WIP

Cargo.lock

@@ -27,7 +27,6 @@ dependencies = [
  "fully_pub",
  "kernel",
  "log",
- "thiserror 2.0.3",
  "tokio",
 ]
 
@@ -971,7 +970,6 @@ dependencies = [
  "sqlx",
  "strum",
  "strum_macros",
- "thiserror 2.0.3",
  "time",
  "tokio",
  "tower-http",
@@ -1262,7 +1260,6 @@ dependencies = [
  "sqlx",
  "strum",
  "strum_macros",
- "thiserror 2.0.3",
  "toml",
  "url",
  "utils",

Cargo.toml

@@ -14,7 +14,6 @@ members = [
 [workspace.dependencies]
 # commons utils
 anyhow = "1.0"
-thiserror = "2"
 fully_pub = "0.1"
 strum = "0.26.3"
 strum_macros = "0.26"

admin.sh

@@ -1,3 +0,0 @@
-#!/usr/bin/sh
-
-cargo run -q --bin minauthator-admin -- --config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets $@

docs/draft.md

@@ -7,47 +7,3 @@ https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path
 ## Oauth2 test
 
 -> authorize
-
-# User flow
-
-## Invitation flow
-
-- Create invite
-    - generate A random
-    - user.reset_password_token = A
-    - user.status = "Invited"
-    - Send email with link to https://instance/reset-password?token=A&reason=invitation
-- GET /reset-password?token=A&reason=invitation
-    - verification of token
-    - show form
-- POST /reset-password
-    - BODY: with params token
-    - check token validity
-    - set new password hash
-    - if user.status == "invited"
-        - enable new account (user.status = "active")
-        - send welcome email
-    - redirect to login page with a message
-        - we need to redirect to the login page, so the user remember how to login later, and can
-        verify the setup of his/her password manager.
-
-We can instead send link to https://instance/invitation?token=A
-
-## Reset password flow
-
-- Reset password request
-    - generate A random
-    - user.reset_password_token = A
-    - Send email with link to https://instance/reset-password?token=A&reason=lost_password
-- GET /reset-password?token=A&reason=lost_password
-    - verification of token
-    - show form
-- POST /reset-password
-    - BODY: with params token
-    - check token validity
-    - set new password hash
-    - redirect to login page with a message
-        - we need to redirect to the login page, so the user remember how to login later, and can
-        verify the setup of his/her password manager.
-
-We can instead send link to https://instance/reset-password?token=A

justfile

@@ -1,15 +1,12 @@
 export RUST_BACKTRACE := "1"
 export RUST_LOG := "trace"
-export CONTEXT_ARGS := "--config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets"
+export RUN_ARGS := "run --bin minauthator-server -- --config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets"
 
-watch-server:
+watch-run:
-    cargo-watch -x "run --bin minauthator-server -- $CONTEXT_ARGS"
+    cargo-watch -x "$RUN_ARGS"
 
-server:
+run:
-    cargo run --bin minauthator-server -- $CONTEXT_ARGS
+    cargo $RUN_ARGS
-
-admin:
-    cargo run --bin minauthator-admin -- $CONTEXT_ARGS
 
 docker-run:
     docker run -p 3085:8080 -v ./tmp/docker/config:/etc/minauthator -v ./tmp/docker/db:/var/lib/minauthator minauthator

lib/admin_cli/Cargo.toml

@@ -8,7 +8,6 @@ path = "src/main.rs"
 
