Compare commits

...

2 Commits

Author SHA1 Message Date
b0123e2b42 Merge pull request 'only allow people with access rights to login via wordpress' (#768) from fix-wordpress-login into main
All checks were successful
CI/CD Pipeline / test (push) Successful in 12m9s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Successful in 20m38s
Reviewed-on: #768
2024-10-13 15:03:50 +02:00
a53c0ede9c only allow people with access rights to login via wordpress
All checks were successful
CI/CD Pipeline / test (push) Successful in 12m6s
CI/CD Pipeline / deploy-staging (push) Has been skipped
CI/CD Pipeline / deploy-main (push) Has been skipped
2024-10-13 14:51:11 +02:00
2 changed files with 12 additions and 3 deletions

View File

@ -13,6 +13,7 @@ INSERT INTO "role" (name) VALUES ('kassier');
INSERT INTO "role" (name) VALUES ('schriftfuehrer'); INSERT INTO "role" (name) VALUES ('schriftfuehrer');
INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr'); INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
INSERT INTO "role" (name) VALUES ('schnupper-betreuer'); INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
INSERT INTO "role" (name) VALUES ('allow_website_login');
INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM'); INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
INSERT INTO "user_role" (user_id, role_id) VALUES(1,1); INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
INSERT INTO "user_role" (user_id, role_id) VALUES(1,2); INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);

View File

@ -106,10 +106,18 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
#[post("/", data = "<login>")] #[post("/", data = "<login>")]
async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String { async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
match User::login(db, login.name, login.password).await { if let Ok(user) = User::login(db, login.name, login.password).await {
Ok(_) => "SUCC".into(), if user.has_role(db, "allow_website_login").await {
Err(_) => "FAIL".into(), return String::from("SUCC");
} }
if user.has_role(db, "admin").await {
return String::from("SUCC");
}
if user.has_role(db, "Vorstand").await {
return String::from("SUCC");
}
}
"FAIL".into()
} }
#[catch(401)] //Unauthorized #[catch(401)] //Unauthorized