WIP

2024-12-03 13:20:33 +01:00
32 changed files with 49 additions and 606 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -27,7 +27,6 @@ dependencies = [
 "fully_pub",
 "kernel",
 "log",
- "thiserror 2.0.3",
 "tokio",
 ]

@ -971,7 +970,6 @@ dependencies = [
 "sqlx",
 "strum",
 "strum_macros",
- "thiserror 2.0.3",
 "time",
 "tokio",
 "tower-http",
@ -1262,7 +1260,6 @@ dependencies = [
 "sqlx",
 "strum",
 "strum_macros",
- "thiserror 2.0.3",
 "toml",
 "url",
 "utils",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -14,7 +14,6 @@ members = [
 [workspace.dependencies]
 # commons utils
 anyhow = "1.0"
-thiserror = "2"
 fully_pub = "0.1"
 strum = "0.26.3"
 strum_macros = "0.26"
--- a/admin.sh
+++ b/admin.sh
@ -1,3 +0,0 @@
-#!/usr/bin/sh
-
-cargo run -q --bin minauthator-admin -- --config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets $@
--- a/docs/draft.md
+++ b/docs/draft.md
@ -7,47 +7,3 @@ https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path
 ## Oauth2 test

 -> authorize
-
-# User flow
-
-## Invitation flow
-
- Create invite
-    - generate A random
-    - user.reset_password_token = A
-    - user.status = "Invited"
-    - Send email with link to https://instance/reset-password?token=A&reason=invitation
- GET /reset-password?token=A&reason=invitation
-    - verification of token
-    - show form
- POST /reset-password
-    - BODY: with params token
-    - check token validity
-    - set new password hash
-    - if user.status == "invited"
-        - enable new account (user.status = "active")
-        - send welcome email
-    - redirect to login page with a message
-        - we need to redirect to the login page, so the user remember how to login later, and can
-        verify the setup of his/her password manager.
-
-We can instead send link to https://instance/invitation?token=A
-
-## Reset password flow
-
- Reset password request
-    - generate A random
-    - user.reset_password_token = A
-    - Send email with link to https://instance/reset-password?token=A&reason=lost_password
- GET /reset-password?token=A&reason=lost_password
-    - verification of token
-    - show form
- POST /reset-password
-    - BODY: with params token
-    - check token validity
-    - set new password hash
-    - redirect to login page with a message
-        - we need to redirect to the login page, so the user remember how to login later, and can
-        verify the setup of his/her password manager.
-
-We can instead send link to https://instance/reset-password?token=A
--- a/13
+++ b/13
@ -1,15 +1,12 @@
 export RUST_BACKTRACE := "1"
 export RUST_LOG := "trace"
-export CONTEXT_ARGS := "--config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets"
+export RUN_ARGS := "run --bin minauthator-server -- --config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets"

-watch-server:
-    cargo-watch -x "run --bin minauthator-server -- $CONTEXT_ARGS"
+watch-run:
+    cargo-watch -x "$RUN_ARGS"

-server:
-    cargo run --bin minauthator-server -- $CONTEXT_ARGS
-
-admin:
-    cargo run --bin minauthator-admin -- $CONTEXT_ARGS
+run:
+    cargo $RUN_ARGS

 docker-run:
    docker run -p 3085:8080 -v ./tmp/docker/config:/etc/minauthator -v ./tmp/docker/db:/var/lib/minauthator minauthator
--- a/lib/admin_cli/Cargo.toml
+++ b/lib/admin_cli/Cargo.toml
@ -8,7 +8,6 @@ path = "src/main.rs"

