gburri/recipes
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

User profile edit page

Browse source
This commit is contained in:
Greg Burri 2024-12-17 21:28:47 +01:00
parent 38c286e860
commit 4248d11aa9
15 changed files with 450 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

108
backend/src/data/db.rs
View file

@ -52,6 +52,13 @@ pub enum SignUpResult {
UserCreatedWaitingForValidation(String), // Validation token.
}
#[derive(Debug)]
pub enum UpdateUserResult {
EmailAlreadyTaken,
UserUpdatedWaitingForRevalidation(String), // Validation token.
Ok,
}
#[derive(Debug)]
pub enum ValidationResult {
UnknownUser,
@ -97,8 +104,7 @@ impl Connection {
Self::new_from_file(path).await
}
// For tests.
#[warn(dead_code)]
#[cfg(test)]
pub async fn new_in_memory() -> Result<Connection> {
Self::create_connection(SqlitePoolOptions::new().connect("sqlite::memory:").await?).await
}
@ -234,8 +240,7 @@ FROM [Recipe] WHERE [id] = $1
.map_err(DBError::from)
}
// For tests.
#[warn(dead_code)]
#[cfg(test)]
pub async fn get_user_login_info(&self, token: &str) -> Result<model::UserLoginInfo> {
sqlx::query_as(
r#"
@ -257,23 +262,62 @@ FROM [UserLoginToken] WHERE [token] = $1
.map_err(DBError::from)
}
/// If a new email is given and it doesn't match the current one then it has to be
/// Revalidated.
pub async fn update_user(
&self,
user_id: i64,
new_email: Option<&str>,
new_name: Option<&str>,
new_password: Option<&str>,
) -> Result<()> {
) -> Result<UpdateUserResult> {
let mut tx = self.tx().await?;
let hashed_new_password = new_password.map(|p| hash(p).unwrap());
let (email, name, password) = sqlx::query_as::<_, (String, String, String)>(
let (email, name, hashed_password) = sqlx::query_as::<_, (String, String, String)>(
"SELECT [email], [name], [password] FROM [User] WHERE [id] = $1",
)
.bind(user_id)
.fetch_one(&mut *tx)
.await?;
let email_changed = new_email.is_some_and(|new_email| new_email != email);
// Check if email not already taken.
let validation_token = if email_changed {
if sqlx::query_scalar::<_, i64>(
r#"
SELECT COUNT(*)
FROM [User]
WHERE [email] = $1
"#,
)
.bind(new_email.unwrap())
.fetch_one(&mut *tx)
.await?
> 0
{
return Ok(UpdateUserResult::EmailAlreadyTaken);
}
let token = Some(generate_token());
sqlx::query(
r#"
UPDATE [User]
SET [validation_token] = $2, [validation_token_datetime] = $3
WHERE [id] = $1
"#,
)
.bind(user_id)
.bind(&token)
.bind(Utc::now())
.execute(&mut *tx)
.await?;
token
} else {
None
};
sqlx::query(
r#"
UPDATE [User]
@ -284,13 +328,17 @@ WHERE [id] = $1
.bind(user_id)
.bind(new_email.unwrap_or(&email))
.bind(new_name.unwrap_or(&name))
.bind(hashed_new_password.unwrap_or(password))
.bind(hashed_new_password.unwrap_or(hashed_password))
.execute(&mut *tx)
.await?;
tx.commit().await?;
Ok(())
Ok(if let Some(validation_token) = validation_token {
UpdateUserResult::UserUpdatedWaitingForRevalidation(validation_token)
} else {
UpdateUserResult::Ok
})
}
pub async fn sign_up(&self, email: &str, password: &str) -> Result<SignUpResult> {
@ -325,7 +373,7 @@ FROM [User] WHERE [email] = $1
sqlx::query(
r#"
UPDATE [User]
SET [validation_token] = $2, [creation_datetime] = $3, [password] = $4
SET [validation_token] = $2, [validation_token_datetime] = $3, [password] = $4
WHERE [id] = $1
"#,
)
@ -343,7 +391,7 @@ WHERE [id] = $1
sqlx::query(
r#"
INSERT INTO [User]
([email], [validation_token], [creation_datetime], [password])