 [dependencies]
 anyhow = { workspace = true }
-thiserror = { workspace = true }
 fully_pub = { workspace = true }
 argh = { workspace = true }
 tokio = { workspace = true }

lib/admin_cli/src/commands/mod.rs

@@ -1 +0,0 @@
-pub mod users;

lib/admin_cli/src/commands/users.rs

@@ -1,115 +0,0 @@
-use anyhow::{Context, Result};
-use argh::FromArgs;
-use fully_pub::fully_pub;
-use kernel::{context::KernelContext, models::user::User, repositories::users::get_users};
-use log::info;
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "create",
-    description = "Create user in DB."
-)]
-struct CreateUserCommand {
-    /// aka login, username
-    #[argh(option)]
-    handle: String,
-
-    /// displayed name (eg. first name and last name)
-    #[argh(option)]
-    full_name: Option<String>,
-
-    /// use to identify and prove user identity
-    /// formated as specified in RFC 2821, RFC 3696
-    #[argh(option)]
-    email: String,
-
-    /// if true, create an invitation token
-    #[argh(switch)]
-    invite: bool
-}
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "delete",
-    description = "Delete user in DB."
-)]
-struct DeleteUserCommand {
-    /// delete by user Uuid
-    #[argh(option)]
-    id: String
-}
-
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "list",
-    description = "List users in DB."
-)]
-struct ListUsersCommand {
-    /// how many users to return
-    #[argh(option)]
-    limit: Option<usize>,
-}
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(subcommand)]
-enum UsersSubCommands {
-    Create(CreateUserCommand),
-    List(ListUsersCommand),
-    Delete(DeleteUserCommand),
-}
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "users",
-    description = "Manage instance users."
-)]
-struct UsersCommand {
-    #[argh(subcommand)]
-    nested: UsersSubCommands,
-}
-
-
-pub async fn list_users(cmd: ListUsersCommand, ctx: KernelContext) -> Result<()> {
-    for user in get_users(&ctx.storage).await? {
-        println!(
-            "{0: <36} | [{1:<8}] | {2: <15} | {3: <25}",
-            user.id, user.status, user.handle, user.email.unwrap_or("()".to_string())
-        );
-    }
-    Ok(())
-}
-
-pub async fn create_user(cmd: CreateUserCommand, ctx: KernelContext) -> Result<()> {
-    let mut user = User::new(cmd.handle);
-    user.email = Some(cmd.email);
-    user.full_name = cmd.full_name;
-    if cmd.invite {
-        user.invite();
-        println!("Generated invite code: {}", user.reset_password_token.as_ref().unwrap());
-    }
-    let _res = kernel::actions::users::create_user(ctx, user).await?;
-    info!("Created user.");
-    if cmd.invite {
-        // TODO: Send invitation email
-        info!("Not sending invitation email.");
-    }
-    Ok(())
-}
-
-pub async fn delete_user(cmd: DeleteUserCommand, ctx: KernelContext) -> Result<()> {
-    todo!()
-}
-
-pub async fn handle_command_tree(cmd: UsersCommand, ctx: KernelContext) -> Result<()> {
-    match cmd.nested {
-        UsersSubCommands::List(sc) => list_users(sc, ctx).await,
-        UsersSubCommands::Create(sc) => create_user(sc, ctx).await,
-        UsersSubCommands::Delete(sc) => delete_user(sc, ctx).await
-    }
-}

lib/admin_cli/src/main.rs

@@ -1,23 +1,11 @@
 use argh::FromArgs;
 use anyhow::{Context, Result};
-use commands::users;
+use kernel::{context::{get_kernel_context, StartKernelConfig}};
-use kernel::context::{get_kernel_context, StartKernelConfig};
 use log::info;
 
-pub mod commands;
+#[derive(Debug, FromArgs)]
-
+/// Minauthator admin CLI args
-#[derive(FromArgs, PartialEq, Debug)]
+struct AdminCliArgs {
-#[argh(subcommand)]
-enum SubCommands {
-    Users(users::UsersCommand),
-}
-
-#[derive(FromArgs, PartialEq, Debug)]
-/// Minauthator admin top level
-struct AdminCliTopLevelCommand {
-    #[argh(subcommand)]
-    nested: SubCommands,
-
     /// path to YAML config file to use to configure this instance
     #[argh(option)]
     config: Option<String>,
@@ -26,24 +14,17 @@ struct AdminCliTopLevelCommand {
     #[argh(option)]
     database: Option<String>,
 