 [dependencies]
 anyhow = { workspace = true }
-thiserror = { workspace = true }
 fully_pub = { workspace = true }
 argh = { workspace = true }
 tokio = { workspace = true }
--- a/lib/admin_cli/src/commands/mod.rs
+++ b/lib/admin_cli/src/commands/mod.rs
@ -1 +0,0 @@
-pub mod users;
--- a/lib/admin_cli/src/commands/users.rs
+++ b/lib/admin_cli/src/commands/users.rs
@ -1,115 +0,0 @@
-use anyhow::{Context, Result};
-use argh::FromArgs;
-use fully_pub::fully_pub;
-use kernel::{context::KernelContext, models::user::User, repositories::users::get_users};
-use log::info;
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "create",
-    description = "Create user in DB."
-)]
-struct CreateUserCommand {
-    /// aka login, username
-    #[argh(option)]
-    handle: String,
-
-    /// displayed name (eg. first name and last name)
-    #[argh(option)]
-    full_name: Option<String>,
-
-    /// use to identify and prove user identity
-    /// formated as specified in RFC 2821, RFC 3696
-    #[argh(option)]
-    email: String,
-
-    /// if true, create an invitation token
-    #[argh(switch)]
-    invite: bool
-}
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "delete",
-    description = "Delete user in DB."
-)]
-struct DeleteUserCommand {
-    /// delete by user Uuid
-    #[argh(option)]
-    id: String
-}
-
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "list",
-    description = "List users in DB."
-)]
-struct ListUsersCommand {
-    /// how many users to return
-    #[argh(option)]
-    limit: Option<usize>,
-}
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(subcommand)]
-enum UsersSubCommands {
-    Create(CreateUserCommand),
-    List(ListUsersCommand),
-    Delete(DeleteUserCommand),
-}
-
-#[fully_pub]
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(
-    subcommand, name = "users",
-    description = "Manage instance users."
-)]
-struct UsersCommand {
-    #[argh(subcommand)]
-    nested: UsersSubCommands,
-}
-
-
-pub async fn list_users(cmd: ListUsersCommand, ctx: KernelContext) -> Result<()> {
-    for user in get_users(&ctx.storage).await? {
-        println!(
-            "{0: <36} | [{1:<8}] | {2: <15} | {3: <25}",
-            user.id, user.status, user.handle, user.email.unwrap_or("()".to_string())
-        );
-    }
-    Ok(())
-}
-
-pub async fn create_user(cmd: CreateUserCommand, ctx: KernelContext) -> Result<()> {
-    let mut user = User::new(cmd.handle);
-    user.email = Some(cmd.email);
-    user.full_name = cmd.full_name;
-    if cmd.invite {
-        user.invite();
-        println!("Generated invite code: {}", user.reset_password_token.as_ref().unwrap());
-    }
-    let _res = kernel::actions::users::create_user(ctx, user).await?;
-    info!("Created user.");
-    if cmd.invite {
-        // TODO: Send invitation email
-        info!("Not sending invitation email.");
-    }
-    Ok(())
-}
-
-pub async fn delete_user(cmd: DeleteUserCommand, ctx: KernelContext) -> Result<()> {
-    todo!()
-}
-
-pub async fn handle_command_tree(cmd: UsersCommand, ctx: KernelContext) -> Result<()> {
-    match cmd.nested {
-        UsersSubCommands::List(sc) => list_users(sc, ctx).await,
-        UsersSubCommands::Create(sc) => create_user(sc, ctx).await,
-        UsersSubCommands::Delete(sc) => delete_user(sc, ctx).await
-    }
-}
--- a/lib/admin_cli/src/main.rs
+++ b/lib/admin_cli/src/main.rs
@ -1,23 +1,11 @@
 use argh::FromArgs;
 use anyhow::{Context, Result};
-use commands::users;
-use kernel::context::{get_kernel_context, StartKernelConfig};
+use kernel::{context::{get_kernel_context, StartKernelConfig}};
 use log::info;

-pub mod commands;
-
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(subcommand)]
-enum SubCommands {
-    Users(users::UsersCommand),
-}
-
-#[derive(FromArgs, PartialEq, Debug)]
-/// Minauthator admin top level
-struct AdminCliTopLevelCommand {
-    #[argh(subcommand)]
-    nested: SubCommands,
-
+#[derive(Debug, FromArgs)]
+/// Minauthator admin CLI args
+struct AdminCliArgs {
    /// path to YAML config file to use to configure this instance
    #[argh(option)]
    config: Option<String>,
@ -26,24 +14,17 @@ struct AdminCliTopLevelCommand {
    #[argh(option)]
    database: Option<String>,