([email], [validation_token], [validation_token_datetime], [password])
VALUES ($1, $2, $3, $4)
"#,
)
@ -373,14 +421,14 @@ VALUES ($1, $2, $3, $4)
// There is no index on [validation_token]. Is it useful?
let user_id = match sqlx::query_as::<_, (i64, DateTime<Utc>)>(
"SELECT [id], [creation_datetime] FROM [User] WHERE [validation_token] = $1",
"SELECT [id], [validation_token_datetime] FROM [User] WHERE [validation_token] = $1",
)
.bind(token)
.fetch_optional(&mut *tx)
.await?
{
Some((id, creation_datetime)) => {
if Utc::now() - creation_datetime > validation_time {
Some((id, validation_token_datetime)) => {
if Utc::now() - validation_token_datetime > validation_time {
return Ok(ValidationResult::ValidationExpired);
}
sqlx::query("UPDATE [User] SET [validation_token] = NULL WHERE [id] = $1")
@ -496,7 +544,7 @@ WHERE [id] = $1
SELECT [password_reset_datetime]
FROM [User]
WHERE [email] = $1
"#,
"#,
)
.bind(email)
.fetch_optional(&mut *tx)
@ -544,7 +592,7 @@ WHERE [email] = $1
SELECT [id], [password_reset_datetime]
FROM [User]
WHERE [password_reset_token] = $1
"#,
"#,
)
.bind(token)
.fetch_one(&mut *tx)
@ -567,7 +615,7 @@ WHERE [password_reset_token] = $1
UPDATE [User]
SET [password] = $2, [password_reset_token] = NULL, [password_reset_datetime] = NULL
WHERE [id] = $1
"#,
"#,
)
.bind(user_id)
.bind(hashed_new_password)
@ -729,7 +777,7 @@ mod tests {
sqlx::query(
r#"
INSERT INTO
[User] ([id], [email], [name], [password], [creation_datetime], [validation_token])
[User] ([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES (
1,
'paul@atreides.com',
@ -777,7 +825,7 @@ INSERT INTO
sqlx::query(
r#"
INSERT INTO [User]
([id], [email], [name], [password], [creation_datetime], [validation_token])
([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES (
1,
'paul@atreides.com',
@ -918,7 +966,7 @@ VALUES (
};
// Validation.
let (authentication_token, user_id) = match connection
let (authentication_token, _user_id) = match connection
.validation(
&validation_token,
Duration::hours(1),
@ -1116,7 +1164,7 @@ VALUES (
sqlx::query(
r#"
INSERT INTO [User]
([id], [email], [name], [password], [creation_datetime], [validation_token])
([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES
($1, $2, $3, $4, $5, $6)
"#
@ -1134,21 +1182,33 @@ VALUES
assert_eq!(user.name, "paul");
assert_eq!(user.email, "paul@atreides.com");
connection
if let UpdateUserResult::UserUpdatedWaitingForRevalidation(token) = connection
.update_user(
1,
Some("muaddib@fremen.com"),
Some("muaddib"),
Some("Chani"),
)
.await?;
.await?
{
let (_authentication_token_1, user_id_1) = match connection
.validation(&token, Duration::hours(1), "127.0.0.1", "Mozilla/5.0")
.await?
{
ValidationResult::Ok(token, user_id) => (token, user_id),
other => panic!("{:?}", other),
};
assert_eq!(user_id_1, 1);
} else {
panic!("A revalidation token must be created when changin e-mail");
}
let user = connection.load_user(1).await?.unwrap();
assert_eq!(user.name, "muaddib");
assert_eq!(user.email, "muaddib@fremen.com");
// Tets if password has been updated correctly.
// Tests if password has been updated correctly.
if let SignInResult::Ok(_token, id) = connection
.sign_in("muaddib@fremen.com", "Chani", "127.0.0.1", "Mozilla/5.0")
.await?
@ -1169,7 +1229,7 @@ VALUES
sqlx::query(
r#"
INSERT INTO [User]
([id], [email], [name], [password], [creation_datetime], [validation_token])
([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES
($1, $2, $3, $4, $5, $6)
"#

