rowt/src/tera/auth.rs

use rocket::{
    form::Form,
    get,
    http::{Cookie, CookieJar},
    outcome::Outcome,
    post,
    request::{FlashMessage, FromRequest},
    response::{Flash, Redirect},
    routes,
    time::{Duration, OffsetDateTime},
    FromForm, Request, Route, State,
};
use rocket_dyn_templates::{context, tera, Template};
use serde_json::json;
use sqlx::SqlitePool;

use crate::model::{
    log::Log,
    user::{LoginError, User},
};

#[get("/?<name>")]
fn index(flash: Option<FlashMessage<'_>>, name: Option<String>) -> Template {
    let mut context = tera::Context::new();

    if let Some(msg) = flash {
        context.insert("flash", &msg.into_inner());
    }

    if let Some(n) = name {
        context.insert("name", &n);
    }

    Template::render("auth/login", context.into_json())
}

#[derive(FromForm)]
struct LoginForm<'r> {
    name: &'r str,
    password: &'r str,
}

#[derive(Debug)]
pub struct UserAgent(String);

#[rocket::async_trait]
impl<'r> FromRequest<'r> for UserAgent {
    type Error = std::convert::Infallible;

    async fn from_request(
        request: &'r Request<'_>,
    ) -> rocket::request::Outcome<UserAgent, Self::Error> {
        let agent = request
            .headers()
            .get_one("User-Agent")
            .unwrap_or("Unknown")
            .to_string();
        Outcome::Success(UserAgent(agent))
    }
}

#[post("/", data = "<login>")]
async fn login(
    login: Form<LoginForm<'_>>,
    db: &State<SqlitePool>,
    cookies: &CookieJar<'_>,
    agent: UserAgent,
) -> Flash<Redirect> {
    let user = match User::login(db, login.name, login.password).await {
        Ok(user) => user,
        Err(LoginError::NoPasswordSet(user)) => {
            return Flash::warning(
                Redirect::to(format!("/auth/set-pw/{}", user.id)),
                "Setze ein neues Passwort",
            );
        }
        Err(_) => {
            return Flash::error(Redirect::to("/auth"), "Falscher Benutzername/Passwort. Du bist Vereinsmitglied und der Login klappt nicht? Kontaktiere Philipp H. (Tel.nr. siehe Signalgruppe) oder schreibe eine Mail an rudern@gmx.at!");
        }
    };

    cookies.add_private(Cookie::new("loggedin_user", format!("{}", json!(user.id))));

    Log::create(
        db,
        format!(
            "Succ login of {} with this useragent: {:?}",
            login.name, agent
        ),
    )
    .await;

    Flash::success(Redirect::to("/"), "Login erfolgreich")
}

#[get("/set-pw/<userid>")]
fn setpw(userid: i32) -> Template {
    Template::render("auth/set-pw", context!(userid))
}

#[derive(FromForm)]
struct UpdatePw<'r> {
    userid: i32,
    password: &'r str,
    password_confirm: &'r str,
}

#[post("/set-pw", data = "<updatepw>")]
async fn updatepw(
    db: &State<SqlitePool>,
    updatepw: Form<UpdatePw<'_>>,
    cookies: &CookieJar<'_>,
) -> Flash<Redirect> {
    let user = User::find_by_id(db, updatepw.userid).await;
    let Some(user) = user else{
            return Flash::error(
                Redirect::to("/auth"),
                format!("User with ID {} does not exist!", updatepw.userid),
            )
    };

    if updatepw.password != updatepw.password_confirm {
        return Flash::error(
            Redirect::to(format!("/auth/set-pw/{}", updatepw.userid)),
            "Passwörter stimmen nicht überein! Bitte probiere es nochmal",
        );
    }

    user.update_pw(db, updatepw.password).await;

    let user_json: String = format!("{}", json!(user));
    let mut cookie = Cookie::new("loggedin_user", user_json);
    cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12));
    cookies.add_private(cookie);

    Log::create(db, format!("User {} set her password.", user.name)).await;

    Flash::success(
        Redirect::to("/"),
        "Passwort erfolgreich gesetzt. Du bist nun eingeloggt.",
    )
}

#[get("/logout")]
fn logout(cookies: &CookieJar<'_>, _user: User) -> Flash<Redirect> {
    cookies.remove_private(Cookie::named("loggedin_user"));