-    /// path to the static assets dir
-    #[argh(option)]
-    static_assets: Option<String>,
 }

 /// handle CLI arguments to run admin CLI
 #[tokio::main]
 pub async fn main() -> Result<()> {
    info!("Starting minauth");
-    let command_input: AdminCliTopLevelCommand = argh::from_env();
-    let ctx = get_kernel_context(StartKernelConfig {
-        config_path: command_input.config.clone(),
-        database_path: command_input.database.clone()
+    let args: AdminCliArgs = argh::from_env();
+    let (config, secrets, db_pool) = get_kernel_context(StartKernelConfig {
+        config_path: args.config,
+        database_path: args.database
    }).await.context("Getting kernel context")?;

-    match command_input.nested {
-       SubCommands::Users(sc) => {
-            users::handle_command_tree(sc, ctx).await
-        }
-    }
+    Ok(())
 }
--- a/lib/http_server/Cargo.toml
+++ b/lib/http_server/Cargo.toml
@ -14,7 +14,6 @@ strum = { workspace = true }
 strum_macros = { workspace = true }

 anyhow = { workspace = true }
-thiserror = { workspace = true }
 fully_pub = { workspace = true }

 tokio = { workspace = true }
--- a/lib/http_server/src/controllers/ui/mod.rs
+++ b/lib/http_server/src/controllers/ui/mod.rs
@ -6,4 +6,3 @@ pub mod me;
 pub mod logout;
 pub mod user_panel;
 pub mod apps;
-pub mod reset_password;
--- a/lib/http_server/src/controllers/ui/register.rs
+++ b/lib/http_server/src/controllers/ui/register.rs
@ -51,7 +51,7 @@ pub async fn perform_register(
        password_hash,
        status: UserStatus::Active,
        roles: Json(Vec::new()), // take the default role in the config
-        reset_password_token: None,
+        activation_token: None,
        created_at: Utc::now(),
        website: None,
        last_login_at: None
--- a/lib/http_server/src/controllers/ui/reset_password.rs
+++ b/lib/http_server/src/controllers/ui/reset_password.rs
@ -1,139 +0,0 @@
-use axum::{extract::{MatchedPath, Query, State}, http::StatusCode, response::{Html, IntoResponse, Redirect}, Extension, Form};
-use log::{error, info};
-use serde::{Deserialize, Serialize};
-use minijinja::context;
-use fully_pub::fully_pub;
-
-use crate::{renderer::TemplateRenderer, AppState};
-
-use kernel::models::user::{User, UserStatus};
-use utils::get_password_hash;
-
-#[derive(Debug, Deserialize, Serialize)]
-#[fully_pub]
-enum ResetPasswordReason {
-    LostPassword,
-    Invitation
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-#[fully_pub]
-struct ResetPasswordQueryParams {
-    token: String
-}
-
-pub async fn reset_password_form(
-    State(app_state): State<AppState>,
-    path: MatchedPath,
-    Extension(renderer): Extension<TemplateRenderer>,
-    Query(query_params): Query<ResetPasswordQueryParams>
-) -> impl IntoResponse {
-    let reason: ResetPasswordReason = match path.as_str() {
-        "/invitation" => ResetPasswordReason::Invitation,
-        "/reset-password" => ResetPasswordReason::LostPassword,
-        _ => unreachable!()
-    };
-    // 1. Verify token
-    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
-        .bind(&query_params.token)
-        .fetch_one(&app_state.db.0)
-        .await;
-    let _user = match user_res {
-        Ok(u) => u,
-        Err(sqlx::Error::RowNotFound) => {
-            return (
-                StatusCode::BAD_REQUEST,
-                Html("Invalid reset password token.")
-            ).into_response();
-        },
-        Err(err) => {
-            error!("Failed to retreive user from reset password token. {}", err);
-            return (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Html("Internal server error: Failed to retreive user.")
-            ).into_response();
-        }
-    };
-    renderer.render(
-        "pages/reset_password",
-        context!(
-            reason => reason,
-            token => query_params.token,
-        )
-    ).into_response()
-}
-
-
-#[derive(Debug, Deserialize)]
-#[fully_pub]
-struct ResetPasswordForm {
-    token: String,
-    password: String,
-    password_confirmation: String
-}
-
-pub async fn perform_reset_password(
-    State(app_state): State<AppState>,
-    Form(reset_form): Form<ResetPasswordForm>
-) -> impl IntoResponse {
-    // 1. Verify token
-    let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
-        .bind(&reset_form.token)
-        .fetch_one(&app_state.db.0)
-        .await;
-    let user = match user_res {
-        Ok(u) => u,
-        Err(sqlx::Error::RowNotFound) => {
-            return (
-                StatusCode::BAD_REQUEST,
-                Html("Invalid reset password token.")
-            ).into_response();
-        },
-        Err(err) => {
-            error!("Failed to retreive user from reset password token. {}", err);
-            return (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Html("Internal server error: Failed to retreive user.")
-            ).into_response();
-        }
-    };
-    if reset_form.password != reset_form.password_confirmation {
-        return (
-            StatusCode::BAD_REQUEST,
-            Html("Form data error: The two passwords are differents.")
-        ).into_response();
-    }
-
-    let password_hash = Some(
-        get_password_hash(reset_form.password)
-            .expect("To process password").1
-    );
-    if user.status == UserStatus::Invited {
-        info!("The password of an Invited user was set: activation of user account");
-        // TODO: send welcome email
-    }
-    let res = sqlx::query("UPDATE users
-            SET password_hash = $2, status = $3, reset_password_token = NULL
-            WHERE id = $1
-        ")
-        .bind(user.id)
-        .bind(password_hash)
-        .bind(UserStatus::Active)
-        .execute(&app_state.db.0)
-        .await;
-    match res {
-        Err(err) => {
-            error!("Cannot update user: {}", err);
-            return (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                Html("Internal server error: Failed to update user.")
-            ).into_response();
-        },
-        Ok(_v) => {
-            info!("Changed user's password successfuly.");
-        }
-    };
-    // TODO: add either "Successfully changed password" or "Account enabled successfully" message 
-    Redirect::to("/login").into_response()
-}
-
--- a/lib/http_server/src/lib.rs
+++ b/lib/http_server/src/lib.rs
@ -7,7 +7,7 @@ pub mod token_claims;