-    /// path to the static assets dir
-    #[argh(option)]
-    static_assets: Option<String>,
 }
 
 /// handle CLI arguments to run admin CLI
 #[tokio::main]
 pub async fn main() -> Result<()> {
     info!("Starting minauth");
-    let command_input: AdminCliTopLevelCommand = argh::from_env();
+    let args: AdminCliArgs = argh::from_env();
-    let ctx = get_kernel_context(StartKernelConfig {
+    let (config, secrets, db_pool) = get_kernel_context(StartKernelConfig {
-        config_path: command_input.config.clone(),
+        config_path: args.config,
-        database_path: command_input.database.clone()
+        database_path: args.database
     }).await.context("Getting kernel context")?;
 
-    match command_input.nested {
+    Ok(())
-       SubCommands::Users(sc) => {
-            users::handle_command_tree(sc, ctx).await
-        }
-    }
 }

lib/http_server/Cargo.toml

@@ -14,7 +14,6 @@ strum = { workspace = true }
 strum_macros = { workspace = true }
 
 anyhow = { workspace = true }
-thiserror = { workspace = true }
 fully_pub = { workspace = true }
 
 tokio = { workspace = true }

lib/http_server/src/controllers/ui/mod.rs

@@ -6,4 +6,3 @@ pub mod me;
 pub mod logout;
 pub mod user_panel;
 pub mod apps;
-pub mod reset_password;

lib/http_server/src/controllers/ui/register.rs

@@ -51,7 +51,7 @@ pub async fn perform_register(
         password_hash,
         status: UserStatus::Active,
         roles: Json(Vec::new()), // take the default role in the config
-        reset_password_token: None,
+        activation_token: None,
         created_at: Utc::now(),
         website: None,
         last_login_at: None

lib/http_server/src/controllers/ui/reset_password.rs

@@ -1,139 +0,0 @@
-use axum::{extract::{MatchedPath, Query, State}, http::StatusCode, response::{Html, IntoResponse, Redirect}, Extension, Form};
-use log::{error, info};
-use serde::{Deserialize, Serialize};
-use minijinja::context;
-use fully_pub::fully_pub;
-
-use crate::{renderer::TemplateRenderer, AppState};
-
-use kernel::models::user::{User, UserStatus};
-use utils::get_password_hash;
-
-#[derive(Debug, Deserialize, Serialize)]
-#[fully_pub]
-enum ResetPasswordReason {
-    LostPassword,
-    Invitation
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-#[fully_pub]
-struct ResetPasswordQueryParams {
-    token: String
-}
-
-pub async fn reset_password_form(
-    State(app_state): State<AppState>,
-    path: MatchedPath,
-    Extension(renderer): Extension<TemplateRenderer>,
-    Query(query_params): Query<ResetPasswordQueryParams>
-) -> impl IntoResponse {
-    let reason: ResetPasswordReason = match path.as_str() {
-        "/invitation" => ResetPasswordReason::Invitation,
-        "/reset-password" => ResetPasswordReason::LostPassword,
-        _ => unreachable!()
-    };
-    // 1. Verify token
-    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
-        .bind(&query_params.token)
-        .fetch_one(&app_state.db.0)
-        .await;
-    let _user = match user_res {
-        Ok(u) => u,
-        Err(sqlx::Error::RowNotFound) => {
-            return (
-                StatusCode::BAD_REQUEST,
-                Html("Invalid reset password token.")
-            ).into_response();
-        },
-        Err(err) => {
-            error!("Failed to retreive user from reset password token. {}", err);
-            return (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Html("Internal server error: Failed to retreive user.")
-            ).into_response();
-        }
-    };
-    renderer.render(
-        "pages/reset_password",
-        context!(
-            reason => reason,
-            token => query_params.token,
-        )
-    ).into_response()
-}
-
-
-#[derive(Debug, Deserialize)]
-#[fully_pub]
-struct ResetPasswordForm {
-    token: String,
-    password: String,
-    password_confirmation: String
-}
-
-pub async fn perform_reset_password(
-    State(app_state): State<AppState>,
-    Form(reset_form): Form<ResetPasswordForm>
-) -> impl IntoResponse {
-    // 1. Verify token
-    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
-        .bind(&reset_form.token)
-        .fetch_one(&app_state.db.0)
-        .await;
-    let user = match user_res {
-        Ok(u) => u,
-        Err(sqlx::Error::RowNotFound) => {
-            return (
-                StatusCode::BAD_REQUEST,
-                Html("Invalid reset password token.")
-            ).into_response();
-        },
-        Err(err) => {
-            error!("Failed to retreive user from reset password token. {}", err);
-            return (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Html("Internal server error: Failed to retreive user.")
-            ).into_response();
-        }
-    };
-    if reset_form.password != reset_form.password_confirmation {
-        return (
-            StatusCode::BAD_REQUEST,
-            Html("Form data error: The two passwords are differents.")
-        ).into_response();
-    }
-
-    let password_hash = Some(
-        get_password_hash(reset_form.password)
-            .expect("To process password").1
-    );
-    if user.status == UserStatus::Invited {
-        info!("The password of an Invited user was set: activation of user account");
-        // TODO: send welcome email
-    }
-    let res = sqlx::query("UPDATE users
-            SET password_hash = $2, status = $3, reset_password_token = NULL
-            WHERE id = $1
-        ")
-        .bind(user.id)
-        .bind(password_hash)
-        .bind(UserStatus::Active)
-        .execute(&app_state.db.0)
-        .await;
-    match res {
-        Err(err) => {
-            error!("Cannot update user: {}", err);
-            return (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Html("Internal server error: Failed to update user.")
-            ).into_response();
-        },
-        Ok(_v) => {
-            info!("Changed user's password successfuly.");
-        }
-    };
-    // TODO: add either "Successfully changed password" or "Account enabled successfully" message 
-    Redirect::to("/login").into_response()
-}
-

