mirrors/mCaptcha
1
0
Fork 0
mirror of https://github.com/mCaptcha/mCaptcha.git synced 2025-03-29 04:38:59 +03:00
Code Issues Projects Releases Packages Wiki Activity

server-side password validation

Browse source
This commit is contained in:
realaravinth 2021-05-02 10:32:22 +05:30
parent a82d61ed27
commit c7bac9e623
No known key found for this signature in database
GPG key ID: AD9F0F08E855ED88
6 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/api/v1/auth.rs
View file

@ -31,6 +31,7 @@ use crate::Data;
pub struct Register { pub struct Register {
pub username: String, pub username: String,
pub password: String, pub password: String,
pub confirm_password: String,
pub email: Option<String>, pub email: Option<String>,
} }
@ -53,14 +54,12 @@ pub async fn signup(
if !crate::SETTINGS.server.allow_registration { if !crate::SETTINGS.server.allow_registration {
Err(ServiceError::ClosedForRegistration)? Err(ServiceError::ClosedForRegistration)?
} }
if &payload.password != &payload.confirm_password {
return Err(ServiceError::PasswordsDontMatch);
}
let username = data.creds.username(&payload.username)?; let username = data.creds.username(&payload.username)?;
let hash = data.creds.password(&payload.password)?; let hash = data.creds.password(&payload.password)?;
// let payload = payload.into_inner();
// let email = payload.email.clone();
// if payload.email.is_some() {
// let email = email.clone().unwrap();
// data.creds.email(Some(&email))?;
// }
if let Some(email) = &payload.email { if let Some(email) = &payload.email {
data.creds.email(&email)?; data.creds.email(&email)?;

19
src/api/v1/tests/auth.rs
View file

@ -43,6 +43,7 @@ async fn auth_works() {
let msg = Register { let msg = Register {
username: NAME.into(), username: NAME.into(),
password: PASSWORD.into(), password: PASSWORD.into(),
confirm_password: PASSWORD.into(),
email: None, email: None,
}; };
let resp = test::call_service(&mut app, post_request!(&msg, SIGNUP).to_request()).await; let resp = test::call_service(&mut app, post_request!(&msg, SIGNUP).to_request()).await;
@ -80,6 +81,7 @@ async fn auth_works() {
let msg = Register { let msg = Register {
username: NAME.into(), username: NAME.into(),
password: PASSWORD.into(), password: PASSWORD.into(),
confirm_password: PASSWORD.into(),
email: Some(EMAIL.into()), email: Some(EMAIL.into()),
}; };
bad_post_req_test( bad_post_req_test(
@ -136,12 +138,13 @@ async fn auth_works() {
} }
#[actix_rt::test] #[actix_rt::test]
async fn email_udpate_and_del_userworks() { async fn email_udpate_password_validation_del_userworks() {
const NAME: &str = "testuser2"; const NAME: &str = "testuser2";
const PASSWORD: &str = "longpassword2"; const PASSWORD: &str = "longpassword2";
const EMAIL: &str = "testuser1@a.com2"; const EMAIL: &str = "testuser1@a.com2";
const DEL_URL: &str = "/api/v1/account/delete"; const DEL_URL: &str = "/api/v1/account/delete";
const EMAIL_UPDATE: &str = "/api/v1/account/email/"; const EMAIL_UPDATE: &str = "/api/v1/account/email/";
const SIGNUP: &str = "/api/v1/signup";
{ {
let data = Data::new().await; let data = Data::new().await;
@ -178,6 +181,20 @@ async fn email_udpate_and_del_userworks() {
.await; .await;
assert_eq!(delete_user_resp.status(), StatusCode::OK); assert_eq!(delete_user_resp.status(), StatusCode::OK);
// checking to see if server-side password validation (password == password_config)
// works
let register_msg = Register {
username: NAME.into(),
password: PASSWORD.into(),
confirm_password: NAME.into(),
email: None,
};
let resp =
test::call_service(&mut app, post_request!(&register_msg, SIGNUP).to_request()).await;
assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
let txt: ErrorToResponse = test::read_body_json(resp).await;
assert_eq!(txt.error, format!("{}", ServiceError::PasswordsDontMatch));
} }
#[actix_rt::test] #[actix_rt::test]

5
src/errors.rs
View file

@ -70,6 +70,8 @@ pub enum ServiceError {
PasswordTooShort, PasswordTooShort,
#[display(fmt = "Username too long")] #[display(fmt = "Username too long")]
PasswordTooLong, PasswordTooLong,
#[display(fmt = "Passwords don't match")]
PasswordsDontMatch,
/// when the a username is already taken /// when the a username is already taken
#[display(fmt = "Username not available")] #[display(fmt = "Username not available")]
@ -121,6 +123,7 @@ impl ResponseError for ServiceError {
ServiceError::PasswordTooShort => StatusCode::BAD_REQUEST, ServiceError::PasswordTooShort => StatusCode::BAD_REQUEST,
ServiceError::PasswordTooLong => StatusCode::BAD_REQUEST, ServiceError::PasswordTooLong => StatusCode::BAD_REQUEST,
ServiceError::PasswordsDontMatch => StatusCode::BAD_REQUEST,
ServiceError::UsernameTaken => StatusCode::BAD_REQUEST, ServiceError::UsernameTaken => StatusCode::BAD_REQUEST,
ServiceError::EmailTaken => StatusCode::BAD_REQUEST, ServiceError::EmailTaken => StatusCode::BAD_REQUEST,
@ -164,8 +167,8 @@ impl From<ParseError> for ServiceError {
} }
} }
#[cfg(not(tarpaulin_include))]
impl From<CaptchaError> for ServiceError { impl From<CaptchaError> for ServiceError {
#[cfg(not(tarpaulin_include))]
fn from(e: CaptchaError) -> ServiceError { fn from(e: CaptchaError) -> ServiceError {
ServiceError::CaptchaError(e) ServiceError::CaptchaError(e)
} }

1
src/tests/mod.rs
View file

@ -76,6 +76,7 @@ pub async fn register<'a>(name: &'a str, email: &str, password: &str) {
let msg = Register { let msg = Register {
username: name.into(), username: name.into(),
password: password.into(), password: password.into(),
confirm_password: password.into(),
email: Some(email.into()), email: Some(email.into()),
}; };
let resp = let resp =

1
templates/auth/register/index.ts
View file

@ -64,6 +64,7 @@ const registerUser = async (e: Event) => {
let payload = { let payload = {
username, username,
password, password,
confirm_password: passwordCheck,
email, email,
}; };

2
templates/index.ts
View file

@ -21,7 +21,7 @@ import * as login from './auth/login';
import * as register from './auth/register'; import * as register from './auth/register';
import * as panel from './panel/index'; import * as panel from './panel/index';
import * as addSiteKey from './panel/add-site-key/'; import * as addSiteKey from './panel/add-site-key/';
//import './auth/forms.scss'; import './auth/forms.scss';
import './panel/main.scss'; import './panel/main.scss';
import VIEWS from './views/v1/routes'; import VIEWS from './views/v1/routes';