 use fully_pub::fully_pub;
 use anyhow::{Result, Context};
-use kernel::{context::{AppSecrets, KernelContext}, models::config::Config, repositories::storage::Storage};
+use kernel::{context::AppSecrets, models::config::Config, repositories::storage::Storage};
 use log::info;
 use minijinja::Environment;

@ -38,14 +38,16 @@ pub struct AppState {

 pub async fn start_http_server(
    server_config: ServerConfig,
-    ctx: KernelContext
+    config: Config,
+    secrets: AppSecrets,
+    db_pool: Storage
 ) -> Result<()> {
    // build state
    let state = AppState {
-        templating_env: build_templating_env(&ctx.config),
-        config: ctx.config,
-        secrets: ctx.secrets,
-        db: ctx.storage
+        templating_env: build_templating_env(&config),
+        config,
+        secrets,
+        db: db_pool
    };

    // build routes
--- a/lib/http_server/src/main.rs
+++ b/lib/http_server/src/main.rs
@ -32,7 +32,7 @@ struct ServerCliFlags {
 pub async fn main() -> Result<()> {
    info!("Starting minauth");
    let flags: ServerCliFlags = argh::from_env();
-    let kernel_context = get_kernel_context(StartKernelConfig {
+    let (config, secrets, db_pool) = get_kernel_context(StartKernelConfig {
        config_path: flags.config,
        database_path: flags.database
    }).await.context("Getting kernel context")?;
@ -42,6 +42,8 @@ pub async fn main() -> Result<()> {
            listen_host: flags.listen_host,
            listen_port: flags.listen_port
        },
-        kernel_context
+        config,
+        secrets,
+        db_pool
    ).await
 }
--- a/lib/http_server/src/router.rs
+++ b/lib/http_server/src/router.rs
@ -19,9 +19,6 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
        .route("/register", post(ui::register::perform_register))
        .route("/login", get(ui::login::login_form))
        .route("/login", post(ui::login::perform_login))
-        .route("/invitation", get(ui::reset_password::reset_password_form))
-        .route("/reset-password", get(ui::reset_password::reset_password_form))
-        .route("/reset-password", post(ui::reset_password::perform_reset_password))
        .layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
        .layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));

