finish admin tasks

src/rest/admin/mod.rs

@@ -0,0 +1,9 @@
+use rocket::Route;
+
+pub mod user;
+
+pub fn routes() -> Vec<Route> {
+    let mut ret = Vec::new();
+    ret.append(&mut user::routes());
+    ret
+}

src/rest/admin/user.rs

@@ -0,0 +1,61 @@
+use crate::model::user::{AdminUser, User};
+use rocket::{
+    form::Form,
+    get, post,
+    response::{Flash, Redirect},
+    routes, FromForm, Route, State,
+};
+use rocket_dyn_templates::{context, Template};
+use sqlx::SqlitePool;
+
+#[get("/user")]
+async fn index(db: &State<SqlitePool>, _admin: AdminUser) -> Template {
+    let users = User::all(db).await;
+    Template::render("admin/user/index", context!(users))
+}
+
+#[get("/user/<user>/reset-pw")]
+async fn resetpw(db: &State<SqlitePool>, _admin: AdminUser, user: i32) -> Flash<Redirect> {
+    let user = User::find_by_id(db, user).await;
+    match user {
+        Ok(user) => {
+            user.reset_pw(db).await;
+            Flash::success(
+                Redirect::to("/admin/user"),
+                format!("Successfully reset pw of {}", user.name),
+            )
+        }
+        Err(_) => Flash::error(Redirect::to("/admin/user"), "User does not exist"),
+    }
+}
+
+#[derive(FromForm)]
+struct UserEditForm {
+    id: i32,
+    is_guest: bool,
+    is_cox: bool,
+    is_admin: bool,
+}
+
+#[post("/user", data = "<data>")]
+async fn update(db: &State<SqlitePool>, data: Form<UserEditForm>) -> Flash<Redirect> {
+    let user = User::find_by_id(db, data.id).await;
+    let user = match user {
+        Ok(user) => user,
+        Err(_) => {
+            return Flash::error(
+                Redirect::to("/admin/user"),
+                format!("User with ID {} does not exist!", data.id),
+            )
+        }
+    };
+
+    user.update(db, data.is_cox, data.is_admin, data.is_guest)
+        .await;
+
+    Flash::success(Redirect::to("/admin/user"), "Successfully updated user")
+}
+
+pub fn routes() -> Vec<Route> {
+    routes![index, resetpw, update]
+}

src/rest/auth.rs

@@ -7,11 +7,11 @@ use rocket::{
     response::{Flash, Redirect},
     routes, FromForm, Route, State,
 };
-use rocket_dyn_templates::{tera, Template};
+use rocket_dyn_templates::{context, tera, Template};
 use serde_json::json;
 use sqlx::SqlitePool;
 
-use crate::model::user::User;
+use crate::model::user::{LoginError, User};
 
 #[get("/")]
 async fn index(flash: Option<FlashMessage<'_>>) -> Template {
@@ -41,6 +41,12 @@ async fn login(
     //TODO: be able to use ? for login. This would get rid of the following match clause.
     let user = match user {
         Ok(user) => user,
+        Err(LoginError::NoPasswordSet(user)) => {
+            return Flash::warning(
+                Redirect::to(format!("/auth/set-pw/{}", user.id)),
+                "Setze ein neues Passwort",
+            );
+        }
         Err(_) => {
             return Flash::error(Redirect::to("/auth"), "Falscher Benutzername/Passwort");
         }
@@ -52,6 +58,53 @@ async fn login(
     Flash::success(Redirect::to("/"), "Login erfolgreich")
 }
 
+#[get("/set-pw/<userid>")]
+async fn setpw(userid: i32) -> Template {
+    Template::render("auth/set-pw", context!(userid))
+}
+
+#[derive(FromForm)]
+struct UpdatePw {
+    userid: i32,
+    password: String,
+    password_confirm: String,
+}
+
+#[post("/set-pw", data = "<updatepw>")]
+async fn updatepw(
+    db: &State<SqlitePool>,
+    updatepw: Form<UpdatePw>,
+    cookies: &CookieJar<'_>,
+) -> Flash<Redirect> {
+    let user = User::find_by_id(db, updatepw.userid).await;
+    let user = match user {
+        Ok(user) => user,
+        Err(_) => {
+            return Flash::error(
+                Redirect::to("/auth"),
+                format!("User with ID {} does not exist!", updatepw.userid),
+            )
+        }
+    };
+
+    if updatepw.password != updatepw.password_confirm {
+        return Flash::error(
+            Redirect::to(format!("/auth/set-pw/{}", updatepw.userid)),
+            "Passwörter stimmen nicht überein! Bitte probiere es nochmal",
+        );
+    }
+
+    user.update_pw(db, updatepw.password.clone()).await;
+
+    let user_json: String = format!("{}", json!(user));
+    cookies.add_private(Cookie::new("loggedin_user", user_json));
+
+    Flash::success(
+        Redirect::to("/"),
+        "Passwort erfolgreich gesetzt. Du bist nun eingeloggt.",
+    )
+}
+
 #[get("/logout")]
 async fn logout(cookies: &CookieJar<'_>, _user: User) -> Flash<Redirect> {
     cookies.remove_private(Cookie::named("loggedin_user"));
@@ -60,5 +113,5 @@ async fn logout(cookies: &CookieJar<'_>, _user: User) -> Flash<Redirect> {
 }
 
 pub fn routes() -> Vec<Route> {
-    routes![index, login, logout]
+    routes![index, login, logout, setpw, updatepw]
 }

src/rest/mod.rs

@@ -4,6 +4,7 @@ use sqlx::SqlitePool;
 
 use crate::model::user::User;
 
+mod admin;
 mod auth;
 
 #[get("/")]
@@ -21,6 +22,7 @@ pub fn start(db: SqlitePool) -> Rocket<Build> {
         .manage(db)
         .mount("/", routes![index])
         .mount("/auth", auth::routes())
+        .mount("/admin", admin::routes())
         .register("/", catchers![unauthorized_error])
         .attach(Template::fairing())
 }