Compare commits
8 commits
refactor_m
...
master
Author | SHA1 | Date | |
---|---|---|---|
1b21ee1573 | |||
07fff532f7 | |||
f98a102854 | |||
91530d13ab | |||
23f12904cc | |||
0243535469 | |||
a0de3b287b | |||
8d20cab18f |
45 changed files with 947 additions and 119 deletions
7
.dockerignore
Normal file
7
.dockerignore
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
target
|
||||||
|
.env
|
||||||
|
tmp
|
||||||
|
Dockerfile
|
||||||
|
.dockerignore
|
||||||
|
justfile
|
||||||
|
config.toml
|
16
Cargo.lock
generated
16
Cargo.lock
generated
|
@ -22,7 +22,13 @@ name = "admin_cli"
|
||||||
version = "0.0.0"
|
version = "0.0.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
|
"argh",
|
||||||
|
"env_logger",
|
||||||
"fully_pub",
|
"fully_pub",
|
||||||
|
"kernel",
|
||||||
|
"log",
|
||||||
|
"thiserror 2.0.3",
|
||||||
|
"tokio",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -873,6 +879,12 @@ version = "0.4.3"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "hex-literal"
|
||||||
|
version = "0.4.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "6fe2267d4ed49bc07b63801559be28c718ea06c4738b7a03c94df7386d2cde46"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "hkdf"
|
name = "hkdf"
|
||||||
version = "0.12.4"
|
version = "0.12.4"
|
||||||
|
@ -965,6 +977,7 @@ dependencies = [
|
||||||
"sqlx",
|
"sqlx",
|
||||||
"strum",
|
"strum",
|
||||||
"strum_macros",
|
"strum_macros",
|
||||||
|
"thiserror 2.0.3",
|
||||||
"time",
|
"time",
|
||||||
"tokio",
|
"tokio",
|
||||||
"tower-http",
|
"tower-http",
|
||||||
|
@ -1249,12 +1262,15 @@ dependencies = [
|
||||||
"dotenvy",
|
"dotenvy",
|
||||||
"env_logger",
|
"env_logger",
|
||||||
"fully_pub",
|
"fully_pub",
|
||||||
|
"hex-literal",
|
||||||
"log",
|
"log",
|
||||||
"serde",
|
"serde",
|
||||||
"serde_json",
|
"serde_json",
|
||||||
|
"sha2",
|
||||||
"sqlx",
|
"sqlx",
|
||||||
"strum",
|
"strum",
|
||||||
"strum_macros",
|
"strum_macros",
|
||||||
|
"thiserror 2.0.3",
|
||||||
"toml",
|
"toml",
|
||||||
"url",
|
"url",
|
||||||
"utils",
|
"utils",
|
||||||
|
|
13
Cargo.toml
13
Cargo.toml
|
@ -1,9 +1,11 @@
|
||||||
cargo-features = ["codegen-backend"]
|
# cargo-features = ["codegen-backend"]
|
||||||
|
|
||||||
[profile.dev]
|
# [profile.dev]
|
||||||
codegen-backend = "cranelift"
|
# codegen-backend = "cranelift"
|
||||||
|
# # END OF
|
||||||
|
|
||||||
[workspace]
|
[workspace]
|
||||||
|
resolver = "2"
|
||||||
members = [
|
members = [
|
||||||
"lib/kernel",
|
"lib/kernel",
|
||||||
"lib/utils",
|
"lib/utils",
|
||||||
|
@ -14,18 +16,21 @@ members = [
|
||||||
[workspace.dependencies]
|
[workspace.dependencies]
|
||||||
# commons utils
|
# commons utils
|
||||||
anyhow = "1.0"
|
anyhow = "1.0"
|
||||||
|
thiserror = "2"
|
||||||
fully_pub = "0.1"
|
fully_pub = "0.1"
|
||||||
strum = "0.26.3"
|
strum = "0.26.3"
|
||||||
strum_macros = "0.26"
|
strum_macros = "0.26"
|
||||||
uuid = { version = "1.8", features = ["serde", "v4"] }
|
uuid = { version = "1.8", features = ["serde", "v4"] }
|
||||||
dotenvy = "0.15.7"
|
dotenvy = "0.15.7"
|
||||||
url = "2.5.3"
|
url = "2.5.3"
|
||||||
|
sha2 = "0.10"
|
||||||
|
hex-literal = "0.4"
|
||||||
|
|
||||||
# CLI
|
# CLI
|
||||||
argh = "0.1"
|
argh = "0.1"
|
||||||
|
|
||||||
# Async
|
# Async
|
||||||
tokio = { version = "1.40.0", features = ["rt-multi-thread"] }
|
tokio = { version = "1.40.0", features = ["rt-multi-thread", "macros"] }
|
||||||
|
|
||||||
# Logging
|
# Logging
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
|
|
37
Dockerfile
Normal file
37
Dockerfile
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
FROM rust:1.83-alpine3.20 AS builder
|
||||||
|
|
||||||
|
WORKDIR /usr/src/minauthator
|
||||||
|
COPY . .
|
||||||
|
|
||||||
|
RUN apk add musl-dev
|
||||||
|
|
||||||
|
RUN cargo install --bin minauthator-admin --locked --path lib/admin_cli
|
||||||
|
RUN cargo install --bin minauthator-server --locked --path lib/http_server
|
||||||
|
|
||||||
|
FROM alpine:3.20 AS base
|
||||||
|
|
||||||
|
RUN apk add sqlite
|
||||||
|
COPY --from=builder /usr/local/cargo/bin/minauthator-server /usr/local/bin/minauthator-server
|
||||||
|
COPY --from=builder /usr/local/cargo/bin/minauthator-admin /usr/local/bin/minauthator-admin
|
||||||
|
RUN mkdir -p \
|
||||||
|
/usr/local/src/minauthator/migrations \
|
||||||
|
/usr/local/lib/minauthator/assets \
|
||||||
|
/var/lib/minauthator \
|
||||||
|
/etc/minauthator
|
||||||
|
COPY --from=builder /usr/src/minauthator/migrations/all.sql /usr/local/src/minauthator/migrations
|
||||||
|
COPY --from=builder /usr/src/minauthator/init_db.sh /usr/local/bin/minauthator_init_db.sh
|
||||||
|
COPY --from=builder /usr/src/minauthator/assets /usr/local/lib/minauthator/assets
|
||||||
|
|
||||||
|
RUN addgroup -g 1000 app && \
|
||||||
|
adduser -S -u 1000 -G app -s /bin/sh app && \
|
||||||
|
chown -R app:app /var/lib/minauthator && \
|
||||||
|
chmod -R u=rwx,g=rwx,o= /var/lib/minauthator
|
||||||
|
|
||||||
|
USER app:app
|
||||||
|
ENV RUST_LOG=info
|
||||||
|
ENV RUST_BACKTRACE=1
|
||||||
|
ENV APP_JWT_SECRET="DummyAppSecret20241029"
|
||||||
|
|
||||||
|
CMD ["minauthator-server", "--listen-host", "0.0.0.0", "--listen-port", "8080"]
|
||||||
|
|
||||||
|
|
49
README.md
49
README.md
|
@ -1,24 +1,45 @@
|
||||||
# Minauthator
|
# Minauthator
|
||||||
|
|
||||||
Minauthator is an identity provider supporting [OpenID Connect (OIDC)](https://en.wikipedia.org/wiki/OpenID_Connect).
|
Minauthator is an identity provider server supporting [OpenID Connect (OIDC)](https://en.wikipedia.org/wiki/OpenID_Connect).
|
||||||
|
|
||||||
This project aims to allow an organization to setup [single sign-on (SSO)](https://en.wikipedia.org/wiki/Single_sign-on) using a self-hosted free software.
|
This project aims to allow an organization to setup [single sign-on (SSO)](https://en.wikipedia.org/wiki/Single_sign-on) using a self-hosted free software (FOSS).
|
||||||
|
|
||||||
|
This project also aims to provide features while being frugal and minimalist.
|
||||||
|
|
||||||
**Project status: *early development, work-in-progress***
|
**Project status: *early development, work-in-progress***
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- Login
|
- [x] Login
|
||||||
- Register
|
- [x] Register
|
||||||
- OpenID Connect & OAuth 2.0
|
- [x] OpenID Connect & OAuth 2.0
|
||||||
- Activation token
|
- [x] Activation token
|
||||||
- Profile details
|
- [x] Profile details
|
||||||
- Static apps
|
- [x] Static apps
|
||||||
- User roles
|
- [x] Admin CLI to manage user.