27
backend/src/html_templates.rs
View file

@ -21,12 +21,30 @@ pub struct ViewRecipeTemplate {
#[derive(Template)]
#[template(path = "message.html")]
pub struct MessageTemplate<'a> {
pub struct MessageTemplate {
pub user: Option<model::User>,
pub message: &'a str,
pub message: String,
pub as_code: bool, // Display the message in <pre> markup.
}
impl MessageTemplate {
pub fn new(message: &str) -> MessageTemplate {
MessageTemplate {
user: None,
message: message.to_string(),
as_code: false,
}
}
pub fn new_with_user(message: &str, user: Option<model::User>) -> MessageTemplate {
MessageTemplate {
user,
message: message.to_string(),
as_code: false,
}
}
}
#[derive(Template)]
#[template(path = "sign_up_form.html")]
pub struct SignUpFormTemplate {
@ -67,4 +85,9 @@ pub struct ResetPasswordTemplate {
#[template(path = "profile.html")]
pub struct ProfileTemplate {
pub user: Option<model::User>,
pub username: String,
pub email: String,
pub message: String,
pub message_email: String,
pub message_password: String,
}

17
backend/src/main.rs
View file

@ -5,7 +5,7 @@ use axum::{
http::StatusCode,
middleware::{self, Next},
response::{Response, Result},
routing::{get, put},
routing::get,
Router,
};
use axum_extra::extract::cookie::CookieJar;
@ -84,9 +84,9 @@ async fn main() {
db_connection,
};
// TODO: Add fallback fo ron_api_routes.
let ron_api_routes = Router::new()
.route("/user/update", put(services::ron::update_user))
// Disabled: update user profile is now made with a post data ('edit_user_post').
// .route("/user/update", put(services::ron::update_user))
.fallback(services::ron::not_found);
let html_routes = Router::new()
@ -96,6 +96,7 @@ async fn main() {
get(services::sign_up_get).post(services::sign_up_post),
)
.route("/validation", get(services::sign_up_validation))
.route("/revalidation", get(services::email_revalidation))
.route(
"/signin",
get(services::sign_in_get).post(services::sign_in_post),
@ -112,7 +113,10 @@ async fn main() {
// Recipes.
.route("/recipe/view/:id", get(services::view_recipe))
// User.
.route("/user/edit", get(services::edit_user))
.route(
"/user/edit",
get(services::edit_user_get).post(services::edit_user_post),
)
.route_layer(middleware::from_fn(services::ron_error_to_html));
let app = Router::new()
@ -179,6 +183,11 @@ async fn get_current_user(
}
#[derive(Parser, Debug)]
#[command(
author = "Greg Burri",
version = "1.0",
about = "A little cooking recipes website"
)]
struct Args {
/// Will clear the database and insert some test data. (A backup is made first).
#[arg(long)]

2
backend/src/ron_utils.rs
View file

@ -1,7 +1,5 @@
use axum::{
async_trait,
body::Bytes,
extract::{FromRequest, Request},
http::{header, HeaderValue, StatusCode},
response::{IntoResponse, Response},
};

