From 4589d5a278c8d1c51e4a465c04945f8a84b6e131 Mon Sep 17 00:00:00 2001 From: Akshay Date: Wed, 11 Nov 2020 19:14:32 +0530 Subject: add change password endpoint, compiles on stable rust --- src/bin/server.rs | 6 +- src/handlers/users.rs | 37 ++++++++++++ src/handlers/users.rs.html | 137 --------------------------------------------- 3 files changed, 42 insertions(+), 138 deletions(-) delete mode 100644 src/handlers/users.rs.html (limited to 'src') diff --git a/src/bin/server.rs b/src/bin/server.rs index eb290db..d074e4f 100644 --- a/src/bin/server.rs +++ b/src/bin/server.rs @@ -34,7 +34,11 @@ async fn main() -> std::io::Result<()> { .route("/existing", web::post().to(users::name_exists)) .route("/login", web::post().to(users::login)) .route("/{uname}", web::get().to(users::user_details)) - .route("/new", web::post().to(users::new_user)), + .route("/new", web::post().to(users::new_user)) + .route( + "/change_password", + web::post().to(users::change_password), + ), ) .route("/hey", web::get().to(manual_hello)) }) diff --git a/src/handlers/users.rs b/src/handlers/users.rs index e6b0415..c7bc870 100644 --- a/src/handlers/users.rs +++ b/src/handlers/users.rs @@ -104,3 +104,40 @@ pub async fn user_details( } } } + +#[derive(Deserialize, Debug)] +pub struct ChangePassword { + old_password: String, + new_password: String, +} + +pub async fn change_password( + cookie: Identity, + password_details: web::Json, + pool: web::Data, +) -> impl Responder { + info!("Change password request: {:?}", password_details); + let conn = pool.get().unwrap(); + if let Some(uname) = cookie.identity() { + let entered_pass = &password_details.old_password; + let new_password = &password_details.new_password; + let selected_user = members + .filter(username.eq(&uname)) + .limit(1) + .first::(&conn) + .expect("Couldn't connect to DB"); + let hashed_pass = selected_user.password; + if verify(entered_pass, &hashed_pass).unwrap() { + let hashed_new_password = + hash(&new_password, DEFAULT_COST).unwrap(); + diesel::update(members.filter(id.eq(selected_user.id))) + .set(password.eq(hashed_new_password)) + .execute(&conn) + .unwrap(); + return HttpResponse::Ok().body("Changed password successfully"); + } else { + return HttpResponse::Ok().body("Invalid password"); + } + } + return HttpResponse::Unauthorized().body("Login first"); +} diff --git a/src/handlers/users.rs.html b/src/handlers/users.rs.html deleted file mode 100644 index a233b04..0000000 --- a/src/handlers/users.rs.html +++ /dev/null @@ -1,137 +0,0 @@ - - - - -~/code/rust/actix-tests/src/handlers/users.rs.html - - - - - - - - -
-use crate::models::{Member, NewMember};
-use crate::schema::members::dsl::*;
-use crate::TPool;
-
-use actix_identity::Identity;
-use actix_web::{web, HttpResponse, Responder};
-use bcrypt::{hash, verify, DEFAULT_COST};
-use diesel::prelude::*;
-use log::{error, info};
-use serde::Deserialize;
-
-pub async fn new_user(
-    pool: web::Data<TPool>,
-    item: web::Json<NewMember>,
-) -> impl Responder {
-    let conn = pool.get().unwrap();
-    let hashed_item = NewMember {
-        password: hash(&item.password, DEFAULT_COST).unwrap(),
-        ..(item.into_inner())
-    };
-    diesel::insert_into(members)
-        .values(hashed_item)
-        .execute(&conn)
-        .expect("Coundn't connect to DB");
-    HttpResponse::Ok().body("Inserted successfully!")
-}
-
-pub async fn name_exists(
-    pool: web::Data<TPool>,
-    item: String,
-) -> impl Responder {
-    let conn = pool.get().unwrap();
-    info!("target: {:?}", item);
-    if (members
-        .filter(username.eq(&item))
-        .limit(1)
-        .load::<Member>(&conn)
-        .expect("Coundn't connect to DB"))
-    .len()
-        > 0
-    {
-        HttpResponse::Ok().body("true")
-    } else {
-        HttpResponse::Ok().body("false")
-    }
-}
-
-#[derive(Deserialize)]
-pub struct Login {
-    username: String,
-    password: String,
-}
-
-pub async fn login(
-    pool: web::Data<TPool>,
-    cookie: Identity,
-    login_details: web::Form<Login>,
-) -> impl Responder {
-    let conn = pool.get().unwrap();
-    let entered_pass = &login_details.password;
-    let selected_user = members
-        .filter(username.eq(&login_details.username))
-        .limit(1)
-        .first::<Member>(&conn)
-        .expect("Couldn't connect to DB");
-    let hashed_pass = selected_user.password;
-    if verify(entered_pass, &hashed_pass).unwrap() {
-        cookie.remember(login_details.username.clone());
-        info!(
-            "Successful login: {} {}",
-            selected_user.username, selected_user.email_id
-        );
-        HttpResponse::Found().header("location", "/").finish()
-    } else {
-        HttpResponse::Unauthorized().finish()
-    }
-}
-
-pub async fn logout(cookie: Identity) -> impl Responder {
-    cookie.forget();
-    HttpResponse::Found().header("location", "/").finish()
-}
-
-pub async fn user_details(
-    uname: web::Path<String>,
-    pool: web::Data<TPool>,
-) -> impl Responder {
-    let conn = pool.get().unwrap();
-    let uname = uname.into_inner();
-    info!("Fetching info for: \"{}\"", uname);
-    let selected_user = members
-        .filter(username.eq(&uname))
-        .limit(1)
-        .first::<Member>(&conn);
-    match selected_user {
-        Ok(m) => {
-            info!("Found user: {}", uname);
-            HttpResponse::Ok().json(m)
-        }
-        Err(_) => {
-            error!("User not found: {}", uname);
-            HttpResponse::NotFound().finish()
-        }
-    }
-}
-
- - - -- cgit v1.2.3