|
||||||
- MFA/TOTP
|
- [x] User invitation with human token
|
||||||
- Email notifications
|
- [ ] User roles
|
||||||
- Login page customization
|
- [ ] User groups
|
||||||
- App carousel (App presentation to users)
|
- [ ] MFA/TOTP
|
||||||
|
- [ ] Email notifications
|
||||||
|
- [ ] Login page customization
|
||||||
|
- [x] App listing (App presentation to users)
|
||||||
|
- [x] Implicit OAuth 2.0 flow
|
||||||
|
- [ ] Email verification
|
||||||
|
- [ ] GPG keys verification and signing
|
||||||
|
- [ ] Docker deployment
|
||||||
|
- [ ] Full user panel & user privacy control
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
|
||||||
|
- Sqlite DB
|
||||||
|
- Kernel
|
||||||
|
- Http server
|
||||||
|
- Public API
|
||||||
|
- User API
|
||||||
|
- Third-party OAuth2 app/client API
|
||||||
|
- Web GUI (no Javascript)
|
||||||
|
- Admin CLI
|
||||||
|
|
||||||
## Deps
|
## Deps
|
||||||
|
|
||||||
|
@ -28,4 +49,4 @@ This project aims to allow an organization to setup [single sign-on (SSO)](https
|
||||||
|
|
||||||
- [Authentik](https://goauthentik.io/)
|
- [Authentik](https://goauthentik.io/)
|
||||||
- [Keycloak](https://www.keycloak.org/)
|
- [Keycloak](https://www.keycloak.org/)
|
||||||
|
- [Kanidm](https://kanidm.com/)
|
||||||
|
|
50
TODO.md
50
TODO.md
|
@ -1,5 +1,23 @@
|
||||||
# TODO
|
# TODO
|
||||||
|
|
||||||
|
- [ ] i18n strings in the http website.
|
||||||
|
|
||||||
|
- [ ] Instance customization support
|
||||||
|
|
||||||
|
- [ ] Public endpoint to get user avatar by id
|
||||||
|
- [ ] Rework avatar upload to limit size and process the image?
|
||||||
|
|
||||||
|
- Authorize form
|
||||||
|
- [ ] Show details about permissions
|
||||||
|
- [ ] Show app logo
|
||||||
|
|
||||||
|
- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
|
||||||
|
|
||||||
|
- [ ] feat(perms): add groups and roles
|
||||||
|
|
||||||
|
- [ ] UserWebGUI: add TOTP
|
||||||
|
- [ ] send emails to users
|
||||||
|
|
||||||
- [x] Login form
|
- [x] Login form
|
||||||
- [x] Register form
|
- [x] Register form
|
||||||
- [x] Redirect to login form if unauthenticated
|
- [x] Redirect to login form if unauthenticated
|
||||||
|
@ -13,20 +31,12 @@
|
||||||
- [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c)
|
- [x] Support OpenID to use with demo client [oauth2c](https://github.com/cloudentity/oauth2c)
|
||||||
- .well-known/openid-configuration
|
- .well-known/openid-configuration
|
||||||
|
|
||||||
|
- [x] architecture refactor
|
||||||
|
- [x] AdminCLI: init
|
||||||
|
- [x] AdminCLI: list users
|
||||||
|
- [x] AdminCLI: create and invite user
|
||||||
|
|
||||||
- [ ] i18n strings in the http website.
|
- [x] UserWebGUI: Invitation
|
||||||
|
|
||||||
- [ ] App config
|
|
||||||
- Add app logo (URI?)
|
|
||||||
|
|
||||||
- [ ] Public endpoint to get user avatar by id
|
|
||||||
- [ ] Rework avatar upload to limit size and process the image?
|
|
||||||
|
|
||||||
- [ ] Authorize form
|
|
||||||
- Show details about permissions
|
|
||||||
- Show app logo
|
|
||||||
|
|
||||||
- [ ] Support error responses by https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
|
|
||||||
|
|
||||||
- [x] UserWebGUI: Redirect to login when JWT expire
|
- [x] UserWebGUI: Redirect to login when JWT expire
|
||||||
- [x] UserWebGUI: Show user authorizations.
|
- [x] UserWebGUI: Show user authorizations.
|
||||||
|
@ -37,14 +47,6 @@
|
||||||
|
|
||||||
- [x] UserWebGUI: activate account with token
|
- [x] UserWebGUI: activate account with token
|
||||||
|
|
||||||
- [ ] feat(perms): add groups and roles
|
- [X] basic docker setup
|
||||||
|
- [ ] make `docker stop` working (handle SIGTERM/SIGINT)
|
||||||
- [ ] UserWebGUI: add TOTP
|
- [ ] implement docker secrets. https://docs.docker.com/engine/swarm/secrets/
|
||||||
- [ ] send emails to users
|
|
||||||
|
|
||||||
- Architecture: do we have an admin API?
|
|
||||||
|
|
||||||
- [ ] AdminCLI: init
|
|
||||||
- [ ] AdminWebGUI: List users
|
|
||||||
- [ ] AdminWebGUI: Assign groups to users
|
|
||||||
- [ ] AdminWebGUI: Create invitation
|
|
||||||
|
|
3
admin.sh
Executable file
3
admin.sh
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/usr/bin/sh
|
||||||
|
|
||||||
|
cargo run -q --bin minauthator-admin -- --config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets $@
|
|
@ -7,3 +7,47 @@ https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path
|
||||||
## Oauth2 test
|
## Oauth2 test
|
||||||
|
|
||||||
-> authorize
|
-> authorize
|
||||||
|
|
||||||
|
# User flow
|
||||||
|
|
||||||
|
## Invitation flow
|
||||||
|
|
||||||
|
- Create invite
|
||||||
|
- generate A random
|
||||||
|
- user.reset_password_token = A
|
||||||
|
- user.status = "Invited"
|
||||||
|
- Send email with link to https://instance/reset-password?token=A&reason=invitation
|
||||||
|
- GET /reset-password?token=A&reason=invitation
|
||||||
|
- verification of token
|
||||||
|
- show form
|
||||||
|
- POST /reset-password
|
||||||
|
- BODY: with params token
|
||||||
|
- check token validity
|
||||||
|
- set new password hash
|
||||||
|
- if user.status == "invited"
|
||||||
|
- enable new account (user.status = "active")
|
||||||
|
- send welcome email
|
||||||
|
- redirect to login page with a message
|
||||||
|
- we need to redirect to the login page, so the user remember how to login later, and can
|
||||||
|
verify the setup of his/her password manager.
|
||||||
|
|
||||||
|
We can instead send link to https://instance/invitation?token=A
|
||||||
|
|
||||||
|
## Reset password flow
|
||||||
|
|
||||||
|
- Reset password request
|
||||||
|
- generate A random
|
||||||
|
- user.reset_password_token = A
|
||||||
|
- Send email with link to https://instance/reset-password?token=A&reason=lost_password
|
||||||
|
- GET /reset-password?token=A&reason=lost_password
|
||||||
|
- verification of token
|
||||||
|
- show form
|
||||||
|
- POST /reset-password
|
||||||
|
- BODY: with params token
|
||||||
|
- check token validity
|
||||||
|
- set new password hash
|
||||||
|
- redirect to login page with a message
|
||||||
|
- we need to redirect to the login page, so the user remember how to login later, and can
|
||||||
|
verify the setup of his/her password manager.
|
||||||
|
|
||||||
|
We can instead send link to https://instance/reset-password?token=A
|
||||||
|
|
10
init_db.sh
Executable file
10
init_db.sh
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
DEFAULT_DB_PATH="/var/lib/minauthator/minauthator.db"
|
||||||
|
DEFAULT_MIGRATION_PATH="/usr/local/src/minauthator/migrations/all.sql"
|
||||||
|
|
||||||
|
DB_PATH="${DB_PATH:-$DEFAULT_DB_PATH}"
|
||||||
|
MIGRATION_PATH="${MIGRATION_PATH:-$DEFAULT_MIGRATION_PATH}"
|
||||||
|
|
||||||
|
sqlite3 $DB_PATH < $MIGRATION_PATH
|
||||||
|
|
33
justfile
33
justfile
|
@ -1,21 +1,32 @@
|
||||||
export RUST_BACKTRACE := "1"
|
export RUST_BACKTRACE := "1"
|
||||||
export RUST_LOG := "trace"
|
export RUST_LOG := "trace"
|
||||||
export RUN_ARGS := "run --bin minauthator-server -- --config ./config.toml --database ./tmp/dbs/minauthator.db --static-assets ./assets"
|
export CONTEXT_ARGS := "--config config.toml --database tmp/dbs/minauthator.db --static-assets ./assets"
|
||||||
|
|
||||||
watch-run:
|
watch-server:
|
||||||
cargo-watch -x "$RUN_ARGS"
|
cargo-watch -x "run --bin minauthator-server -- $CONTEXT_ARGS"
|
||||||
|
|
||||||
run:
|
server:
|
||||||
cargo $RUN_ARGS
|
cargo run --bin minauthator-server -- $CONTEXT_ARGS
|
||||||
|
|
||||||
docker-run:
|
admin:
|
||||||
docker run -p 3085:8080 -v ./tmp/docker/config:/etc/minauthator -v ./tmp/docker/db:/var/lib/minauthator minauthator
|
cargo run --bin minauthator-admin -- $CONTEXT_ARGS
|
||||||
|
|
||||||
docker-init-db:
|
|
||||||
docker run -v ./tmp/docker/config:/etc/minauthator -v ./tmp/docker/db:/var/lib/minauthator minauthator /usr/local/bin/minauthator_init_db.sh
|
|
||||||
|
|
||||||
docker-build:
|
docker-build:
|
||||||
docker build -t minauthator .