    Flash::success(Redirect::to("/auth"), "Logout erfolgreich")
}

pub fn routes() -> Vec<Route> {
    routes![index, login, logout, setpw, updatepw]
}
start working on auth 2023-04-03 16:11:26 +02:00			`use rocket::{`
			`form::Form,`
clean code with clippy 2023-04-03 17:32:41 +02:00			`get,`
			`http::{Cookie, CookieJar},`
log useragent on login 2023-07-25 13:55:16 +02:00			`outcome::Outcome,`
clean code with clippy 2023-04-03 17:32:41 +02:00			`post,`
log useragent on login 2023-07-25 13:55:16 +02:00			`request::{FlashMessage, FromRequest},`
clean code with clippy 2023-04-03 17:32:41 +02:00			`response::{Flash, Redirect},`
renew cookies on every action; increase cookie timeout to 3 months 2023-06-07 00:07:11 +02:00			`routes,`
			`time::{Duration, OffsetDateTime},`
log useragent on login 2023-07-25 13:55:16 +02:00			`FromForm, Request, Route, State,`
start working on auth 2023-04-03 16:11:26 +02:00			`};`
finish admin tasks 2023-04-04 10:44:14 +02:00			`use rocket_dyn_templates::{context, tera, Template};`
clean code with clippy 2023-04-03 17:32:41 +02:00			`use serde_json::json;`
start working on auth 2023-04-03 16:11:26 +02:00			`use sqlx::SqlitePool;`

add rss feed with common actions 2023-04-18 12:10:11 +02:00			`use crate::model::{`
			`log::Log,`
			`user::{LoginError, User},`
			`};`
start working on auth 2023-04-03 16:11:26 +02:00
add db constraints; add optional name for login (to be sent to members) 2023-07-22 15:51:20 +02:00			`#[get("/?<name>")]`
			`fn index(flash: Option<FlashMessage<'_>>, name: Option<String>) -> Template {`
start working on auth 2023-04-03 16:11:26 +02:00			`let mut context = tera::Context::new();`

			`if let Some(msg) = flash {`
			`context.insert("flash", &msg.into_inner());`
			`}`

add db constraints; add optional name for login (to be sent to members) 2023-07-22 15:51:20 +02:00			`if let Some(n) = name {`
			`context.insert("name", &n);`
			`}`

start working on auth 2023-04-03 16:11:26 +02:00			`Template::render("auth/login", context.into_json())`
			`}`

			`#[derive(FromForm)]`
fix many clones() 2023-05-24 12:11:55 +02:00			`struct LoginForm<'r> {`
			`name: &'r str,`
			`password: &'r str,`
start working on auth 2023-04-03 16:11:26 +02:00			`}`

log useragent on login 2023-07-25 13:55:16 +02:00			`#[derive(Debug)]`
			`pub struct UserAgent(String);`

			`#[rocket::async_trait]`
			`impl<'r> FromRequest<'r> for UserAgent {`
			`type Error = std::convert::Infallible;`

			`async fn from_request(`
			`request: &'r Request<'_>,`
			`) -> rocket::request::Outcome<UserAgent, Self::Error> {`
			`let agent = request`
			`.headers()`
			`.get_one("User-Agent")`
			`.unwrap_or("Unknown")`
			`.to_string();`
			`Outcome::Success(UserAgent(agent))`
			`}`
			`}`

start working on auth 2023-04-03 16:11:26 +02:00			`#[post("/", data = "<login>")]`
clean code with clippy 2023-04-03 17:32:41 +02:00			`async fn login(`
fix many clones() 2023-05-24 12:11:55 +02:00			`login: Form<LoginForm<'_>>,`
clean code with clippy 2023-04-03 17:32:41 +02:00			`db: &State<SqlitePool>,`
			`cookies: &CookieJar<'_>,`
log useragent on login 2023-07-25 13:55:16 +02:00			`agent: UserAgent,`
clean code with clippy 2023-04-03 17:32:41 +02:00			`) -> Flash<Redirect> {`
add debug log for auth 2023-07-11 09:16:13 +02:00			`let user = match User::login(db, login.name, login.password).await {`
start working on auth 2023-04-03 16:11:26 +02:00			`Ok(user) => user,`
finish admin tasks 2023-04-04 10:44:14 +02:00			`Err(LoginError::NoPasswordSet(user)) => {`
			`return Flash::warning(`
			`Redirect::to(format!("/auth/set-pw/{}", user.id)),`
			`"Setze ein neues Passwort",`
			`);`
			`}`
start working on auth 2023-04-03 16:11:26 +02:00			`Err(_) => {`
add contact options on failed login 2023-07-10 17:17:17 +02:00			`return Flash::error(Redirect::to("/auth"), "Falscher Benutzername/Passwort. Du bist Vereinsmitglied und der Login klappt nicht? Kontaktiere Philipp H. (Tel.nr. siehe Signalgruppe) oder schreibe eine Mail an rudern@gmx.at!");`
start working on auth 2023-04-03 16:11:26 +02:00			`}`
			`};`

