gburri/recipes
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

User profile edit page

Browse source
This commit is contained in:
Greg Burri 2024-12-17 21:28:47 +01:00
parent 38c286e860
commit 4248d11aa9
15 changed files with 450 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

108
backend/src/data/db.rs
View file

@ -52,6 +52,13 @@ pub enum SignUpResult {
UserCreatedWaitingForValidation(String), // Validation token.
}
#[derive(Debug)]
pub enum UpdateUserResult {
EmailAlreadyTaken,
UserUpdatedWaitingForRevalidation(String), // Validation token.
Ok,
}
#[derive(Debug)]
pub enum ValidationResult {
UnknownUser,
@ -97,8 +104,7 @@ impl Connection {
Self::new_from_file(path).await
}
// For tests.
#[warn(dead_code)]
#[cfg(test)]
pub async fn new_in_memory() -> Result<Connection> {
Self::create_connection(SqlitePoolOptions::new().connect("sqlite::memory:").await?).await
}
@ -234,8 +240,7 @@ FROM [Recipe] WHERE [id] = $1
.map_err(DBError::from)
}
// For tests.
#[warn(dead_code)]
#[cfg(test)]
pub async fn get_user_login_info(&self, token: &str) -> Result<model::UserLoginInfo> {
sqlx::query_as(
r#"
@ -257,23 +262,62 @@ FROM [UserLoginToken] WHERE [token] = $1
.map_err(DBError::from)
}
/// If a new email is given and it doesn't match the current one then it has to be
/// Revalidated.
pub async fn update_user(
&self,
user_id: i64,
new_email: Option<&str>,
new_name: Option<&str>,
new_password: Option<&str>,
) -> Result<()> {
) -> Result<UpdateUserResult> {
let mut tx = self.tx().await?;
let hashed_new_password = new_password.map(|p| hash(p).unwrap());
let (email, name, password) = sqlx::query_as::<_, (String, String, String)>(
let (email, name, hashed_password) = sqlx::query_as::<_, (String, String, String)>(
"SELECT [email], [name], [password] FROM [User] WHERE [id] = $1",
)
.bind(user_id)
.fetch_one(&mut *tx)
.await?;
let email_changed = new_email.is_some_and(|new_email| new_email != email);
// Check if email not already taken.
let validation_token = if email_changed {
if sqlx::query_scalar::<_, i64>(
r#"
SELECT COUNT(*)
FROM [User]
WHERE [email] = $1
"#,
)
.bind(new_email.unwrap())
.fetch_one(&mut *tx)
.await?
> 0
{
return Ok(UpdateUserResult::EmailAlreadyTaken);
}
let token = Some(generate_token());
sqlx::query(
r#"
UPDATE [User]
SET [validation_token] = $2, [validation_token_datetime] = $3
WHERE [id] = $1
"#,
)
.bind(user_id)
.bind(&token)
.bind(Utc::now())
.execute(&mut *tx)
.await?;
token
} else {
None
};
sqlx::query(
r#"
UPDATE [User]
@ -284,13 +328,17 @@ WHERE [id] = $1
.bind(user_id)
.bind(new_email.unwrap_or(&email))
.bind(new_name.unwrap_or(&name))
.bind(hashed_new_password.unwrap_or(password))
.bind(hashed_new_password.unwrap_or(hashed_password))
.execute(&mut *tx)
.await?;
tx.commit().await?;
Ok(())
Ok(if let Some(validation_token) = validation_token {
UpdateUserResult::UserUpdatedWaitingForRevalidation(validation_token)
} else {
UpdateUserResult::Ok
})
}
pub async fn sign_up(&self, email: &str, password: &str) -> Result<SignUpResult> {
@ -325,7 +373,7 @@ FROM [User] WHERE [email] = $1
sqlx::query(
r#"
UPDATE [User]
SET [validation_token] = $2, [creation_datetime] = $3, [password] = $4
SET [validation_token] = $2, [validation_token_datetime] = $3, [password] = $4
WHERE [id] = $1
"#,
)
@ -343,7 +391,7 @@ WHERE [id] = $1
sqlx::query(
r#"
INSERT INTO [User]
([email], [validation_token], [creation_datetime], [password])
([email], [validation_token], [validation_token_datetime], [password])