|
docker build -t lefuturiste/minauthator .
|
||||||
|
|
||||||
|
docker-init-db:
|
||||||
|
docker run \
|
||||||
|
-v ./tmp/docker/config:/etc/minauthator \
|
||||||
|
-v minauthator-db:/var/lib/minauthator \
|
||||||
|
lefuturiste/minauthator \
|
||||||
|
/usr/local/bin/minauthator_init_db.sh
|
||||||
|
|
||||||
|
docker-run:
|
||||||
|
docker run \
|
||||||
|
-p 127.0.0.1:3085:8080 \
|
||||||
|
-v ./tmp/docker/config:/etc/minauthator \
|
||||||
|
-v minauthator-db:/var/lib/minauthator \
|
||||||
|
lefuturiste/minauthator
|
||||||
|
|
||||||
init-db:
|
init-db:
|
||||||
sqlite3 -echo tmp/dbs/minauthator.db < migrations/all.sql
|
sqlite3 -echo tmp/dbs/minauthator.db < migrations/all.sql
|
||||||
|
|
|
@ -2,10 +2,17 @@
|
||||||
name = "admin_cli"
|
name = "admin_cli"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
|
||||||
[dependencies]
|
|
||||||
anyhow = { workspace = true }
|
|
||||||
fully_pub = { workspace = true }
|
|
||||||
|
|
||||||
[[bin]]
|
[[bin]]
|
||||||
name = "minauthator-admin"
|
name = "minauthator-admin"
|
||||||
path = "src/main.rs"
|
path = "src/main.rs"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
anyhow = { workspace = true }
|
||||||
|
thiserror = { workspace = true }
|
||||||
|
fully_pub = { workspace = true }
|
||||||
|
argh = { workspace = true }
|
||||||
|
tokio = { workspace = true }
|
||||||
|
log = { workspace = true }
|
||||||
|
env_logger = { workspace = true }
|
||||||
|
|
||||||
|
kernel = { path = "../kernel" }
|
||||||
|
|
1
lib/admin_cli/src/commands/mod.rs
Normal file
1
lib/admin_cli/src/commands/mod.rs
Normal file
|
@ -0,0 +1 @@
|
||||||
|
pub mod users;
|
115
lib/admin_cli/src/commands/users.rs
Normal file
115
lib/admin_cli/src/commands/users.rs
Normal file
|
@ -0,0 +1,115 @@
|
||||||
|
use anyhow::{Context, Result};
|
||||||
|
use argh::FromArgs;
|
||||||
|
use fully_pub::fully_pub;
|
||||||
|
use kernel::{context::KernelContext, models::user::User, repositories::users::get_users};
|
||||||
|
use log::info;
|
||||||
|
|
||||||
|
#[fully_pub]
|
||||||
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
#[argh(
|
||||||
|
subcommand, name = "create",
|
||||||
|
description = "Create user in DB."
|
||||||
|
)]
|
||||||
|
struct CreateUserCommand {
|
||||||
|
/// aka login, username
|
||||||
|
#[argh(option)]
|
||||||
|
handle: String,
|
||||||
|
|
||||||
|
/// displayed name (eg. first name and last name)
|
||||||
|
#[argh(option)]
|
||||||
|
full_name: Option<String>,
|
||||||
|
|
||||||
|
/// use to identify and prove user identity
|
||||||
|
/// formated as specified in RFC 2821, RFC 3696
|
||||||
|
#[argh(option)]
|
||||||
|
email: String,
|
||||||
|
|
||||||
|
/// if true, create an invitation token
|
||||||
|
#[argh(switch)]
|
||||||
|
invite: bool
|
||||||
|
}
|
||||||
|
|
||||||
|
#[fully_pub]
|
||||||
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
#[argh(
|
||||||
|
subcommand, name = "delete",
|
||||||
|
description = "Delete user in DB."
|
||||||
|
)]
|
||||||
|
struct DeleteUserCommand {
|
||||||
|
/// delete by user Uuid
|
||||||
|
#[argh(option)]
|
||||||
|
id: String
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[fully_pub]
|
||||||
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
#[argh(
|
||||||
|
subcommand, name = "list",
|
||||||
|
description = "List users in DB."
|
||||||
|
)]
|
||||||
|
struct ListUsersCommand {
|
||||||
|
/// how many users to return
|
||||||
|
#[argh(option)]
|
||||||
|
limit: Option<usize>,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[fully_pub]
|
||||||
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
#[argh(subcommand)]
|
||||||
|
enum UsersSubCommands {
|
||||||
|
Create(CreateUserCommand),
|
||||||
|
List(ListUsersCommand),
|
||||||
|
Delete(DeleteUserCommand),
|
||||||
|
}
|
||||||
|
|
||||||
|
#[fully_pub]
|
||||||
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
#[argh(
|
||||||
|
subcommand, name = "users",
|
||||||
|
description = "Manage instance users."
|
||||||
|
)]
|
||||||
|
struct UsersCommand {
|
||||||
|
#[argh(subcommand)]
|
||||||
|
nested: UsersSubCommands,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
pub async fn list_users(cmd: ListUsersCommand, ctx: KernelContext) -> Result<()> {
|
||||||
|
for user in get_users(&ctx.storage).await? {
|
||||||
|
println!(
|
||||||
|
"{0: <36} | [{1:<8}] | {2: <15} | {3: <25}",
|
||||||
|
user.id, user.status, user.handle, user.email.unwrap_or("()".to_string())
|
||||||
|
);
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn create_user(cmd: CreateUserCommand, ctx: KernelContext) -> Result<()> {
|
||||||
|
let mut user = User::new(cmd.handle);
|
||||||
|
user.email = Some(cmd.email);
|
||||||
|
user.full_name = cmd.full_name;
|
||||||
|
if cmd.invite {
|
||||||
|
user.invite();
|
||||||
|
println!("Generated invite code: {}", user.reset_password_token.as_ref().unwrap());
|
||||||
|
}
|
||||||
|
let _res = kernel::actions::users::create_user(ctx, user).await?;
|
||||||
|
info!("Created user.");
|
||||||
|
if cmd.invite {
|
||||||
|
// TODO: Send invitation email
|
||||||
|
info!("Not sending invitation email.");
|
||||||
|
}
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn delete_user(cmd: DeleteUserCommand, ctx: KernelContext) -> Result<()> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn handle_command_tree(cmd: UsersCommand, ctx: KernelContext) -> Result<()> {
|
||||||
|
match cmd.nested {
|
||||||
|
UsersSubCommands::List(sc) => list_users(sc, ctx).await,
|
||||||
|
UsersSubCommands::Create(sc) => create_user(sc, ctx).await,
|
||||||
|
UsersSubCommands::Delete(sc) => delete_user(sc, ctx).await
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,49 @@
|
||||||
use anyhow::Result;
|
use argh::FromArgs;
|
||||||
|
use anyhow::{Context, Result};
|
||||||
|
use commands::users;
|
||||||
|
use kernel::context::{get_kernel_context, StartKernelConfig};
|
||||||
|
use log::info;
|
||||||
|
|
||||||
fn main() -> Result<()> {
|
pub mod commands;
|
||||||
println!("Starting minauthator admin CLI");
|
|
||||||
Ok(())
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
#[argh(subcommand)]
|
||||||
|
enum SubCommands {
|
||||||
|
Users(users::UsersCommand),
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(FromArgs, PartialEq, Debug)]
|
||||||
|
/// Minauthator admin top level
|
||||||
|
struct AdminCliTopLevelCommand {
|
||||||
|
#[argh(subcommand)]
|
||||||
|
nested: SubCommands,
|
||||||
|
|
||||||
|
/// path to YAML config file to use to configure this instance
|
||||||
|
#[argh(option)]
|
||||||
|
config: Option<String>,
|
||||||
|
|
||||||
|
/// path to the Sqlite3 DB file to use
|
||||||
|
#[argh(option)]
|
||||||
|
database: Option<String>,
|
||||||
|
|
||||||
|
/// path to the static assets dir
|
||||||
|
#[argh(option)]
|
||||||
|
static_assets: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// handle CLI arguments to run admin CLI
|
||||||
|
#[tokio::main]
|
||||||
|
pub async fn main() -> Result<()> {
|
||||||
|
info!("Starting minauth");
|
||||||
|
let command_input: AdminCliTopLevelCommand = argh::from_env();
|
||||||
|
let ctx = get_kernel_context(StartKernelConfig {
|
||||||
|
config_path: command_input.config.clone(),
|
||||||
|
database_path: command_input.database.clone()
|
||||||
|
}).await.context("Getting kernel context")?;
|
||||||
|
|
||||||
|
match command_input.nested {
|
||||||
|
SubCommands::Users(sc) => {
|
||||||
|
users::handle_command_tree(sc, ctx).await
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,7 @@ strum = { workspace = true }
|
||||||
strum_macros = { workspace = true }
|
strum_macros = { workspace = true }
|
||||||
|
|
||||||
anyhow = { workspace = true }
|
anyhow = { workspace = true }
|
||||||
|
thiserror = { workspace = true }
|
||||||
fully_pub = { workspace = true }
|
fully_pub = { workspace = true }
|
||||||
|
|
||||||
tokio = { workspace = true }
|
tokio = { workspace = true }
|
||||||
|
|
|
@ -2,3 +2,4 @@ pub mod index;
|
||||||
pub mod oauth2;
|
pub mod oauth2;
|
||||||
pub mod read_user;
|
pub mod read_user;
|
||||||
pub mod openid;
|
pub mod openid;
|
||||||
|
pub mod public_assets;
|
||||||
|
|
27
lib/http_server/src/controllers/api/public_assets.rs
Normal file
27
lib/http_server/src/controllers/api/public_assets.rs
