From a53c0ede9cc0a22f92b00535fe854f0535e12d65 Mon Sep 17 00:00:00 2001
From: philipp <philipp@hofer.link>
Date: Sun, 13 Oct 2024 14:51:11 +0200
Subject: [PATCH] only allow people with access rights to login via wordpress

---
 seeds.sql       |  1 +
 src/tera/mod.rs | 14 +++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/seeds.sql b/seeds.sql
index f1e1acd..caa32a2 100644
--- a/seeds.sql
+++ b/seeds.sql
@@ -13,6 +13,7 @@ INSERT INTO "role" (name) VALUES ('kassier');
 INSERT INTO "role" (name) VALUES ('schriftfuehrer');
 INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
 INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
+INSERT INTO "role" (name) VALUES ('allow_website_login');
 INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
 INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
 INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);
diff --git a/src/tera/mod.rs b/src/tera/mod.rs
index e49e053..314483b 100644
--- a/src/tera/mod.rs
+++ b/src/tera/mod.rs
@@ -106,10 +106,18 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
 
 #[post("/", data = "<login>")]
 async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
-    match User::login(db, login.name, login.password).await {
-        Ok(_) => "SUCC".into(),
-        Err(_) => "FAIL".into(),
+    if let Ok(user) = User::login(db, login.name, login.password).await {
+        if user.has_role(db, "allow_website_login").await {
+            return String::from("SUCC");
+        }
+        if user.has_role(db, "admin").await {
+            return String::from("SUCC");
+        }
+        if user.has_role(db, "Vorstand").await {
+            return String::from("SUCC");
+        }
     }
+    "FAIL".into()
 }
 
 #[catch(401)] //Unauthorized