lib/http_server/src/lib.rs

@@ -7,7 +7,7 @@ pub mod token_claims;
 
 use fully_pub::fully_pub;
 use anyhow::{Result, Context};
-use kernel::{context::{AppSecrets, KernelContext}, models::config::Config, repositories::storage::Storage};
+use kernel::{context::AppSecrets, models::config::Config, repositories::storage::Storage};
 use log::info;
 use minijinja::Environment;
 
@@ -38,14 +38,16 @@ pub struct AppState {
 
 pub async fn start_http_server(
     server_config: ServerConfig,
-    ctx: KernelContext
+    config: Config,
+    secrets: AppSecrets,
+    db_pool: Storage
 ) -> Result<()> {
     // build state
     let state = AppState {
-        templating_env: build_templating_env(&ctx.config),
+        templating_env: build_templating_env(&config),
-        config: ctx.config,
+        config,
-        secrets: ctx.secrets,
+        secrets,
-        db: ctx.storage
+        db: db_pool
     };
 
     // build routes

lib/http_server/src/main.rs

@@ -32,7 +32,7 @@ struct ServerCliFlags {
 pub async fn main() -> Result<()> {
     info!("Starting minauth");
     let flags: ServerCliFlags = argh::from_env();
-    let kernel_context = get_kernel_context(StartKernelConfig {
+    let (config, secrets, db_pool) = get_kernel_context(StartKernelConfig {
         config_path: flags.config,
         database_path: flags.database
     }).await.context("Getting kernel context")?;
@@ -42,6 +42,8 @@ pub async fn main() -> Result<()> {
             listen_host: flags.listen_host,
             listen_port: flags.listen_port
         },
-        kernel_context
+        config,
+        secrets,
+        db_pool
     ).await
 }