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
use axum::{extract::{Path, State}, http::{header, HeaderMap, HeaderValue, StatusCode}, response::{Html, IntoResponse}};
|
||||||
|
use kernel::repositories::users::get_user_asset_by_id;
|
||||||
|
|
||||||
|
use crate::AppState;
|
||||||
|
|
||||||
|
pub async fn get_user_asset(
|
||||||
|
State(app_state): State<AppState>,
|
||||||
|
Path(asset_id): Path<String>
|
||||||
|
) -> impl IntoResponse {
|
||||||
|
let user_asset = match get_user_asset_by_id(&app_state.db, &asset_id).await {
|
||||||
|
Err(_) => {
|
||||||
|
return (
|
||||||
|
StatusCode::NOT_FOUND,
|
||||||
|
Html("Could not find user asset")
|
||||||
|
).into_response();
|
||||||
|
},
|
||||||
|
Ok(ua) => ua
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut hm = HeaderMap::new();
|
||||||
|
hm.insert(
|
||||||
|
header::CONTENT_TYPE,
|
||||||
|
HeaderValue::from_str(&user_asset.mime_type).expect("Constructing header value.")
|
||||||
|
);
|
||||||
|
|
||||||
|
(hm, user_asset.content).into_response()
|
||||||
|
}
|
|
@ -1,7 +1,8 @@
|
||||||
|
use anyhow::Context;
|
||||||
use axum::{body::Bytes, extract::State, response::IntoResponse, Extension};
|
use axum::{body::Bytes, extract::State, response::IntoResponse, Extension};
|
||||||
use axum_typed_multipart::{FieldData, TryFromMultipart, TypedMultipart};
|
use axum_typed_multipart::{FieldData, TryFromMultipart, TypedMultipart};
|
||||||
use fully_pub::fully_pub;
|
use fully_pub::fully_pub;
|
||||||
use log::error;
|
use log::{error, info};
|
||||||
use minijinja::context;
|
use minijinja::context;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
|
@ -9,7 +10,7 @@ use crate::{
|
||||||
renderer::TemplateRenderer,
|
renderer::TemplateRenderer,
|
||||||
AppState
|
AppState
|
||||||
};
|
};
|
||||||
use kernel::models::user::User;
|
use kernel::{models::{user::User, user_asset::UserAsset}, repositories::users::create_user_asset};
|
||||||
|
|
||||||
pub async fn me_page(
|
pub async fn me_page(
|
||||||
State(app_state): State<AppState>,
|
State(app_state): State<AppState>,
|
||||||
|
@ -61,7 +62,7 @@ struct UserDetailsUpdateForm {
|
||||||
website: String,
|
website: String,
|
||||||
|
|
||||||
#[form_data(limit = "5MiB")]
|
#[form_data(limit = "5MiB")]
|
||||||
picture: FieldData<Bytes>
|
avatar: FieldData<Bytes>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -73,17 +74,41 @@ pub async fn me_perform_update_details(
|
||||||
) -> impl IntoResponse {
|
) -> impl IntoResponse {
|
||||||
let template_path = "pages/me/details-form";
|
let template_path = "pages/me/details-form";
|
||||||
|
|
||||||
let update_res = sqlx::query("UPDATE users SET handle = $2, email = $3, full_name = $4, website = $5, picture = $6 WHERE id = $1")
|
let user = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
||||||
|
.bind(&token_claims.sub)
|
||||||
|
.fetch_one(&app_state.db.0)
|
||||||
|
.await
|
||||||
|
.expect("To get user from claim");
|
||||||
|
|
||||||
|
let update_res = sqlx::query("UPDATE users SET handle = $2, email = $3, full_name = $4, website = $5 WHERE id = $1")
|
||||||
.bind(&token_claims.sub)
|
.bind(&token_claims.sub)
|
||||||
.bind(details_update.handle)
|
.bind(details_update.handle)
|
||||||
.bind(details_update.email)
|
.bind(details_update.email)
|
||||||
.bind(details_update.full_name)
|
.bind(details_update.full_name)
|
||||||
.bind(details_update.website)
|
.bind(details_update.website)
|
||||||
.bind(details_update.picture.contents.to_vec())
|
|
||||||
.execute(&app_state.db.0)
|
.execute(&app_state.db.0)
|
||||||
.await;
|
.await;
|
||||||
|
|
||||||
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
if !details_update.avatar.contents.is_empty() {
|
||||||
|
let user_asset = UserAsset::new(
|
||||||
|
&user,
|
||||||
|
details_update.avatar.contents.to_vec(),
|
||||||
|
details_update.avatar.metadata.content_type.expect("Expected mimetype on avatar content"),
|
||||||
|
details_update.avatar.metadata.name
|
||||||
|
);
|
||||||
|
let _update_res = sqlx::query("UPDATE users SET avatar_asset_id = $2 WHERE id = $1")
|
||||||
|
.bind(&token_claims.sub)
|
||||||
|
.bind(user_asset.id.clone())
|
||||||
|
.execute(&app_state.db.0)
|
||||||
|
.await;
|
||||||
|
// TODO: handle possible error
|
||||||
|
let _ = create_user_asset(&app_state.db, user_asset)
|
||||||
|
.await
|
||||||
|
.context("Creating user avatar asset.");
|
||||||
|
info!("Uploaded new avatar as user asset");
|
||||||
|
}
|
||||||
|
|
||||||
|
let user = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
||||||
.bind(&token_claims.sub)
|
.bind(&token_claims.sub)
|
||||||
.fetch_one(&app_state.db.0)
|
.fetch_one(&app_state.db.0)
|
||||||
.await
|
.await
|
||||||
|
@ -95,7 +120,7 @@ pub async fn me_perform_update_details(
|
||||||
template_path,
|
template_path,
|
||||||
context!(
|
context!(
|
||||||
success => true,
|
success => true,
|
||||||
user => user_res
|
user => user
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
|
@ -105,7 +130,7 @@ pub async fn me_perform_update_details(
|
||||||
template_path,
|
template_path,
|
||||||
context!(
|
context!(
|
||||||
error => Some("Cannot update user details.".to_string()),
|
error => Some("Cannot update user details.".to_string()),
|
||||||
user => user_res
|
user => user
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,3 +6,4 @@ pub mod me;
|
||||||
pub mod logout;
|
pub mod logout;
|
||||||
pub mod user_panel;
|
pub mod user_panel;
|
||||||
pub mod apps;
|
pub mod apps;
|
||||||
|
pub mod reset_password;
|
||||||
|
|
|
@ -46,12 +46,12 @@ pub async fn perform_register(
|
||||||
email: Some(register.email),
|
email: Some(register.email),
|
||||||
handle: register.handle,
|
handle: register.handle,
|
||||||
full_name: None,
|
full_name: None,
|
||||||
picture: None,
|
avatar_asset_id: None,
|
||||||
|
|
||||||
password_hash,
|
password_hash,
|
||||||
status: UserStatus::Active,
|
status: UserStatus::Active,
|
||||||
roles: Json(Vec::new()), // take the default role in the config
|
roles: Json(Vec::new()), // take the default role in the config
|
||||||
activation_token: None,
|
reset_password_token: None,
|
||||||
created_at: Utc::now(),
|
created_at: Utc::now(),
|
||||||
website: None,
|
website: None,
|
||||||
last_login_at: None
|
last_login_at: None
|
||||||
|
|
139
lib/http_server/src/controllers/ui/reset_password.rs
Normal file
139
lib/http_server/src/controllers/ui/reset_password.rs
Normal file
|
@ -0,0 +1,139 @@
|
||||||
|
use axum::{extract::{MatchedPath, Query, State}, http::StatusCode, response::{Html, IntoResponse, Redirect}, Extension, Form};
|
||||||
|
use log::{error, info};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use minijinja::context;
|
||||||
|
use fully_pub::fully_pub;
|
||||||
|
|
||||||
|
use crate::{renderer::TemplateRenderer, AppState};
|
||||||
|
|
||||||
|
use kernel::models::user::{User, UserStatus};
|
||||||
|
use utils::get_password_hash;
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize, Serialize)]
|
||||||
|
#[fully_pub]
|
||||||
|
enum ResetPasswordReason {
|
||||||
|
LostPassword,
|
||||||
|
Invitation
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize, Serialize)]
|
||||||
|
#[fully_pub]
|
||||||
|
struct ResetPasswordQueryParams {
|
||||||
|
token: String
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn reset_password_form(
|
||||||
|
State(app_state): State<AppState>,
|
||||||
|
path: MatchedPath,
|
||||||
|
Extension(renderer): Extension<TemplateRenderer>,
|
||||||
|
Query(query_params): Query<ResetPasswordQueryParams>
|
||||||
|
) -> impl IntoResponse {
|
||||||
|
let reason: ResetPasswordReason = match path.as_str() {
|
||||||
|
"/invitation" => ResetPasswordReason::Invitation,
|
||||||
|
"/reset-password" => ResetPasswordReason::LostPassword,
|
||||||
|
_ => unreachable!()
|
||||||
|
};
|
||||||
|
// 1. Verify token
|
||||||
|
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
|
||||||
|
.bind(&query_params.token)
|
||||||
|
.fetch_one(&app_state.db.0)
|
||||||
|
.await;
|
||||||
|
let _user = match user_res {
|
||||||
|
Ok(u) => u,
|
||||||
|
Err(sqlx::Error::RowNotFound) => {
|
||||||
|
return (
|
||||||
|
StatusCode::BAD_REQUEST,
|
||||||
|
Html("Invalid reset password token.")