--- a/lib/http_server/src/templates/pages/error.html
+++ b/lib/http_server/src/templates/pages/error.html
@ -1,11 +0,0 @@
-{% extends "layouts/base.html" %}
-{% block body %}
-<h1>Internal server error</h1>
-
-{% if error %}
-<div class="alert alert-danger">
-    We are sorry. We've rencountered an unrecoverable error.
-</div>
-{% endif %}
-{% endblock %}
-
--- a/lib/http_server/src/templates/pages/reset_password.html
+++ b/lib/http_server/src/templates/pages/reset_password.html
@ -1,54 +0,0 @@
-{% extends "layouts/base.html" %}
-{% block body %}
-{% if reason == "Invitation" %}
-<h1>Invitation</h1>
-{% endif %}
-{% if reason == "LostPassword" %}
-<h1>Reset your password</h1>
-{% endif %}
-<!-- Reset password form -->
-{% if error %}
-<div class="alert alert-danger">
-    Error: {{ error }}
-</div>
-{% endif %}
-{% if info %}
-<div class="alert alert-info">
-    Info: {{ info }}
-</div>
-{% endif %}
-{% if reason == "Invitation" %}
-<p>
-    Pour activer votre compte, veuillez définir votre mot de passe.
-</p>
-{% endif %}
-{% if reason == "LostPassword" %}
-<p>
-    Votre mot de passe est perdu, veuillez définir un nouveau mot de passe.
-</p>
-{% endif %}
-<form id="reset-password-form" method="post" action="/reset-password">
-    <div class="mb-3">
-        <label for="password" class="form-label">New password</label>
-        <input
-            id="password" name="password" type="password"
-            required
-            class="form-control"
-        />
-    </div>
-    <div class="mb-3">
-        <label for="password" class="form-label">New password confirmation</label>
-        <input
-            id="password_confirmation" name="password_confirmation" type="password"
-            required
-            class="form-control"
-        />
-    </div>
-    <input
-        id="token" name="token" type="hidden"
-        value="{{ token }}"
-    />
-
-    <button type="submit" class="btn btn-primary">Change password</button>
-</form>
-{% endblock %}
--- a/lib/kernel/Cargo.toml
+++ b/lib/kernel/Cargo.toml
@ -5,10 +5,9 @@ edition = "2021"
 [dependencies]
 utils = { path = "../utils" }

-anyhow = { workspace = true }
-thiserror = { workspace = true }
 log = { workspace = true }
 env_logger = { workspace = true }
+anyhow = { workspace = true }
 fully_pub = { workspace = true }
 strum = { workspace = true }
 strum_macros = { workspace = true }
--- a/lib/kernel/src/actions/mod.rs
+++ b/lib/kernel/src/actions/mod.rs
@ -1 +0,0 @@
-pub mod users;
--- a/lib/kernel/src/actions/user.rs
+++ b/lib/kernel/src/actions/user.rs
--- a/lib/kernel/src/actions/users.rs
+++ b/lib/kernel/src/actions/users.rs
@ -1,44 +0,0 @@
-use crate::{context::KernelContext, models::user::User};
-
-use anyhow::{Context, Result};
-use chrono::SecondsFormat;
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum CreateUserErr {
-    #[error("Handle or email for user is already used.")]
-    HandleOrEmailNotUnique,
-
-    #[error("Database error.")]
-    DatabaseErr(String)
-}
-
-pub async fn create_user(ctx: KernelContext, user: User) -> Result<(), CreateUserErr> {
-    let res = sqlx::query("
-        INSERT INTO users
-            (id, handle, email, status, roles, password_hash, reset_password_token, created_at)
-            VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
-        ")
-        .bind(user.id)
-        .bind(user.handle)
-        .bind(user.email)
-        .bind(user.status.to_string())
-        .bind(user.roles)
-        .bind(user.password_hash)
-        .bind(user.reset_password_token)
-        .bind(user.created_at.to_rfc3339_opts(SecondsFormat::Millis, true))
-        .execute(&ctx.storage.0)
-        .await;
-    match res {
-        Err(err) => {
-            let db_err = &err.as_database_error().unwrap();
-            if db_err.code().unwrap() == "2067" {
-                Err(CreateUserErr::HandleOrEmailNotUnique)
-            } else {
-                dbg!(&err);
-                Err(CreateUserErr::DatabaseErr(db_err.to_string()))
-            }
-        }
-        Ok(_) => Ok(())
-    }
-}
--- a/lib/kernel/src/context.rs
+++ b/lib/kernel/src/context.rs
@ -29,15 +29,7 @@ struct AppSecrets {
    jwt_secret: String
 }