lib/http_server/src/router.rs

@@ -19,9 +19,6 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
         .route("/register", post(ui::register::perform_register))
         .route("/login", get(ui::login::login_form))
         .route("/login", post(ui::login::perform_login))
-        .route("/invitation", get(ui::reset_password::reset_password_form))
-        .route("/reset-password", get(ui::reset_password::reset_password_form))
-        .route("/reset-password", post(ui::reset_password::perform_reset_password))
         .layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
         .layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));
 

lib/http_server/src/templates/pages/error.html

@@ -1,11 +0,0 @@
-{% extends "layouts/base.html" %}
-{% block body %}
-<h1>Internal server error</h1>
-
-{% if error %}
-<div class="alert alert-danger">
-    We are sorry. We've rencountered an unrecoverable error.
-</div>
-{% endif %}
-{% endblock %}
-

lib/http_server/src/templates/pages/reset_password.html

@@ -1,54 +0,0 @@
-{% extends "layouts/base.html" %}
-{% block body %}
-{% if reason == "Invitation" %}
-<h1>Invitation</h1>
-{% endif %}
-{% if reason == "LostPassword" %}
-<h1>Reset your password</h1>
-{% endif %}
-<!-- Reset password form -->
-{% if error %}
-<div class="alert alert-danger">
-    Error: {{ error }}
-</div>
-{% endif %}
-{% if info %}
-<div class="alert alert-info">
-    Info: {{ info }}
-</div>
-{% endif %}
-{% if reason == "Invitation" %}
-<p>
-    Pour activer votre compte, veuillez définir votre mot de passe.
-</p>
-{% endif %}
-{% if reason == "LostPassword" %}
-<p>
-    Votre mot de passe est perdu, veuillez définir un nouveau mot de passe.
-</p>
-{% endif %}
-<form id="reset-password-form" method="post" action="/reset-password">
-    <div class="mb-3">
-        <label for="password" class="form-label">New password</label>
-        <input
-            id="password" name="password" type="password"
-            required
-            class="form-control"
-        />
-    </div>
-    <div class="mb-3">
-        <label for="password" class="form-label">New password confirmation</label>
-        <input
-            id="password_confirmation" name="password_confirmation" type="password"
-            required
-            class="form-control"
-        />
-    </div>
-    <input
-        id="token" name="token" type="hidden"
-        value="{{ token }}"
-    />
-
-    <button type="submit" class="btn btn-primary">Change password</button>
-</form>
-{% endblock %}

lib/kernel/Cargo.toml

@@ -5,10 +5,9 @@ edition = "2021"
 [dependencies]
 utils = { path = "../utils" }
 
-anyhow = { workspace = true }
-thiserror = { workspace = true }
 log = { workspace = true }
 env_logger = { workspace = true }
+anyhow = { workspace = true }
 fully_pub = { workspace = true }
 strum = { workspace = true }
 strum_macros = { workspace = true }

lib/kernel/src/actions/mod.rs

@@ -1 +0,0 @@
-pub mod users;

lib/kernel/src/actions/users.rs

@@ -1,44 +0,0 @@
-use crate::{context::KernelContext, models::user::User};
-
-use anyhow::{Context, Result};
-use chrono::SecondsFormat;
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum CreateUserErr {
-    #[error("Handle or email for user is already used.")]
-    HandleOrEmailNotUnique,
-
-    #[error("Database error.")]
-    DatabaseErr(String)
-}
-
-pub async fn create_user(ctx: KernelContext, user: User) -> Result<(), CreateUserErr> {
-    let res = sqlx::query("
-        INSERT INTO users
-            (id, handle, email, status, roles, password_hash, reset_password_token, created_at)
-            VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
-        ")
-        .bind(user.id)
-        .bind(user.handle)
-        .bind(user.email)
-        .bind(user.status.to_string())
-        .bind(user.roles)
-        .bind(user.password_hash)
-        .bind(user.reset_password_token)
-        .bind(user.created_at.to_rfc3339_opts(SecondsFormat::Millis, true))
-        .execute(&ctx.storage.0)
-        .await;
-    match res {
-        Err(err) => {
-            let db_err = &err.as_database_error().unwrap();
-            if db_err.code().unwrap() == "2067" {
-                Err(CreateUserErr::HandleOrEmailNotUnique)
-            } else {
-                dbg!(&err);
-                Err(CreateUserErr::DatabaseErr(db_err.to_string()))
-            }
-        }
-        Ok(_) => Ok(())
-    }
-}