|
||||||
|
).into_response();
|
||||||
|
},
|
||||||
|
Err(err) => {
|
||||||
|
error!("Failed to retreive user from reset password token. {}", err);
|
||||||
|
return (
|
||||||
|
StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
Html("Internal server error: Failed to retreive user.")
|
||||||
|
).into_response();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
renderer.render(
|
||||||
|
"pages/reset_password",
|
||||||
|
context!(
|
||||||
|
reason => reason,
|
||||||
|
token => query_params.token,
|
||||||
|
)
|
||||||
|
).into_response()
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Deserialize)]
|
||||||
|
#[fully_pub]
|
||||||
|
struct ResetPasswordForm {
|
||||||
|
token: String,
|
||||||
|
password: String,
|
||||||
|
password_confirmation: String
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn perform_reset_password(
|
||||||
|
State(app_state): State<AppState>,
|
||||||
|
Form(reset_form): Form<ResetPasswordForm>
|
||||||
|
) -> impl IntoResponse {
|
||||||
|
// 1. Verify token
|
||||||
|
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE reset_password_token = $1")
|
||||||
|
.bind(&reset_form.token)
|
||||||
|
.fetch_one(&app_state.db.0)
|
||||||
|
.await;
|
||||||
|
let user = match user_res {
|
||||||
|
Ok(u) => u,
|
||||||
|
Err(sqlx::Error::RowNotFound) => {
|
||||||
|
return (
|
||||||
|
StatusCode::BAD_REQUEST,
|
||||||
|
Html("Invalid reset password token.")
|
||||||
|
).into_response();
|
||||||
|
},
|
||||||
|
Err(err) => {
|
||||||
|
error!("Failed to retreive user from reset password token. {}", err);
|
||||||
|
return (
|
||||||
|
StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
Html("Internal server error: Failed to retreive user.")
|
||||||
|
).into_response();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
if reset_form.password != reset_form.password_confirmation {
|
||||||
|
return (
|
||||||
|
StatusCode::BAD_REQUEST,
|
||||||
|
Html("Form data error: The two passwords are differents.")
|
||||||
|
).into_response();
|
||||||
|
}
|
||||||
|
|
||||||
|
let password_hash = Some(
|
||||||
|
get_password_hash(reset_form.password)
|
||||||
|
.expect("To process password").1
|
||||||
|
);
|
||||||
|
if user.status == UserStatus::Invited {
|
||||||
|
info!("The password of an Invited user was set: activation of user account");
|
||||||
|
// TODO: send welcome email
|
||||||
|
}
|
||||||
|
let res = sqlx::query("UPDATE users
|
||||||
|
SET password_hash = $2, status = $3, reset_password_token = NULL
|
||||||
|
WHERE id = $1
|
||||||
|
")
|
||||||
|
.bind(user.id)
|
||||||
|
.bind(password_hash)
|
||||||
|
.bind(UserStatus::Active)
|
||||||
|
.execute(&app_state.db.0)
|
||||||
|
.await;
|
||||||
|
match res {
|
||||||
|
Err(err) => {
|
||||||
|
error!("Cannot update user: {}", err);
|
||||||
|
return (
|
||||||
|
StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
Html("Internal server error: Failed to update user.")
|
||||||
|
).into_response();
|
||||||
|
},
|
||||||
|
Ok(_v) => {
|
||||||
|
info!("Changed user's password successfuly.");
|
||||||
|
}
|
||||||
|
};
|
||||||
|
// TODO: add either "Successfully changed password" or "Account enabled successfully" message
|
||||||
|
Redirect::to("/login").into_response()
|
||||||
|
}
|
||||||
|
|
|
@ -7,7 +7,7 @@ pub mod token_claims;
|
||||||
|
|
||||||
use fully_pub::fully_pub;
|
use fully_pub::fully_pub;
|
||||||
use anyhow::{Result, Context};
|
use anyhow::{Result, Context};
|
||||||
use kernel::{context::AppSecrets, models::config::Config, repositories::storage::Storage};
|
use kernel::{context::{AppSecrets, KernelContext}, models::config::Config, repositories::storage::Storage};
|
||||||
use log::info;
|
use log::info;
|
||||||
use minijinja::Environment;
|
use minijinja::Environment;
|
||||||
|
|
||||||
|
@ -38,16 +38,14 @@ pub struct AppState {
|
||||||
|
|
||||||
pub async fn start_http_server(
|
pub async fn start_http_server(
|
||||||
server_config: ServerConfig,
|
server_config: ServerConfig,
|
||||||
config: Config,
|
ctx: KernelContext
|
||||||
secrets: AppSecrets,
|
|
||||||
db_pool: Storage
|
|
||||||
) -> Result<()> {
|
) -> Result<()> {
|
||||||
// build state
|
// build state
|
||||||
let state = AppState {
|
let state = AppState {
|
||||||
templating_env: build_templating_env(&config),
|
templating_env: build_templating_env(&ctx.config),
|
||||||
config,
|
config: ctx.config,
|
||||||
secrets,
|
secrets: ctx.secrets,
|
||||||
db: db_pool
|
db: ctx.storage
|
||||||
};
|
};
|
||||||
|
|
||||||
// build routes
|
// build routes
|
||||||
|
|
|
@ -32,7 +32,7 @@ struct ServerCliFlags {
|
||||||
pub async fn main() -> Result<()> {
|
pub async fn main() -> Result<()> {
|
||||||
info!("Starting minauth");
|
info!("Starting minauth");
|
||||||
let flags: ServerCliFlags = argh::from_env();
|
let flags: ServerCliFlags = argh::from_env();
|
||||||
let (config, secrets, db_pool) = get_kernel_context(StartKernelConfig {
|
let kernel_context = get_kernel_context(StartKernelConfig {
|
||||||
config_path: flags.config,
|
config_path: flags.config,
|
||||||
database_path: flags.database
|
database_path: flags.database
|
||||||
}).await.context("Getting kernel context")?;
|
}).await.context("Getting kernel context")?;
|
||||||
|
@ -42,8 +42,6 @@ pub async fn main() -> Result<()> {
|
||||||
listen_host: flags.listen_host,
|
listen_host: flags.listen_host,
|
||||||
listen_port: flags.listen_port
|
listen_port: flags.listen_port
|
||||||
},
|
},
|
||||||
config,
|
kernel_context
|
||||||
secrets,
|
|
||||||
db_pool
|
|
||||||
).await
|
).await
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,9 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
|
||||||
.route("/register", post(ui::register::perform_register))
|
.route("/register", post(ui::register::perform_register))
|
||||||
.route("/login", get(ui::login::login_form))
|
.route("/login", get(ui::login::login_form))
|
||||||
.route("/login", post(ui::login::perform_login))
|
.route("/login", post(ui::login::perform_login))
|
||||||
|
.route("/invitation", get(ui::reset_password::reset_password_form))
|
||||||
|
.route("/reset-password", get(ui::reset_password::reset_password_form))
|
||||||
|
.route("/reset-password", post(ui::reset_password::perform_reset_password))
|
||||||
.layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
|
.layer(middleware::from_fn_with_state(app_state.clone(), renderer_middleware))
|
||||||
.layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));
|
.layer(middleware::from_fn_with_state(app_state.clone(), user_auth::auth_middleware));
|
||||||
|
|
||||||
|
@ -44,7 +47,8 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
|
||||||
let api_user_routes = Router::new()
|
let api_user_routes = Router::new()
|
||||||
.route("/api/user", get(api::read_user::read_user_basic))
|
.route("/api/user", get(api::read_user::read_user_basic))
|
||||||
.layer(middleware::from_fn_with_state(app_state.clone(), app_auth::enforce_jwt_auth_middleware))
|
.layer(middleware::from_fn_with_state(app_state.clone(), app_auth::enforce_jwt_auth_middleware))
|
||||||
.route("/api", get(api::index::get_index));
|
.route("/api", get(api::index::get_index))
|
||||||
|
.route("/api/user-assets/:asset_id", get(api::public_assets::get_user_asset));
|
||||||
|
|
||||||
let well_known_routes = Router::new()
|
let well_known_routes = Router::new()
|
||||||
.route("/.well-known/openid-configuration", get(api::openid::well_known::get_well_known_openid_configuration));
|
.route("/.well-known/openid-configuration", get(api::openid::well_known::get_well_known_openid_configuration));
|
||||||
|
|
11
lib/http_server/src/templates/pages/error.html
Normal file
11
lib/http_server/src/templates/pages/error.html
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{% extends "layouts/base.html" %}
|
||||||
|
{% block body %}
|
||||||
|
<h1>Internal server error</h1>
|
||||||
|
|
||||||
|
{% if error %}
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
We are sorry. We've rencountered an unrecoverable error.
