From 494ec31c8d5e50e02f18d53be212258366a9a412 Mon Sep 17 00:00:00 2001
From: philipp <philipp@hofer.link>
Date: Mon, 10 Apr 2023 14:25:31 +0200
Subject: [PATCH] use proper result for finding user

---
 seeds.sql              | 113 ++---------------------------------------
 src/model/user.rs      |  51 ++++++++++---------
 src/rest/admin/user.rs |   6 +--
 src/rest/auth.rs       |   2 +-
 4 files changed, 35 insertions(+), 137 deletions(-)

diff --git a/seeds.sql b/seeds.sql
index bb0ad17..51710b6 100644
--- a/seeds.sql
+++ b/seeds.sql
@@ -1,108 +1,5 @@
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Daniela Allmeier', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Doris Allmeier', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Karl Allmeier', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Alaa Almousa', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Elke Atzgerstorfer', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Eva Atzgerstorfer', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Philip Baillon', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Elfriede Baminger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Alexandra Binder', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Gerald Binder', false);
-INSERT INTO "user" (name, is_guest, is_cox, is_admin) VALUES ('Marie Birner', false, true, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Richard Bogdan', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Mara Brandstetter', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Christian Commenda', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Goran DAgosto', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Daria Danner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Silvia Demmig', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Daniela Dieplinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Herbert Dieplinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Sylvia Ecker', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Raphael Eichhorn', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Geza Eisserer', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Helga Engelbrechtslehner', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Manuela Firmötz', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Maj-Britt Fobian', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Elisabeth Fölser', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Larissa Freimuth', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Nina Füreder', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Bettina Fürlinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Heinz Gessl', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Helmut Gidl', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Eva-Maria Gruber', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Christian Gusenbauer', false, true);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Adolf Hainschink', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Maria Hainschink', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Leon Hattmannsdorfer', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Andrea Heinemann', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Bernhard Heinemann', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Matthias Höfer', false, true);
-INSERT INTO "user" (name, is_guest, is_cox, is_admin) VALUES ('Philipp Hofer', false, true, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Thomas Hoffelner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Inge Höllersberger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Harald Iro', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Claudia Jagersberger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Melanie Keplinger', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Ernst Klima', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Herta Klima', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Thomas Klima', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Margit Bencic', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Ingrid Klug', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Max Knauseder', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Paul Knauseder', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Harald Koch', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Johann Koci', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Alexander Koll', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Gudrun Koppauer', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Daniel Kortschak', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Manfred Krausbar', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Verena Kriechbaum', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Martin Kugler', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Fabian Kunz', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Heinrich Kupka', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Anna Kuthan', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Moritz Lach', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Claudia Lackinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Erich Lehner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Roland Lehner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Matthias List', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Manfred Meindl', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Michael Messner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Iris Pfoser', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Franz Poddemski', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Laurent Pramhas', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Carmen Pusch', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Heinz Radinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Franz Reisinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Hermann Remplbauer', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Burkhard Riss', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Julius Riss', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Christiane Rückerl', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Andrea Sageder', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Birgit Sageder', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Michael Sageder', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Niklas Sageder', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Sebastian Sageder', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Siegfried Sageder', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Lisa-Maria Schedlberger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Max Schellenbacher', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Klaus Schlögl', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Wolfgang Schlögl', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Gabriele Schwarz', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Caroline Schwendinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Kristina Schwendinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Martina Schwendinger', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Stephan Siegl', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Sandra Sollberger', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Michael Stadler', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Edith Steinacker', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Ignaz Alois Stütz', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Ilona Stütz', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Elisabeth Totschnig', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Atharva Tyagi', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Friedrich Weber', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Isabella Wessely', false);
-INSERT INTO "user" (name, is_guest, is_cox) VALUES ('Lukas Wessely', false, true);
-INSERT INTO "user" (name, is_guest) VALUES ('Erich Zauner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Renate Zehetner', false);
-INSERT INTO "user" (name, is_guest) VALUES ('Augustin Zuljevic', false);
+INSERT INTO "user" (name, is_cox, is_admin, is_guest, pw) VALUES('admin', false, true, false, '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
+INSERT INTO "user" (name, is_cox, is_admin, is_guest, pw) VALUES('rower', false, false, false, '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$jWKzDmI0jqT2dqINFt6/1NjVF4Dx15n07PL1ZMBmFsY');
+INSERT INTO "user" (name, is_cox, is_admin, is_guest, pw) VALUES('guest', false, false, true, '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$GF6gizbI79Bh0zA9its8S0gram956v+YIV8w8VpwJnQ');
+INSERT INTO "user" (name, is_cox, is_admin, is_guest, pw) VALUES('cox', true, false, false, '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$lnWzHx3DdqS9GQyWYel82kIotZuK2wk9EyfhPFtjNzs');
+INSERT INTO "user" (name) VALUES('new');
diff --git a/src/model/user.rs b/src/model/user.rs
index 42044cf..aab0331 100644
--- a/src/model/user.rs
+++ b/src/model/user.rs
@@ -22,7 +22,6 @@ pub struct User {
 