VALUES ($1, $2, $3, $4)
"#,
)
@ -373,14 +421,14 @@ VALUES ($1, $2, $3, $4)
// There is no index on [validation_token]. Is it useful?
let user_id = match sqlx::query_as::<_, (i64, DateTime<Utc>)>(
"SELECT [id], [creation_datetime] FROM [User] WHERE [validation_token] = $1",
"SELECT [id], [validation_token_datetime] FROM [User] WHERE [validation_token] = $1",
)
.bind(token)
.fetch_optional(&mut *tx)
.await?
{
Some((id, creation_datetime)) => {
if Utc::now() - creation_datetime > validation_time {
Some((id, validation_token_datetime)) => {
if Utc::now() - validation_token_datetime > validation_time {
return Ok(ValidationResult::ValidationExpired);
}
sqlx::query("UPDATE [User] SET [validation_token] = NULL WHERE [id] = $1")
@ -496,7 +544,7 @@ WHERE [id] = $1
SELECT [password_reset_datetime]
FROM [User]
WHERE [email] = $1
"#,
"#,
)
.bind(email)
.fetch_optional(&mut *tx)
@ -544,7 +592,7 @@ WHERE [email] = $1
SELECT [id], [password_reset_datetime]
FROM [User]
WHERE [password_reset_token] = $1
"#,
"#,
)
.bind(token)
.fetch_one(&mut *tx)
@ -567,7 +615,7 @@ WHERE [password_reset_token] = $1
UPDATE [User]
SET [password] = $2, [password_reset_token] = NULL, [password_reset_datetime] = NULL
WHERE [id] = $1
"#,
"#,
)
.bind(user_id)
.bind(hashed_new_password)
@ -729,7 +777,7 @@ mod tests {
sqlx::query(
r#"
INSERT INTO
[User] ([id], [email], [name], [password], [creation_datetime], [validation_token])
[User] ([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES (
1,
'paul@atreides.com',
@ -777,7 +825,7 @@ INSERT INTO
sqlx::query(
r#"
INSERT INTO [User]
([id], [email], [name], [password], [creation_datetime], [validation_token])
([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES (
1,
'paul@atreides.com',
@ -918,7 +966,7 @@ VALUES (
};
// Validation.
let (authentication_token, user_id) = match connection
let (authentication_token, _user_id) = match connection
.validation(
&validation_token,
Duration::hours(1),
@ -1116,7 +1164,7 @@ VALUES (
sqlx::query(
r#"
INSERT INTO [User]
([id], [email], [name], [password], [creation_datetime], [validation_token])
([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES
($1, $2, $3, $4, $5, $6)
"#
@ -1134,21 +1182,33 @@ VALUES
assert_eq!(user.name, "paul");
assert_eq!(user.email, "paul@atreides.com");
connection
if let UpdateUserResult::UserUpdatedWaitingForRevalidation(token) = connection
.update_user(
1,
Some("muaddib@fremen.com"),
Some("muaddib"),
Some("Chani"),
)
.await?;
.await?
{
let (_authentication_token_1, user_id_1) = match connection
.validation(&token, Duration::hours(1), "127.0.0.1", "Mozilla/5.0")
.await?
{
ValidationResult::Ok(token, user_id) => (token, user_id),
other => panic!("{:?}", other),
};
assert_eq!(user_id_1, 1);
} else {
panic!("A revalidation token must be created when changin e-mail");
}
let user = connection.load_user(1).await?.unwrap();
assert_eq!(user.name, "muaddib");
assert_eq!(user.email, "muaddib@fremen.com");
// Tets if password has been updated correctly.
// Tests if password has been updated correctly.
if let SignInResult::Ok(_token, id) = connection
.sign_in("muaddib@fremen.com", "Chani", "127.0.0.1", "Mozilla/5.0")
.await?
@ -1169,7 +1229,7 @@ VALUES
sqlx::query(
r#"
INSERT INTO [User]
([id], [email], [name], [password], [creation_datetime], [validation_token])
([id], [email], [name], [password], [validation_token_datetime], [validation_token])
VALUES
($1, $2, $3, $4, $5, $6)
"#