-#[derive(Debug, Clone)]
-#[fully_pub]
-struct KernelContext {
-    config: Config,
-    secrets: AppSecrets,
-    storage: Storage
-}
-
-pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<KernelContext> {
+pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<(Config, AppSecrets, Storage)> {
    env_logger::init();
    let _ = dotenvy::dotenv();

@ -55,9 +47,5 @@ pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<Kerne
        jwt_secret: env::var("APP_JWT_SECRET").context("Expecting APP_JWT_SECRET env var.")?
    };

-    Ok(KernelContext {
-        config,
-        secrets,
-        storage
-    })
+    Ok((config, secrets, storage))
 }
--- a/lib/kernel/src/models/user.rs
+++ b/lib/kernel/src/models/user.rs
@ -2,16 +2,13 @@ use fully_pub::fully_pub;
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use sqlx::types::Json;
-use utils::get_random_human_token;
-use uuid::Uuid;

 #[derive(sqlx::Type, Clone, Debug, Serialize, Deserialize, PartialEq)]
 #[derive(strum_macros::Display)]
 #[fully_pub]
 enum UserStatus {
-    Disabled,
-    Invited,
-    Active
+    Active,
+    Disabled
 }

 #[derive(sqlx::FromRow, Deserialize, Serialize, Debug)]
@ -27,35 +24,8 @@ struct User {
    password_hash: Option<String>, // argon2 password hash
    status: UserStatus,
    roles: Json<Vec<String>>,
-    reset_password_token: Option<String>,
+    activation_token: Option<String>,

    last_login_at: Option<DateTime<Utc>>,
    created_at: DateTime<Utc>
 }
-
-impl User {
-    pub fn new(
-        handle: String
-    ) -> User {
-        User {
-            id: Uuid::new_v4().to_string(),
-            handle,
-            full_name: None,
-            email: None,
-            website: None,
-            picture: None,
-            password_hash: None,
-            status: UserStatus::Disabled,
-            roles: Json(Vec::new()),
-            reset_password_token: None,
-            last_login_at: None,
-            created_at: Utc::now()
-        }
-    }
-
-    pub fn invite(self: &mut Self) {
-        self.reset_password_token = Some(get_random_human_token());
-        self.status = UserStatus::Invited;
-    }
-
-}
--- a/lib/kernel/src/repositories/users.rs
+++ b/lib/kernel/src/repositories/users.rs
@ -5,17 +5,10 @@ use crate::models::user::User;
 use super::storage::Storage;
 use anyhow::{Result, Context};

-pub async fn get_user_by_id(storage: &Storage, user_id: &str) -> Result<User> {
+async fn get_user_by_id(storage: &Storage, user_id: &str) -> Result<User> {
    sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
        .bind(user_id)
        .fetch_one(&storage.0)
        .await
-        .context("To get user by id.")
-}
-
-pub async fn get_users(storage: &Storage) -> Result<Vec<User>> {
-    sqlx::query_as::<_, User>("SELECT * FROM users")
-        .fetch_all(&storage.0)
-        .await
-        .context("To get users.")
+        .context("To get user from claim")
 }
--- a/lib/utils/src/lib.rs
+++ b/lib/utils/src/lib.rs
@ -43,18 +43,6 @@ pub fn get_random_alphanumerical(length: usize) -> String {
        .collect()
 }