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
{% endblock %}
|
||||||
|
|
|
@ -55,10 +55,9 @@
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
<div class="mb-3">
|
<div class="mb-3">
|
||||||
<label for="picture">Profile picture</label>
|
<label for="avatar">Profile picture</label>
|
||||||
<!-- for now, no JPEG -->
|
|
||||||
<input
|
<input
|
||||||
id="picture" name="picture"
|
id="avatar" name="avatar"
|
||||||
type="file"
|
type="file"
|
||||||
accept="image/gif, image/png, image/jpeg"
|
accept="image/gif, image/png, image/jpeg"
|
||||||
class="form-control"
|
class="form-control"
|
||||||
|
|
|
@ -5,9 +5,12 @@
|
||||||
<a href="/me/details-form">Update details.</a>
|
<a href="/me/details-form">Update details.</a>
|
||||||
<a href="/me/authorizations">Manage authorizations.</a>
|
<a href="/me/authorizations">Manage authorizations.</a>
|
||||||
|
|
||||||
<p>
|
{% if user.avatar_asset_id %}
|
||||||
{% if user.picture %}
|
<div class="my-3">
|
||||||
<img src="data:image/*;base64,{{ encode_b64str(user.picture) }}" style="width: 150px; height: 150px; object-fit: contain">
|
<img
|
||||||
|
src="http://localhost:8085/api/user-assets/{{ user.avatar_asset_id }}"
|
||||||
|
style="width: 150px; height: 150px; object-fit: contain">
|
||||||
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
|
|
54
lib/http_server/src/templates/pages/reset_password.html
Normal file
54
lib/http_server/src/templates/pages/reset_password.html
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
{% extends "layouts/base.html" %}
|
||||||
|
{% block body %}
|
||||||
|
{% if reason == "Invitation" %}
|
||||||
|
<h1>Invitation</h1>
|
||||||
|
{% endif %}
|
||||||
|
{% if reason == "LostPassword" %}
|
||||||
|
<h1>Reset your password</h1>
|
||||||
|
{% endif %}
|
||||||
|
<!-- Reset password form -->
|
||||||
|
{% if error %}
|
||||||
|
<div class="alert alert-danger">
|
||||||
|
Error: {{ error }}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
{% if info %}
|
||||||
|
<div class="alert alert-info">
|
||||||
|
Info: {{ info }}
|
||||||
|
</div>
|
||||||
|
{% endif %}
|
||||||
|
{% if reason == "Invitation" %}
|
||||||
|
<p>
|
||||||
|
Pour activer votre compte, veuillez définir votre mot de passe.
|
||||||
|
</p>
|
||||||
|
{% endif %}
|
||||||
|
{% if reason == "LostPassword" %}
|
||||||
|
<p>
|
||||||
|
Votre mot de passe est perdu, veuillez définir un nouveau mot de passe.
|
||||||
|
</p>
|
||||||
|
{% endif %}
|
||||||
|
<form id="reset-password-form" method="post" action="/reset-password">
|
||||||
|
<div class="mb-3">
|
||||||
|
<label for="password" class="form-label">New password</label>
|
||||||
|
<input
|
||||||
|
id="password" name="password" type="password"
|
||||||
|
required
|
||||||
|
class="form-control"
|
||||||
|
/>
|
||||||
|
</div>
|
||||||
|
<div class="mb-3">
|
||||||
|
<label for="password" class="form-label">New password confirmation</label>
|
||||||
|
<input
|
||||||
|
id="password_confirmation" name="password_confirmation" type="password"
|
||||||
|
required
|
||||||
|
class="form-control"
|
||||||
|
/>
|
||||||
|
</div>
|
||||||
|
<input
|
||||||
|
id="token" name="token" type="hidden"
|
||||||
|
value="{{ token }}"
|
||||||
|
/>
|
||||||
|
|
||||||
|
<button type="submit" class="btn btn-primary">Change password</button>
|
||||||
|
</form>
|
||||||
|
{% endblock %}
|
|
@ -5,9 +5,10 @@ edition = "2021"
|
||||||
[dependencies]
|
[dependencies]
|
||||||
utils = { path = "../utils" }
|
utils = { path = "../utils" }
|
||||||
|
|
||||||
|
anyhow = { workspace = true }
|
||||||
|
thiserror = { workspace = true }
|
||||||
log = { workspace = true }
|
log = { workspace = true }
|
||||||
env_logger = { workspace = true }
|
env_logger = { workspace = true }
|
||||||
anyhow = { workspace = true }
|
|
||||||
fully_pub = { workspace = true }
|
fully_pub = { workspace = true }
|
||||||
strum = { workspace = true }
|
strum = { workspace = true }
|
||||||
strum_macros = { workspace = true }
|
strum_macros = { workspace = true }
|
||||||
|
@ -17,6 +18,8 @@ chrono = { workspace = true }
|
||||||
toml = { workspace = true }
|
toml = { workspace = true }
|
||||||
sqlx = { workspace = true }
|
sqlx = { workspace = true }
|
||||||
dotenvy = { workspace = true }
|
dotenvy = { workspace = true }
|
||||||
|
sha2 = { workspace = true }
|
||||||
|
hex-literal = { workspace = true }
|
||||||
|
|
||||||
uuid = { workspace = true }
|
uuid = { workspace = true }
|
||||||
url = { workspace = true }
|
url = { workspace = true }
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
pub mod users;
|
44
lib/kernel/src/actions/users.rs
Normal file
44
lib/kernel/src/actions/users.rs
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
use crate::{context::KernelContext, models::user::User};
|
||||||
|
|
||||||
|
use anyhow::{Context, Result};
|
||||||
|
use chrono::SecondsFormat;
|
||||||
|
use thiserror::Error;
|
||||||
|
|
||||||
|
#[derive(Error, Debug)]
|
||||||
|
pub enum CreateUserErr {
|
||||||
|
#[error("Handle or email for user is already used.")]
|
||||||
|
HandleOrEmailNotUnique,
|
||||||
|
|
||||||
|
#[error("Database error.")]