246
backend/src/services.rs
View file

@ -32,7 +32,7 @@ pub async fn ron_error_to_html(req: Request, next: Next) -> Result<Response> {
};
return Ok(MessageTemplate {
user: None,
message: &message,
message,
as_code: true,
}
.into_response());
@ -83,26 +83,6 @@ pub async fn view_recipe(
}
}
///// MESSAGE /////
impl<'a> MessageTemplate<'a> {
pub fn new(message: &'a str) -> MessageTemplate<'a> {
MessageTemplate {
user: None,
message,
as_code: false,
}
}
pub fn new_with_user(message: &'a str, user: Option<model::User>) -> MessageTemplate<'a> {
MessageTemplate {
user,
message,
as_code: false,
}
}
}
//// SIGN UP /////
#[debug_handler]
@ -198,7 +178,6 @@ pub async fn sign_up_post(
}
Ok(db::SignUpResult::UserCreatedWaitingForValidation(token)) => {
let url = utils::get_url_from_host(&host);
let email = form_data.email.clone();
match email::send_email(
&email,
@ -214,7 +193,7 @@ pub async fn sign_up_post(
{
Ok(()) => Ok(
MessageTemplate::new_with_user(
"An email has been sent, follow the link to validate your account.",
"An email has been sent, follow the link to validate your account",
user).into_response()),
Err(_) => {
// error!("Email validation error: {}", error); // TODO: log
@ -223,7 +202,7 @@ pub async fn sign_up_post(
}
}
Err(_) => {
// error!("Signup database error: {}", error);
// error!("Signup database error: {}", error); // TODO: log
error_response(SignUpError::DatabaseError, &form_data, user)
}
}
@ -595,17 +574,224 @@ pub async fn reset_password_post(
///// EDIT PROFILE /////
#[debug_handler]
pub async fn edit_user(
State(connection): State<db::Connection>,
Extension(user): Extension<Option<model::User>>,
) -> Response {
if user.is_some() {
ProfileTemplate { user }.into_response()
pub async fn edit_user_get(Extension(user): Extension<Option<model::User>>) -> Response {
if let Some(user) = user {
ProfileTemplate {
username: user.name.clone(),
email: user.email.clone(),
user: Some(user),
message: String::new(),
message_email: String::new(),
message_password: String::new(),
}
.into_response()
} else {
MessageTemplate::new("Not logged in").into_response()
}
}
#[derive(Deserialize, Debug)]
pub struct EditUserForm {
name: String,
email: String,
password_1: String,
password_2: String,
}
enum ProfileUpdateError {
InvalidEmail,
EmailAlreadyTaken,
PasswordsNotEqual,
InvalidPassword,
DatabaseError,
UnableSendEmail,
}
// TODO: A lot of code are similar to 'sign_up_post', maybe find a way to factorize some.
#[debug_handler(state = AppState)]
pub async fn edit_user_post(
Host(host): Host,
State(connection): State<db::Connection>,
State(config): State<Config>,
Extension(user): Extension<Option<model::User>>,
Form(form_data): Form<EditUserForm>,
) -> Result<Response> {
if let Some(user) = user {
fn error_response(
error: ProfileUpdateError,
form_data: &EditUserForm,
user: model::User,
) -> Result<Response> {
Ok(ProfileTemplate {
user: Some(user),
username: form_data.name.clone(),
email: form_data.email.clone(),
message_email: match error {
ProfileUpdateError::InvalidEmail => "Invalid email",
ProfileUpdateError::EmailAlreadyTaken => "Email already taken",
_ => "",
}
.to_string(),
message_password: match error {
ProfileUpdateError::PasswordsNotEqual => "Passwords don't match",
ProfileUpdateError::InvalidPassword => {
"Password must have at least eight characters"
}
_ => "",
}
.to_string(),
message: match error {
ProfileUpdateError::DatabaseError => "Database error",
ProfileUpdateError::UnableSendEmail => "Unable to send the validation email",
_ => "",
}
.to_string(),
}
.into_response())
}
if let common::utils::EmailValidation::NotValid =
common::utils::validate_email(&form_data.email)
{
return error_response(ProfileUpdateError::InvalidEmail, &form_data, user);
}
let new_password = if !form_data.password_1.is_empty() || !form_data.password_2.is_empty() {
if form_data.password_1 != form_data.password_2 {
return error_response(ProfileUpdateError::PasswordsNotEqual, &form_data, user);
}
if let common::utils::PasswordValidation::TooShort =
common::utils::validate_password(&form_data.password_1)