only save (encrypted) user_id in cookie 2023-07-27 22:16:12 +02:00			`cookies.add_private(Cookie::new("loggedin_user", format!("{}", json!(user.id))));`
clean code with clippy 2023-04-03 17:32:41 +02:00
only log useragent on succ login 2023-07-26 08:29:22 +02:00			`Log::create(`
			`db,`
			`format!(`
			`"Succ login of {} with this useragent: {:?}",`
			`login.name, agent`
			`),`
			`)`
			`.await;`

start working on auth 2023-04-03 16:11:26 +02:00			`Flash::success(Redirect::to("/"), "Login erfolgreich")`
			`}`

finish admin tasks 2023-04-04 10:44:14 +02:00			`#[get("/set-pw/<userid>")]`
clean code with clippy 2023-04-04 19:49:27 +02:00			`fn setpw(userid: i32) -> Template {`
finish admin tasks 2023-04-04 10:44:14 +02:00			`Template::render("auth/set-pw", context!(userid))`
			`}`

			`#[derive(FromForm)]`
fix many clones() 2023-05-24 12:11:55 +02:00			`struct UpdatePw<'r> {`
finish admin tasks 2023-04-04 10:44:14 +02:00			`userid: i32,`
fix many clones() 2023-05-24 12:11:55 +02:00			`password: &'r str,`
			`password_confirm: &'r str,`
finish admin tasks 2023-04-04 10:44:14 +02:00			`}`

			`#[post("/set-pw", data = "<updatepw>")]`
			`async fn updatepw(`
			`db: &State<SqlitePool>,`
fix many clones() 2023-05-24 12:11:55 +02:00			`updatepw: Form<UpdatePw<'_>>,`
finish admin tasks 2023-04-04 10:44:14 +02:00			`cookies: &CookieJar<'_>,`
			`) -> Flash<Redirect> {`
			`let user = User::find_by_id(db, updatepw.userid).await;`
use proper result for finding user 2023-04-10 14:25:31 +02:00			`let Some(user) = user else{`
finish admin tasks 2023-04-04 10:44:14 +02:00			`return Flash::error(`
			`Redirect::to("/auth"),`
			`format!("User with ID {} does not exist!", updatepw.userid),`
			`)`
			`};`

			`if updatepw.password != updatepw.password_confirm {`
			`return Flash::error(`
			`Redirect::to(format!("/auth/set-pw/{}", updatepw.userid)),`
			`"Passwörter stimmen nicht überein! Bitte probiere es nochmal",`
			`);`
			`}`

fix many clones() 2023-05-24 12:11:55 +02:00			`user.update_pw(db, updatepw.password).await;`
finish admin tasks 2023-04-04 10:44:14 +02:00
			`let user_json: String = format!("{}", json!(user));`
renew cookies on every action; increase cookie timeout to 3 months 2023-06-07 00:07:11 +02:00			`let mut cookie = Cookie::new("loggedin_user", user_json);`
			`cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12));`
			`cookies.add_private(cookie);`
finish admin tasks 2023-04-04 10:44:14 +02:00
add rss feed with common actions 2023-04-18 12:10:11 +02:00			`Log::create(db, format!("User {} set her password.", user.name)).await;`

finish admin tasks 2023-04-04 10:44:14 +02:00			`Flash::success(`
			`Redirect::to("/"),`
			`"Passwort erfolgreich gesetzt. Du bist nun eingeloggt.",`
			`)`
			`}`

show name of loggedin_user; add logout functionality 2023-04-03 22:10:12 +02:00			`#[get("/logout")]`
fix testsg 2023-07-25 13:33:12 +02:00			`fn logout(cookies: &CookieJar<'_>, _user: User) -> Flash<Redirect> {`
show name of loggedin_user; add logout functionality 2023-04-03 22:10:12 +02:00			`cookies.remove_private(Cookie::named("loggedin_user"));`

			`Flash::success(Redirect::to("/auth"), "Logout erfolgreich")`
			`}`

start working on auth 2023-04-03 16:11:26 +02:00			`pub fn routes() -> Vec<Route> {`
finish admin tasks 2023-04-04 10:44:14 +02:00			`routes![index, login, logout, setpw, updatepw]`
start working on auth 2023-04-03 16:11:26 +02:00			`}`