|
||||||
|
DatabaseErr(String)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn create_user(ctx: KernelContext, user: User) -> Result<(), CreateUserErr> {
|
||||||
|
let res = sqlx::query("
|
||||||
|
INSERT INTO users
|
||||||
|
(id, handle, email, status, roles, password_hash, reset_password_token, created_at)
|
||||||
|
VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
|
||||||
|
")
|
||||||
|
.bind(user.id)
|
||||||
|
.bind(user.handle)
|
||||||
|
.bind(user.email)
|
||||||
|
.bind(user.status.to_string())
|
||||||
|
.bind(user.roles)
|
||||||
|
.bind(user.password_hash)
|
||||||
|
.bind(user.reset_password_token)
|
||||||
|
.bind(user.created_at.to_rfc3339_opts(SecondsFormat::Millis, true))
|
||||||
|
.execute(&ctx.storage.0)
|
||||||
|
.await;
|
||||||
|
match res {
|
||||||
|
Err(err) => {
|
||||||
|
let db_err = &err.as_database_error().unwrap();
|
||||||
|
if db_err.code().unwrap() == "2067" {
|
||||||
|
Err(CreateUserErr::HandleOrEmailNotUnique)
|
||||||
|
} else {
|
||||||
|
dbg!(&err);
|
||||||
|
Err(CreateUserErr::DatabaseErr(db_err.to_string()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(_) => Ok(())
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
pub const DEFAULT_DB_PATH: &str = "/var/lib/minauthator/minauthator.db";
|
pub const DEFAULT_DB_PATH: &str = "/var/lib/minauthator/minauthator.db";
|
||||||
pub const DEFAULT_ASSETS_PATH: &str = "/usr/local/lib/minauthator/assets";
|
pub const DEFAULT_ASSETS_PATH: &str = "/usr/local/lib/minauthator/assets";
|
||||||
pub const DEFAULT_CONFIG_PATH: &str = "/etc/minauthator/config.yaml";
|
pub const DEFAULT_CONFIG_PATH: &str = "/etc/minauthator/config.toml";
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,15 @@ struct AppSecrets {
|
||||||
jwt_secret: String
|
jwt_secret: String
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<(Config, AppSecrets, Storage)> {
|
#[derive(Debug, Clone)]
|
||||||
|
#[fully_pub]
|
||||||
|
struct KernelContext {
|
||||||
|
config: Config,
|
||||||
|
secrets: AppSecrets,
|
||||||
|
storage: Storage
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<KernelContext> {
|
||||||
env_logger::init();
|
env_logger::init();
|
||||||
let _ = dotenvy::dotenv();
|
let _ = dotenvy::dotenv();
|
||||||
|
|
||||||
|
@ -42,10 +50,15 @@ pub async fn get_kernel_context(start_config: StartKernelConfig) -> Result<(Conf
|
||||||
let config: Config = get_config(config_path)
|
let config: Config = get_config(config_path)
|
||||||
.expect("Cannot get config.");
|
.expect("Cannot get config.");
|
||||||
|
|
||||||
dotenvy::dotenv().context("loading .env")?;
|
let _ = dotenvy::dotenv();
|
||||||
let secrets = AppSecrets {
|
let secrets = AppSecrets {
|
||||||
jwt_secret: env::var("APP_JWT_SECRET").context("Expecting APP_JWT_SECRET env var.")?
|
jwt_secret: env::var("APP_JWT_SECRET")
|
||||||
|
.context("Expected APP_JWT_SECRET environment variable to exists.")?
|
||||||
};
|
};
|
||||||
|
|
||||||
Ok((config, secrets, storage))
|
Ok(KernelContext {
|
||||||
|
config,
|
||||||
|
secrets,
|
||||||
|
storage
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
pub mod config;
|
pub mod config;
|
||||||
pub mod user;
|
pub mod user;
|
||||||
|
pub mod user_asset;
|
||||||
pub mod authorization;
|
pub mod authorization;
|
||||||
|
|
|
@ -2,13 +2,16 @@ use fully_pub::fully_pub;
|
||||||
use chrono::{DateTime, Utc};
|
use chrono::{DateTime, Utc};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use sqlx::types::Json;
|
use sqlx::types::Json;
|
||||||
|
use utils::get_random_human_token;
|
||||||
|
use uuid::Uuid;
|
||||||
|
|
||||||
#[derive(sqlx::Type, Clone, Debug, Serialize, Deserialize, PartialEq)]
|
#[derive(sqlx::Type, Clone, Debug, Serialize, Deserialize, PartialEq)]
|
||||||
#[derive(strum_macros::Display)]
|
#[derive(strum_macros::Display)]
|
||||||
#[fully_pub]
|
#[fully_pub]
|
||||||
enum UserStatus {
|
enum UserStatus {
|
||||||
Active,
|
Disabled,
|
||||||
Disabled
|
Invited,
|
||||||
|
Active
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(sqlx::FromRow, Deserialize, Serialize, Debug)]
|
#[derive(sqlx::FromRow, Deserialize, Serialize, Debug)]
|
||||||
|
@ -20,12 +23,39 @@ struct User {
|
||||||
full_name: Option<String>,
|
full_name: Option<String>,
|
||||||
email: Option<String>,
|
email: Option<String>,
|
||||||
website: Option<String>,
|
website: Option<String>,
|
||||||
picture: Option<Vec<u8>>, // embeded blob to store profile pic
|
avatar_asset_id: Option<String>,
|
||||||
password_hash: Option<String>, // argon2 password hash
|
password_hash: Option<String>, // argon2 password hash
|
||||||
status: UserStatus,
|
status: UserStatus,
|
||||||
roles: Json<Vec<String>>,
|
roles: Json<Vec<String>>,
|
||||||
activation_token: Option<String>,
|
reset_password_token: Option<String>,
|
||||||
|
|
||||||
last_login_at: Option<DateTime<Utc>>,
|
last_login_at: Option<DateTime<Utc>>,
|
||||||
created_at: DateTime<Utc>
|
created_at: DateTime<Utc>
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl User {
|
||||||
|
pub fn new(
|
||||||
|
handle: String
|
||||||
|
) -> User {
|
||||||
|
User {
|
||||||
|
id: Uuid::new_v4().to_string(),
|
||||||
|
handle,
|
||||||
|
full_name: None,
|
||||||
|
email: None,
|
||||||
|
website: None,
|
||||||
|
avatar_asset_id: None,
|
||||||
|
password_hash: None,
|
||||||
|
status: UserStatus::Disabled,
|
||||||
|
roles: Json(Vec::new()),
|
||||||
|
reset_password_token: None,
|
||||||
|
last_login_at: None,
|
||||||
|
created_at: Utc::now()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn invite(self: &mut Self) {
|
||||||
|
self.reset_password_token = Some(get_random_human_token());
|
||||||
|
self.status = UserStatus::Invited;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
41
lib/kernel/src/models/user_asset.rs
Normal file
41
lib/kernel/src/models/user_asset.rs
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
use fully_pub::fully_pub;
|
||||||
|
use chrono::{DateTime, Utc};
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use uuid::Uuid;
|
||||||
|
use sha2::{Sha256, Digest};
|
||||||
|
|
||||||
|
use super::user::User;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(sqlx::FromRow, Deserialize, Serialize, Debug)]
|
||||||
|
#[fully_pub]
|
||||||
|
struct UserAsset {
|
||||||
|
/// uuid
|
||||||
|
id: String,
|
||||||
|
user_id: String,
|
||||||
|
mime_type: String,
|
||||||
|
fingerprint: String,
|
||||||
|
name: Option<String>,
|
||||||
|
content: Vec<u8>,
|
||||||
|
created_at: DateTime<Utc>
|
||||||
|
}
|
||||||
|
|
||||||
|
impl UserAsset {
|
||||||
|
pub fn new(
|
||||||
|
user: &User,
|
||||||
|
content: Vec<u8>,
|
||||||
|
mime_type: String,
|
||||||
|
name: Option<String>
|
||||||
|
) -> UserAsset {
|
||||||
|
let digest = Sha256::digest(&content);
|
||||||
|
UserAsset {
|
||||||
|
id: Uuid::new_v4().to_string(),
|
||||||
|
user_id: user.id.clone(),
|
||||||
|
fingerprint: format!("{:x}", digest),
|
||||||
|
mime_type,
|
||||||
|
content,
|
||||||
|
name,
|
||||||
|
created_at: Utc::now()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,14 +1,48 @@
|
||||||
// user repositories
|
// user repositories
|
||||||
|
|
||||||
use crate::models::user::User;
|
use crate::models::{user::User, user_asset::UserAsset};
|
||||||
|
|
||||||
use super::storage::Storage;
|
use super::storage::Storage;
|
||||||
use anyhow::{Result, Context};
|
use anyhow::{Result, Context};
|
||||||
|
|
||||||
async fn get_user_by_id(storage: &Storage, user_id: &str) -> Result<User> {
|
pub async fn get_user_by_id(storage: &Storage, user_id: &str) -> Result<User> {
|
||||||
sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
||||||
.bind(user_id)
|
.bind(user_id)
|
||||||
.fetch_one(&storage.0)
|
.fetch_one(&storage.0)
|
||||||
.await
|
.await
|
||||||
.context("To get user from claim")
|
.context("To get user by id.")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub async fn get_users(storage: &Storage) -> Result<Vec<User>> {
|
||||||
|
sqlx::query_as::<_, User>("SELECT * FROM users")
|
||||||
|
.fetch_all(&storage.0)
|
||||||
|
.await
|
||||||
|
.context("To get users.")