 #[derive(Debug)]
 pub enum LoginError {
-    SqlxError(sqlx::Error),
     InvalidAuthenticationCombo,
     NotLoggedIn,
     NotAnAdmin,
@@ -30,11 +29,6 @@ pub enum LoginError {
     NoPasswordSet(User),
 }
 
-impl From<sqlx::Error> for LoginError {
-    fn from(sqlx_error: sqlx::Error) -> Self {
-        Self::SqlxError(sqlx_error)
-    }
-}
 impl User {
     pub async fn update(&self, db: &SqlitePool, is_cox: bool, is_admin: bool, is_guest: bool) {
         sqlx::query!(
@@ -60,36 +54,38 @@ impl User {
         .is_ok()
     }
 
-    pub async fn find_by_id(db: &SqlitePool, id: i32) -> Result<Self, sqlx::Error> {
-        let user: User = sqlx::query_as!(
-            User,
-            "
+    pub async fn find_by_id(db: &SqlitePool, id: i32) -> Option<Self> {
+        Some(
+            sqlx::query_as!(
+                User,
+                "
 SELECT id, name, pw, is_cox, is_admin, is_guest
 FROM user 
 WHERE id like ?
         ",
-            id
+                id
+            )
+            .fetch_one(db)
+            .await
+            .ok()?,
         )
-        .fetch_one(db)
-        .await?;
-
-        Ok(user)
     }
 
-    async fn find_by_name(db: &SqlitePool, name: String) -> Result<Self, sqlx::Error> {
-        let user: User = sqlx::query_as!(
-            User,
-            "
+    async fn find_by_name(db: &SqlitePool, name: String) -> Option<Self> {
+        Some(
+            sqlx::query_as!(
+                User,
+                "
 SELECT id, name, pw, is_cox, is_admin, is_guest
 FROM user 
 WHERE name like ?
         ",
-            name
+                name
+            )
+            .fetch_one(db)
+            .await
+            .ok()?,
         )
-        .fetch_one(db)
-        .await?;
-
-        Ok(user)
     }
 
     fn get_hashed_pw(pw: &str) -> String {
@@ -102,7 +98,12 @@ WHERE name like ?
     }
 
     pub async fn login(db: &SqlitePool, name: String, pw: String) -> Result<Self, LoginError> {
-        let user = User::find_by_name(db, name).await?;
+        let user = match User::find_by_name(db, name).await {
+            Some(user) => user,
+            None => {
+                return Err(LoginError::InvalidAuthenticationCombo); // Username not found
+            }
+        };
 
         match user.pw.clone() {
             Some(user_pw) => {
diff --git a/src/rest/admin/user.rs b/src/rest/admin/user.rs
index be3c3b8..93fe16a 100644
--- a/src/rest/admin/user.rs
+++ b/src/rest/admin/user.rs
@@ -21,14 +21,14 @@ async fn index(db: &State<SqlitePool>, admin: AdminUser) -> Template {
 async fn resetpw(db: &State<SqlitePool>, _admin: AdminUser, user: i32) -> Flash<Redirect> {
     let user = User::find_by_id(db, user).await;
     match user {
-        Ok(user) => {
+        Some(user) => {
             user.reset_pw(db).await;
             Flash::success(
                 Redirect::to("/admin/user"),
                 format!("Successfully reset pw of {}", user.name),
             )
         }
-        Err(_) => Flash::error(Redirect::to("/admin/user"), "User does not exist"),
+        None => Flash::error(Redirect::to("/admin/user"), "User does not exist"),
     }
 }
 
@@ -47,7 +47,7 @@ async fn update(
     _admin: AdminUser,
 ) -> Flash<Redirect> {
     let user = User::find_by_id(db, data.id).await;
-    let Ok(user) = user else {
+    let Some(user) = user else {
             return Flash::error(
                 Redirect::to("/admin/user"),
                 format!("User with ID {} does not exist!", data.id),
diff --git a/src/rest/auth.rs b/src/rest/auth.rs
index 2b149a3..41efbad 100644
--- a/src/rest/auth.rs
+++ b/src/rest/auth.rs
@@ -77,7 +77,7 @@ async fn updatepw(
     cookies: &CookieJar<'_>,
 ) -> Flash<Redirect> {
     let user = User::find_by_id(db, updatepw.userid).await;
-    let Ok(user) = user else{
+    let Some(user) = user else{
             return Flash::error(
                 Redirect::to("/auth"),
                 format!("User with ID {} does not exist!", updatepw.userid),