-/// Generate easy to type token
-pub fn get_random_human_token() -> String {
-    return format!(
-        "{}-{}-{}-{}-{}",
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4),
-        get_random_alphanumerical(4)
-    ).to_uppercase();
-}
-
 pub fn parse_basic_auth(header_value: &str) -> Result<(String, String)> {
    let header_val_components: Vec<&str> = header_value.split(" ").collect();
    let encoded_header_value: &str = header_val_components
--- a/migrations/all.sql
+++ b/migrations/all.sql
@ -8,9 +8,9 @@ CREATE TABLE users (
    picture             BLOB,
    roles               TEXT NOT NULL, -- json array of user roles

-    status               TEXT CHECK(status IN ('Invited', 'Active', 'Disabled')) NOT NULL DEFAULT 'Disabled',
+    status              TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
    password_hash       TEXT,
-    reset_password_token TEXT,
+    activation_token    TEXT,
    last_login_at       DATETIME,
    created_at          DATETIME NOT NULL
 );
--- a/tests/hurl_integration/scenario_1/init_db.sh
+++ b/tests/hurl_integration/scenario_1/init_db.sh
@ -1,5 +1,3 @@
-#!/usr/bin/bash
-
 password_hash="$(echo -n "root" | argon2 salt_06cGGWYDJCZ -e)"
 echo $password_hash
 SQL=$(cat <<EOF
--- a/tests/hurl_integration/user_invitation_scenario/config.toml
+++ b/tests/hurl_integration/user_invitation_scenario/config.toml
@ -1,9 +0,0 @@
-applications = []
-
-roles = []
-
-[instance]
-base_uri = "http://localhost:8086"
-name = "Example org"
-logo_uri = "https://example.org/logo.png"
-
--- a/tests/hurl_integration/user_invitation_scenario/init_db.sh
+++ b/tests/hurl_integration/user_invitation_scenario/init_db.sh
@ -1,9 +0,0 @@
-#!/usr/bin/bash
-
-SQL=$(cat <<EOF
-    INSERT INTO users
-        (id, handle, email, roles, status, reset_password_token, created_at)
-        VALUES
-        ('$(uuid)', 'invited_user', 'invited-user@example.org', '[]', 'Invited', 'Z433-Y001-V987-P500', '2024-11-30T00:00:00Z');
-EOF)
-echo $SQL | sqlite3 $DB_PATH
--- a/tests/hurl_integration/user_invitation_scenario/main.hurl
+++ b/tests/hurl_integration/user_invitation_scenario/main.hurl
@ -1,28 +0,0 @@
-GET {{ base_url }}/api
-HTTP 200
-[Asserts]
-jsonpath "$.software" == "Minauthator"
-
-GET {{ base_url }}/invitation
-[QueryStringParams]
-token: Z433-Y001-V987-P500
-HTTP 200
-[Asserts]
-xpath "string(///h1)" contains "Invitation"
-
-POST {{ base_url }}/reset-password
-[FormParams]
-token: Z433-Y001-V987-P500
-password: newpassword10!
-password_confirmation: newpassword10!
-HTTP 303
-[Asserts]
-header "Location" == "/login"
-
-POST {{ base_url }}/login
-[FormParams]
-login: invited_user
-password: newpassword10!
-HTTP 303
-[Asserts]
-cookie "minauthator_jwt" exists
--- a/tests/manual/create_test_user.sql
+++ b/tests/manual/create_test_user.sql
@ -1,12 +1,5 @@
-- INSERT INTO users
--     (id, handle, email, roles, status, password_hash, created_at)
--     VALUES
--     ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');
--
-
-
 INSERT INTO users
-    (id, handle, email, roles, status, reset_password_token, created_at)
+    (id, handle, email, roles, status, password_hash, created_at)
    VALUES
-    ('00000001-0042-0001-0001-00000000432', 'invited_user1', 'invited-user1@example.org', '[]', 'Invited', 'A909-Z539-L128-O400', '2024-11-30T00:00:00Z');
+    ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');