lib/kernel/src/context.rs

@@ -29,15 +29,7 @@ struct AppSecrets {
     jwt_secret: String
 }
 
-#[derive(Debug, Clone)]
+pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<(Config, AppSecrets, Storage)> {
-#[fully_pub]
-struct KernelContext {
-    config: Config,
-    secrets: AppSecrets,
-    storage: Storage
-}
-
-pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<KernelContext> {
     env_logger::init();
     let _ = dotenvy::dotenv();
 
@@ -55,9 +47,5 @@ pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<Kerne
         jwt_secret: env::var("APP_JWT_SECRET").context("Expecting APP_JWT_SECRET env var.")?
     };
 
-    Ok(KernelContext {
+    Ok((config, secrets, storage))
-        config,
-        secrets,
-        storage
-    })
 }

lib/kernel/src/models/user.rs

@@ -2,16 +2,13 @@ use fully_pub::fully_pub;
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use sqlx::types::Json;
-use utils::get_random_human_token;
-use uuid::Uuid;
 
 #[derive(sqlx::Type, Clone, Debug, Serialize, Deserialize, PartialEq)]
 #[derive(strum_macros::Display)]
 #[fully_pub]
 enum UserStatus {
-    Disabled,
+    Active,
-    Invited,
+    Disabled
-    Active
 }
 
 #[derive(sqlx::FromRow, Deserialize, Serialize, Debug)]
@@ -27,35 +24,8 @@ struct User {
     password_hash: Option<String>, // argon2 password hash
     status: UserStatus,
     roles: Json<Vec<String>>,
-    reset_password_token: Option<String>,
+    activation_token: Option<String>,
 
     last_login_at: Option<DateTime<Utc>>,
     created_at: DateTime<Utc>
 }
-
-impl User {
-    pub fn new(
-        handle: String
-    ) -> User {
-        User {
-            id: Uuid::new_v4().to_string(),
-            handle,
-            full_name: None,
-            email: None,
-            website: None,
-            picture: None,
-            password_hash: None,
-            status: UserStatus::Disabled,
-            roles: Json(Vec::new()),
-            reset_password_token: None,
-            last_login_at: None,
-            created_at: Utc::now()
-        }
-    }
-
-    pub fn invite(self: &mut Self) {
-        self.reset_password_token = Some(get_random_human_token());
-        self.status = UserStatus::Invited;
-    }
-
-}

lib/kernel/src/repositories/users.rs

@@ -5,17 +5,10 @@ use crate::models::user::User;
 use super::storage::Storage;
 use anyhow::{Result, Context};
 
-pub async fn get_user_by_id(storage: &Storage, user_id: &str) -> Result<User> {
+async fn get_user_by_id(storage: &Storage, user_id: &str) -> Result<User> {
     sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
         .bind(user_id)
         .fetch_one(&storage.0)
         .await
-        .context("To get user by id.")
+        .context("To get user from claim")
-}
-
-pub async fn get_users(storage: &Storage) -> Result<Vec<User>> {
-    sqlx::query_as::<_, User>("SELECT * FROM users")
-        .fetch_all(&storage.0)
-        .await
-        .context("To get users.")
 }

lib/utils/src/lib.rs

@@ -43,18 +43,6 @@ pub fn get_random_alphanumerical(length: usize) -> String {
         .collect()
 }
 
