feat: migrate get password to use db_* interface

This commit is contained in:
realaravinth 2022-05-11 18:54:36 +05:30
parent 5bcf7beddc
commit f398c4b61c
No known key found for this signature in database
GPG key ID: AD9F0F08E855ED88
3 changed files with 39 additions and 61 deletions

View file

@ -523,6 +523,26 @@
},
"query": "SELECT name FROM mcaptcha_config \n WHERE key = $1 \n AND user_id = (\n SELECT user_id FROM mcaptcha_users WHERE NAME = $2)"
},
"a900d304a69809e98eedfc7d807bf6f4f88998763f914cd1ac3e98c6b755c2e2": {
"describe": {
"columns": [
{
"name": "password",
"ordinal": 0,
"type_info": "Text"
}
],
"nullable": [
false
],
"parameters": {
"Left": [
"Text"
]
}
},
"query": "SELECT password FROM mcaptcha_users WHERE email = ($1)"
},
"ad23588ee4bcbb13e208460ce21e2fa9f1373893934b530b339fea10360b34a8": {
"describe": {
"columns": [

View file

@ -17,6 +17,7 @@
use actix_identity::Identity;
use actix_web::{web, HttpResponse, Responder};
use argon2_creds::Config;
use db_core::Login;
use serde::{Deserialize, Serialize};
use sqlx::Error::RowNotFound;
@ -83,26 +84,15 @@ async fn update_user_password(
let username = id.identity().unwrap();
let rec = sqlx::query_as!(
Password,
r#"SELECT password FROM mcaptcha_users WHERE name = ($1)"#,
&username,
)
.fetch_one(&data.db)
.await;
// TODO: verify behavior when account is not found
let res = data.dblib.get_password(&Login::Username(&username)).await?;
match rec {
Ok(s) => {
if Config::verify(&s.password, &payload.password)? {
let update: UpdatePassword = payload.into_inner().into();
update_password_runner(&username, update, &data).await?;
Ok(HttpResponse::Ok())
} else {
Err(ServiceError::WrongPassword)
}
}
Err(RowNotFound) => Err(ServiceError::AccountNotFound),
Err(_) => Err(ServiceError::InternalServerError),
if Config::verify(&res.hash, &payload.password)? {
let update: UpdatePassword = payload.into_inner().into();
update_password_runner(&username, update, &data).await?;
Ok(HttpResponse::Ok())
} else {
Err(ServiceError::WrongPassword)
}
}

View file

@ -91,7 +91,6 @@ pub mod runners {
/// returns Ok(()) when everything checks out and the user is authenticated. Erros otherwise
pub async fn login_runner(payload: Login, data: &AppData) -> ServiceResult<String> {
use argon2_creds::Config;
use sqlx::Error::RowNotFound;
let verify = |stored: &str, received: &str| {
if Config::verify(stored, received)? {
@ -101,50 +100,19 @@ pub mod runners {
}
};
if payload.login.contains('@') {
#[derive(Clone, Debug)]
struct EmailLogin {
name: String,
password: String,
}
let email_fut = sqlx::query_as!(
EmailLogin,
r#"SELECT name, password FROM mcaptcha_users WHERE email = ($1)"#,
&payload.login,
)
.fetch_one(&data.db)
.await;
match email_fut {
Ok(s) => {
verify(&s.password, &payload.password)?;
Ok(s.name)
}
Err(RowNotFound) => Err(ServiceError::AccountNotFound),
Err(_) => Err(ServiceError::InternalServerError),
}
let s = if payload.login.contains('@') {
data.dblib
.get_password(&db_core::Login::Email(&payload.login))
.await?
} else {
let username_fut = sqlx::query_as!(
Password,
r#"SELECT password FROM mcaptcha_users WHERE name = ($1)"#,
&payload.login,
)
.fetch_one(&data.db)
.await;
data.dblib
.get_password(&db_core::Login::Username(&payload.login))
.await?
};
match username_fut {
Ok(s) => {
verify(&s.password, &payload.password)?;
Ok(payload.login)
}
Err(RowNotFound) => Err(ServiceError::AccountNotFound),
Err(_) => Err(ServiceError::InternalServerError),
}
}
verify(&s.hash, &payload.password)?;
Ok(s.username)
}
pub async fn register_runner(
payload: &Register,
data: &AppData,