{
return error_response(ProfileUpdateError::InvalidPassword, &form_data, user);
}
Some(form_data.password_1.as_ref())
} else {
None
};
let email_trimmed = form_data.email.trim();
let message: &str;
match connection
.update_user(
user.id,
Some(&email_trimmed),
Some(&form_data.name),
new_password,
)
.await
{
Ok(db::UpdateUserResult::EmailAlreadyTaken) => {
return error_response(ProfileUpdateError::EmailAlreadyTaken, &form_data, user);
}
Ok(db::UpdateUserResult::UserUpdatedWaitingForRevalidation(token)) => {
let url = utils::get_url_from_host(&host);
let email = form_data.email.clone();
match email::send_email(
&email,
&format!(
"Follow this link to validate this email address: {}/revalidation?validation_token={}",
url, token
),
&config.smtp_relay_address,
&config.smtp_login,
&config.smtp_password,
)
.await
{
Ok(()) => {
message =
"An email has been sent, follow the link to validate your new email";
}
Err(_) => {
// error!("Email validation error: {}", error); // TODO: log
return error_response(ProfileUpdateError::UnableSendEmail, &form_data, user);
}
}
}
Ok(db::UpdateUserResult::Ok) => {
message = "Profile saved";
}
Err(_) => return error_response(ProfileUpdateError::DatabaseError, &form_data, user),
}
// Reload after update.
let user = connection.load_user(user.id).await?;
Ok(ProfileTemplate {
user,
username: form_data.name,
email: form_data.email,
message: message.to_string(),
message_email: String::new(),
message_password: String::new(),
}
.into_response())
} else {
Ok(MessageTemplate::new("Not logged in").into_response())
}
}
#[debug_handler]
pub async fn email_revalidation(
State(connection): State<db::Connection>,
Extension(user): Extension<Option<model::User>>,
ConnectInfo(addr): ConnectInfo<SocketAddr>,
Query(query): Query<HashMap<String, String>>,
headers: HeaderMap,
) -> Result<(CookieJar, impl IntoResponse)> {
let mut jar = CookieJar::from_headers(&headers);
if user.is_some() {
return Ok((
jar,
MessageTemplate::new_with_user("User already exists", user),
));
}
let (client_ip, client_user_agent) = utils::get_ip_and_user_agent(&headers, addr);
match query.get("validation_token") {
// 'validation_token' exists only when a user must validate a new email.
Some(token) => {
match connection
.validation(
token,
Duration::seconds(consts::VALIDATION_TOKEN_DURATION),
&client_ip,
&client_user_agent,
)
.await?
{
db::ValidationResult::Ok(token, user_id) => {
let cookie = Cookie::new(consts::COOKIE_AUTH_TOKEN_NAME, token);
jar = jar.add(cookie);
let user = connection.load_user(user_id).await?;
Ok((
jar,
MessageTemplate::new_with_user("Email validation successful", user),
))
}
db::ValidationResult::ValidationExpired => Ok((
jar,
MessageTemplate::new_with_user(
"The validation has expired. Try to sign up again with the same email",
user,
),
)),
db::ValidationResult::UnknownUser => Ok((
jar,
MessageTemplate::new_with_user(
"Validation error. Try to sign up again with the same email",
user,
),
)),
}
}
None => Ok((
jar,
MessageTemplate::new_with_user("Validation error", user),
)),
}
}
///// 404 /////
#[debug_handler]
pub async fn not_found(Extension(user): Extension<Option<model::User>>) -> impl IntoResponse {

7
backend/src/services/ron.rs
View file

@ -52,10 +52,11 @@ use axum::{
http::StatusCode,
response::{ErrorResponse, IntoResponse, Result},
};
use tracing::{event, Level};
// use tracing::{event, Level};
use crate::{data::db, model, ron_extractor::ExtractRon, ron_utils::ron_error};
#[allow(dead_code)]
#[debug_handler]
pub async fn update_user(
State(connection): State<db::Connection>,
@ -66,7 +67,7 @@ pub async fn update_user(
connection
.update_user(
user.id,
ron.email.as_deref(),
ron.email.as_deref().map(str::trim),
ron.name.as_deref(),
ron.password.as_deref(),
)
@ -82,6 +83,6 @@ pub async fn update_user(
///// 404 /////
#[debug_handler]
pub async fn not_found(Extension(user): Extension<Option<model::User>>) -> impl IntoResponse {
pub async fn not_found(Extension(_user): Extension<Option<model::User>>) -> impl IntoResponse {
ron_error(StatusCode::NOT_FOUND, "Not found")
}