-/// Generate easy to type token
-pub fn get_random_human_token() -> String {
-    return format!(
-        "{}-{}-{}-{}-{}",
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4)
-    ).to_uppercase();
-}
-
 pub fn parse_basic_auth(header_value: &str) -> Result<(String, String)> {
     let header_val_components: Vec<&str> = header_value.split(" ").collect();
     let encoded_header_value: &str = header_val_components

migrations/all.sql

@@ -1,18 +1,18 @@
 DROP TABLE IF EXISTS users;
 CREATE TABLE users (
-    id                   TEXT PRIMARY KEY,
+    id                  TEXT PRIMARY KEY,
-    handle               TEXT NOT NULL UNIQUE,
+    handle              TEXT NOT NULL UNIQUE,
-    full_name            TEXT,
+    full_name           TEXT,
-    email                TEXT UNIQUE,
+    email               TEXT UNIQUE,
-    website              TEXT,
+    website             TEXT,
-    picture              BLOB,
+    picture             BLOB,
-    roles                TEXT NOT NULL, -- json array of user roles
+    roles               TEXT NOT NULL, -- json array of user roles
 
-    status               TEXT CHECK(status IN ('Invited', 'Active', 'Disabled')) NOT NULL DEFAULT 'Disabled',
+    status              TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
-    password_hash        TEXT,
+    password_hash       TEXT,
-    reset_password_token TEXT,
+    activation_token    TEXT,
-    last_login_at        DATETIME,
+    last_login_at       DATETIME,
-    created_at           DATETIME NOT NULL
+    created_at          DATETIME NOT NULL
 );
 
 DROP TABLE IF EXISTS authorizations;

tests/hurl_integration/scenario_1/init_db.sh

@@ -1,5 +1,3 @@
-#!/usr/bin/bash
-
 password_hash="$(echo -n "root" | argon2 salt_06cGGWYDJCZ -e)"
 echo $password_hash
 SQL=$(cat <<EOF

tests/hurl_integration/user_invitation_scenario/config.toml

@@ -1,9 +0,0 @@
-applications = []
-
-roles = []
-
-[instance]
-base_uri = "http://localhost:8086"
-name = "Example org"
-logo_uri = "https://example.org/logo.png"
-

tests/hurl_integration/user_invitation_scenario/init_db.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/bash
-
-SQL=$(cat <<EOF
-    INSERT INTO users
-        (id, handle, email, roles, status, reset_password_token, created_at)
-        VALUES
-        ('$(uuid)', 'invited_user', 'invited-user@example.org', '[]', 'Invited', 'Z433-Y001-V987-P500', '2024-11-30T00:00:00Z');
-EOF)
-echo $SQL | sqlite3 $DB_PATH

tests/hurl_integration/user_invitation_scenario/main.hurl

@@ -1,28 +0,0 @@
-GET {{ base_url }}/api
-HTTP 200
-[Asserts]
-jsonpath "$.software" == "Minauthator"
-
-GET {{ base_url }}/invitation
-[QueryStringParams]
-token: Z433-Y001-V987-P500
-HTTP 200
-[Asserts]
-xpath "string(///h1)" contains "Invitation"
-
-POST {{ base_url }}/reset-password
-[FormParams]
-token: Z433-Y001-V987-P500
-password: newpassword10!
-password_confirmation: newpassword10!
-HTTP 303
-[Asserts]
-header "Location" == "/login"
-
-POST {{ base_url }}/login
-[FormParams]
-login: invited_user
-password: newpassword10!
-HTTP 303
-[Asserts]
-cookie "minauthator_jwt" exists

tests/manual/create_test_user.sql

@@ -1,12 +1,5 @@
--- INSERT INTO users
---     (id, handle, email, roles, status, password_hash, created_at)
---     VALUES
---     ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');
---
-
-
 INSERT INTO users
-    (id, handle, email, roles, status, reset_password_token, created_at)
+    (id, handle, email, roles, status, password_hash, created_at)
     VALUES
-    ('00000001-0042-0001-0001-00000000432', 'invited_user1', 'invited-user1@example.org', '[]', 'Invited', 'A909-Z539-L128-O400', '2024-11-30T00:00:00Z');
+    ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');