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn create_user_asset(storage: &Storage, asset: UserAsset) -> Result<()> {
|
||||||
|
sqlx::query("INSERT INTO user_assets
|
||||||
|
(id, user_id, mime_type, fingerprint, content, created_at)
|
||||||
|
VALUES ($1, $2, $3, $4, $5, $6)
|
||||||
|
")
|
||||||
|
.bind(&asset.id)
|
||||||
|
.bind(&asset.user_id)
|
||||||
|
.bind(&asset.mime_type)
|
||||||
|
.bind(&asset.fingerprint)
|
||||||
|
.bind(&asset.content)
|
||||||
|
.bind(&asset.created_at)
|
||||||
|
.execute(&storage.0)
|
||||||
|
.await
|
||||||
|
.context("While inserting user asset.")?;
|
||||||
|
// .bind(details_update.avatar.contents.to_vec())
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub async fn get_user_asset_by_id(storage: &Storage, id: &str) -> Result<UserAsset> {
|
||||||
|
sqlx::query_as("SELECT * FROM user_assets WHERE id = $1")
|
||||||
|
.bind(id)
|
||||||
|
.fetch_one(&storage.0)
|
||||||
|
.await
|
||||||
|
.context("To get user asset by id.")
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,6 +43,18 @@ pub fn get_random_alphanumerical(length: usize) -> String {
|
||||||
.collect()
|
.collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Generate easy to type token
|
||||||
|
pub fn get_random_human_token() -> String {
|
||||||
|
return format!(
|
||||||
|
"{}-{}-{}-{}-{}",
|
||||||
|
get_random_alphanumerical(4),
|
||||||
|
get_random_alphanumerical(4),
|
||||||
|
get_random_alphanumerical(4),
|
||||||
|
get_random_alphanumerical(4),
|
||||||
|
get_random_alphanumerical(4)
|
||||||
|
).to_uppercase();
|
||||||
|
}
|
||||||
|
|
||||||
pub fn parse_basic_auth(header_value: &str) -> Result<(String, String)> {
|
pub fn parse_basic_auth(header_value: &str) -> Result<(String, String)> {
|
||||||
let header_val_components: Vec<&str> = header_value.split(" ").collect();
|
let header_val_components: Vec<&str> = header_value.split(" ").collect();
|
||||||
let encoded_header_value: &str = header_val_components
|
let encoded_header_value: &str = header_val_components
|
||||||
|
|
|
@ -5,16 +5,27 @@ CREATE TABLE users (
|
||||||
full_name TEXT,
|
full_name TEXT,
|
||||||
email TEXT UNIQUE,
|
email TEXT UNIQUE,
|
||||||
website TEXT,
|
website TEXT,
|
||||||
picture BLOB,
|
|
||||||
roles TEXT NOT NULL, -- json array of user roles
|
roles TEXT NOT NULL, -- json array of user roles
|
||||||
|
avatar_asset_id TEXT,
|
||||||
|
|
||||||
status TEXT CHECK(status IN ('Active','Disabled')) NOT NULL DEFAULT 'Disabled',
|
status TEXT CHECK(status IN ('Invited', 'Active', 'Disabled')) NOT NULL DEFAULT 'Disabled',
|
||||||
password_hash TEXT,
|
password_hash TEXT,
|
||||||
activation_token TEXT,
|
reset_password_token TEXT,
|
||||||
last_login_at DATETIME,
|
last_login_at DATETIME,
|
||||||
created_at DATETIME NOT NULL
|
created_at DATETIME NOT NULL
|
||||||
);
|
);
|
||||||
|
|
||||||
|
DROP TABLE IF EXISTS user_assets;
|
||||||
|
CREATE TABLE user_assets (
|
||||||
|
id TEXT PRIMARY KEY,
|
||||||
|
user_id TEXT NOT NULL,
|
||||||
|
mime_type TEXT NOT NULL,
|
||||||
|
fingerprint TEXT NOT NULL,
|
||||||
|
name TEXT, -- file name
|
||||||
|
content BLOB NOT NULL,
|
||||||
|
created_at DATETIME NOT NULL
|
||||||
|
);
|
||||||
|
|
||||||
DROP TABLE IF EXISTS authorizations;
|
DROP TABLE IF EXISTS authorizations;
|
||||||
CREATE TABLE authorizations (
|
CREATE TABLE authorizations (
|
||||||
id TEXT PRIMARY KEY,
|
id TEXT PRIMARY KEY,
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
password_hash="$(echo -n "root" | argon2 salt_06cGGWYDJCZ -e)"
|
password_hash="$(echo -n "root" | argon2 salt_06cGGWYDJCZ -e)"
|
||||||
echo $password_hash
|
echo $password_hash
|
||||||
SQL=$(cat <<EOF
|
SQL=$(cat <<EOF
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
applications = []
|
||||||
|
|
||||||
|
roles = []
|
||||||
|
|
||||||
|
[instance]
|
||||||
|
base_uri = "http://localhost:8086"
|
||||||
|
name = "Example org"
|
||||||
|
logo_uri = "https://example.org/logo.png"
|
||||||
|
|
9
tests/hurl_integration/user_invitation_scenario/init_db.sh
Executable file
9
tests/hurl_integration/user_invitation_scenario/init_db.sh
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
SQL=$(cat <<EOF
|
||||||
|
INSERT INTO users
|
||||||
|
(id, handle, email, roles, status, reset_password_token, created_at)
|
||||||
|
VALUES
|
||||||
|
('$(uuid)', 'invited_user', 'invited-user@example.org', '[]', 'Invited', 'Z433-Y001-V987-P500', '2024-11-30T00:00:00Z');
|
||||||
|
EOF)
|
||||||
|
echo $SQL | sqlite3 $DB_PATH
|
28
tests/hurl_integration/user_invitation_scenario/main.hurl
Normal file
28
tests/hurl_integration/user_invitation_scenario/main.hurl
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
GET {{ base_url }}/api
|
||||||
|
HTTP 200
|
||||||
|
[Asserts]
|
||||||
|
jsonpath "$.software" == "Minauthator"
|
||||||
|
|
||||||
|
GET {{ base_url }}/invitation
|
||||||
|
[QueryStringParams]
|
||||||
|
token: Z433-Y001-V987-P500
|
||||||
|
HTTP 200
|
||||||
|
[Asserts]
|
||||||
|
xpath "string(///h1)" contains "Invitation"
|
||||||
|
|
||||||
|
POST {{ base_url }}/reset-password
|
||||||
|
[FormParams]
|
||||||
|
token: Z433-Y001-V987-P500
|
||||||
|
password: newpassword10!
|
||||||
|
password_confirmation: newpassword10!
|
||||||
|
HTTP 303
|
||||||
|
[Asserts]
|
||||||
|
header "Location" == "/login"
|
||||||
|
|
||||||
|
POST {{ base_url }}/login
|
||||||
|
[FormParams]
|
||||||
|
login: invited_user
|
||||||
|
password: newpassword10!
|
||||||
|
HTTP 303
|
||||||
|
[Asserts]
|
||||||
|
cookie "minauthator_jwt" exists
|
|
@ -1,5 +1,12 @@
|
||||||
INSERT INTO users
|
-- INSERT INTO users
|
||||||
(id, handle, email, roles, status, password_hash, created_at)
|
-- (id, handle, email, roles, status, password_hash, created_at)
|
||||||
VALUES
|
-- VALUES
|
||||||
('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');
|
-- ('30c134a7-d541-4ec7-9310-9c8e298077db', 'test', 'test@example.org', '[]', 'Active', '$argon2i$v=19$m=4096,t=3,p=1$V2laYjAwTlFHOUpiekRlVzRQUU0$33h8XwAWM3pKQM7Ksler0l7rMJfseTuWPJKrdX/cGyc', '2024-11-30T00:00:00Z');
|
||||||
|
--
|
||||||
|
|
||||||
|
|
||||||
|
INSERT INTO users
|
||||||
|
(id, handle, email, roles, status, reset_password_token, created_at)
|
||||||
|
VALUES
|
||||||
|
('00000001-0042-0001-0001-00000000432', 'invited_user1', 'invited-user1@example.org', '[]', 'Invited', 'A909-Z539-L128-O400', '2024-11-30T00:00:00Z');
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue