From 8c689db1c8fa06ddb9119e626e7b1149f3493905 Mon Sep 17 00:00:00 2001 From: Joris Date: Sat, 12 Aug 2023 20:05:09 +0200 Subject: Sign cookie with secret key --- src/controller/login.rs | 77 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 55 insertions(+), 22 deletions(-) (limited to 'src/controller/login.rs') diff --git a/src/controller/login.rs b/src/controller/login.rs index 09a2786..9757c25 100644 --- a/src/controller/login.rs +++ b/src/controller/login.rs @@ -1,21 +1,24 @@ use bcrypt; +use hyper::header::SET_COOKIE; use hyper::{Body, Response}; use sqlx::sqlite::SqlitePool; use std::collections::HashMap; use tera::{Context, Tera}; use uuid::Uuid; +use crate::controller::utils::with_headers; use crate::controller::wallet::Wallet; use crate::controller::{error, utils}; use crate::db; use crate::model::config::Config; use crate::model::user::User; +use crate::utils::cookie; use crate::validation; pub async fn page( assets: &HashMap, templates: &Tera, - error: Option, + error: Option<&str>, ) -> Response { let connected_user: Option = None; @@ -26,28 +29,23 @@ pub async fn page( utils::template(assets, templates, "login.html", context) } +// TODO rewrite pub async fn login( - config: Config, + config: &Config, assets: &HashMap, templates: &Tera, form: HashMap, pool: SqlitePool, ) -> Response { - let not_authorized = page( - assets, - templates, - Some("Vous n’êtes pas autorisé à vous connecter.".to_string()), - ) - .await; - let server_error = - page(assets, templates, Some("Erreur serveur.".to_string())).await; match validation::login::login(&form) { Some(login) => { match db::users::get_password_hash(&pool, login.email.clone()).await { Some(hash) => match bcrypt::verify(login.password, &hash) { Ok(true) => { + // TODO generate truly random instead of uuid let login_token = Uuid::new_v4(); + if db::users::set_login_token( &pool, login.email, @@ -55,31 +53,66 @@ pub async fn login( ) .await { - utils::with_login_cookie( - config, - login_token, - utils::redirect("/"), - ) + match cookie::login(config, login_token) { + Ok(str) => with_headers( + utils::redirect("/"), + vec![(SET_COOKIE, &str)], + ), + Err(msg) => { + server_error( + assets, + templates, + &format!( + "Error generating cookie: {msg}" + ), + ) + .await + } + } } else { - server_error + server_error(assets, templates, "Erreur server") + .await } } - Ok(false) => not_authorized, + Ok(false) => not_authorized(assets, templates).await, Err(err) => { error!("Error verifying bcrypt password: {:?}", err); - server_error + server_error(assets, templates, "Erreur serveur").await } }, - None => not_authorized, + None => not_authorized(assets, templates).await, } } - None => not_authorized, + None => not_authorized(assets, templates).await, } } -pub async fn logout(config: Config, wallet: &Wallet) -> Response { +async fn server_error( + assets: &HashMap, + templates: &Tera, + msg: &str, +) -> Response { + page(assets, templates, Some(msg)).await +} + +async fn not_authorized( + assets: &HashMap, + templates: &Tera, +) -> Response { + page( + assets, + templates, + Some("Vous n’êtes pas autorisé à vous connecter."), + ) + .await +} + +pub async fn logout(config: &Config, wallet: &Wallet) -> Response { if db::users::remove_login_token(&wallet.pool, wallet.user.id).await { - utils::with_logout_cookie(config, utils::redirect("/")) + with_headers( + utils::redirect("/"), + vec![(SET_COOKIE, &cookie::logout(config))], + ) } else { error::error(wallet, "Erreur serveur", "Erreur serveur") } -- cgit v1.2.3