at DATETIME NOT NULL
);
DROP TABLE IF EXISTS authorizations;

7
tests/manual/create_test_user.sql
View file

@ -3,3 +3,10 @@ INSERT INTO users
VALUES
('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');
INSERT INTO users
(id, handle, email, roles, status, activation_token, created_at)
VALUES
('30991ade-755e-453c-bdbb-53337376059', 'new_user', 'new-user@example.org', '[]', 'Disabled',
'A909-Z439-L128-O328', '2024-11-30T00:00:00Z');