diff options
Diffstat (limited to 'server/src/api/user.rs')
| -rw-r--r-- | server/src/api/user.rs | 160 |
1 files changed, 82 insertions, 78 deletions
diff --git a/server/src/api/user.rs b/server/src/api/user.rs index e8ad20aa..912587da 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -28,6 +28,10 @@ pub struct SaveUserSettings { default_listing_type: i16, lang: String, avatar: Option<String>, + email: Option<String>, + new_password: Option<String>, + new_password_verify: Option<String>, + old_password: Option<String>, auth: String, } @@ -168,18 +172,13 @@ impl Perform<LoginResponse> for Oper<Login> { // Fetch that username / email let user: User_ = match User_::find_by_email_or_username(&conn, &data.username_or_email) { Ok(user) => user, - Err(_e) => { - return Err(APIError::err( - &self.op, - "couldnt_find_that_username_or_email", - ))? - } + Err(_e) => return Err(APIError::err(&self.op, "couldnt_find_that_username_or_email").into()), }; // Verify the password let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false); if !valid { - return Err(APIError::err(&self.op, "password_incorrect"))?; + return Err(APIError::err(&self.op, "password_incorrect").into()); } // Return the jwt @@ -198,22 +197,22 @@ impl Perform<LoginResponse> for Oper<Register> { // Make sure site has open registration if let Ok(site) = SiteView::read(&conn) { if !site.open_registration { - return Err(APIError::err(&self.op, "registration_closed"))?; + return Err(APIError::err(&self.op, "registration_closed").into()); } } // Make sure passwords match - if &data.password != &data.password_verify { - return Err(APIError::err(&self.op, "passwords_dont_match"))?; + if data.password != data.password_verify { + return Err(APIError::err(&self.op, "passwords_dont_match").into()); } if has_slurs(&data.username) { - return Err(APIError::err(&self.op, "no_slurs"))?; + return Err(APIError::err(&self.op, "no_slurs").into()); } // Make sure there are no admins - if data.admin && UserView::admins(&conn)?.len() > 0 { - return Err(APIError::err(&self.op, "admin_already_created"))?; + if data.admin && !UserView::admins(&conn)?.is_empty() { + return Err(APIError::err(&self.op, "admin_already_created").into()); } // Register the new user @@ -237,7 +236,7 @@ impl Perform<LoginResponse> for Oper<Register> { // Create the user let inserted_user = match User_::register(&conn, &user_form) { Ok(user) => user, - Err(_e) => return Err(APIError::err(&self.op, "user_already_exists"))?, + Err(_e) => return Err(APIError::err(&self.op, "user_already_exists").into()), }; // Create the main community if it doesn't exist @@ -268,7 +267,7 @@ impl Perform<LoginResponse> for Oper<Register> { let _inserted_community_follower = match CommunityFollower::follow(&conn, &community_follower_form) { Ok(user) => user, - Err(_e) => return Err(APIError::err(&self.op, "community_follower_already_exists"))?, + Err(_e) => return Err(APIError::err(&self.op, "community_follower_already_exists").into()), }; // If its an admin, add them as a mod and follower to main @@ -282,10 +281,7 @@ impl Perform<LoginResponse> for Oper<Register> { match CommunityModerator::join(&conn, &community_moderator_form) { Ok(user) => user, Err(_e) => { - return Err(APIError::err( - &self.op, - "community_moderator_already_exists", - ))? + return Err(APIError::err(&self.op, "community_moderator_already_exists").into()) } }; } @@ -305,19 +301,52 @@ impl Perform<LoginResponse> for Oper<SaveUserSettings> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; let read_user = User_::read(&conn, user_id)?; + let email = match &data.email { + Some(email) => Some(email.to_owned()), + None => read_user.email, + }; + + let password_encrypted = match &data.new_password { + Some(new_password) => { + match &data.new_password_verify { + Some(new_password_verify) => { + // Make sure passwords match + if new_password != new_password_verify { + return Err(APIError::err(&self.op, "passwords_dont_match").into()); + } + + // Check the old password + match &data.old_password { + Some(old_password) => { + let valid: bool = + verify(old_password, &read_user.password_encrypted).unwrap_or(false); + if !valid { + return Err(APIError::err(&self.op, "password_incorrect").into()); + } + User_::update_password(&conn, user_id, &new_password)?.password_encrypted + } + None => return Err(APIError::err(&self.op, "password_incorrect").into()), + } + } + None => return Err(APIError::err(&self.op, "passwords_dont_match").into()), + } + } + None => read_user.password_encrypted, + }; + let user_form = UserForm { name: read_user.name, fedi_name: read_user.fedi_name, - email: read_user.email, + email, avatar: data.avatar.to_owned(), - password_encrypted: read_user.password_encrypted, + password_encrypted, preferred_username: read_user.preferred_username, updated: Some(naive_now()), admin: read_user.admin, @@ -331,7 +360,7 @@ impl Perform<LoginResponse> for Oper<SaveUserSettings> { let updated_user = match User_::update(&conn, user_id, &user_form) { Ok(user) => user, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user").into()), }; // Return the jwt @@ -372,14 +401,14 @@ impl Perform<GetUserDetailsResponse> for Oper<GetUserDetails> { None => { match User_::read_from_name( &conn, - data.username.to_owned().unwrap_or("admin".to_string()), + data + .username + .to_owned() + .unwrap_or_else(|| "admin".to_string()), ) { Ok(user) => user.id, Err(_e) => { - return Err(APIError::err( - &self.op, - "couldnt_find_that_username_or_email", - ))? + return Err(APIError::err(&self.op, "couldnt_find_that_username_or_email").into()) } } } @@ -441,14 +470,14 @@ impl Perform<AddAdminResponse> for Oper<AddAdmin> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; // Make sure user is an admin - if UserView::read(&conn, user_id)?.admin == false { - return Err(APIError::err(&self.op, "not_an_admin"))?; + if !UserView::read(&conn, user_id)?.admin { + return Err(APIError::err(&self.op, "not_an_admin").into()); } let read_user = User_::read(&conn, data.user_id)?; @@ -472,7 +501,7 @@ impl Perform<AddAdminResponse> for Oper<AddAdmin> { match User_::update(&conn, data.user_id, &user_form) { Ok(user) => user, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user").into()), }; // Mod tables @@ -504,14 +533,14 @@ impl Perform<BanUserResponse> for Oper<BanUser> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; // Make sure user is an admin - if UserView::read(&conn, user_id)?.admin == false { - return Err(APIError::err(&self.op, "not_an_admin"))?; + if !UserView::read(&conn, user_id)?.admin { + return Err(APIError::err(&self.op, "not_an_admin").into()); } let read_user = User_::read(&conn, data.user_id)?; @@ -535,7 +564,7 @@ impl Perform<BanUserResponse> for Oper<BanUser> { match User_::update(&conn, data.user_id, &user_form) { Ok(user) => user, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user").into()), }; // Mod tables @@ -571,7 +600,7 @@ impl Perform<GetRepliesResponse> for Oper<GetReplies> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; @@ -599,7 +628,7 @@ impl Perform<GetUserMentionsResponse> for Oper<GetUserMentions> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; @@ -627,7 +656,7 @@ impl Perform<UserMentionResponse> for Oper<EditUserMention> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; @@ -643,7 +672,7 @@ impl Perform<UserMentionResponse> for Oper<EditUserMention> { let _updated_user_mention = match UserMention::update(&conn, user_mention.id, &user_mention_form) { Ok(comment) => comment, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment").into()), }; let user_mention_view = UserMentionView::read(&conn, user_mention.id, user_id)?; @@ -662,7 +691,7 @@ impl Perform<GetRepliesResponse> for Oper<MarkAllAsRead> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; @@ -687,7 +716,7 @@ impl Perform<GetRepliesResponse> for Oper<MarkAllAsRead> { let _updated_comment = match Comment::update(&conn, reply.id, &comment_form) { Ok(comment) => comment, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment").into()), }; } @@ -708,7 +737,7 @@ impl Perform<GetRepliesResponse> for Oper<MarkAllAsRead> { let _updated_mention = match UserMention::update(&conn, mention.user_mention_id, &mention_form) { Ok(mention) => mention, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment").into()), }; } @@ -726,7 +755,7 @@ impl Perform<LoginResponse> for Oper<DeleteAccount> { let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err(&self.op, "not_logged_in"))?, + Err(_e) => return Err(APIError::err(&self.op, "not_logged_in").into()), }; let user_id = claims.id; @@ -736,7 +765,7 @@ impl Perform<LoginResponse> for Oper<DeleteAccount> { // Verify the password let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false); if !valid { - return Err(APIError::err(&self.op, "password_incorrect"))?; + return Err(APIError::err(&self.op, "password_incorrect").into()); } // Comments @@ -759,7 +788,7 @@ impl Perform<LoginResponse> for Oper<DeleteAccount> { let _updated_comment = match Comment::update(&conn, comment.id, &comment_form) { Ok(comment) => comment, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_comment").into()), }; } @@ -787,7 +816,7 @@ impl Perform<LoginResponse> for Oper<DeleteAccount> { let _updated_post = match Post::update(&conn, post.id, &post_form) { Ok(post) => post, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_post"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_post").into()), }; } @@ -806,12 +835,7 @@ impl Perform<PasswordResetResponse> for Oper<PasswordReset> { // Fetch that email let user: User_ = match User_::find_by_email(&conn, &data.email) { Ok(user) => user, - Err(_e) => { - return Err(APIError::err( - &self.op, - "couldnt_find_that_username_or_email", - ))? - } + Err(_e) => return Err(APIError::err(&self.op, "couldnt_find_that_username_or_email").into()), }; // Generate a random token @@ -828,7 +852,7 @@ impl Perform<PasswordResetResponse> for Oper<PasswordReset> { let html = &format!("<h1>Password Reset Request for {}</h1><br><a href={}/password_change/{}>Click here to reset your password</a>", user.name, hostname, &token); match send_email(subject, user_email, &user.name, html) { Ok(_o) => _o, - Err(_e) => return Err(APIError::err(&self.op, &_e.to_string()))?, + Err(_e) => return Err(APIError::err(&self.op, &_e).into()), }; Ok(PasswordResetResponse { @@ -846,34 +870,14 @@ impl Perform<LoginResponse> for Oper<PasswordChange> { let user_id = PasswordResetRequest::read_from_token(&conn, &data.token)?.user_id; // Make sure passwords match - if &data.password != &data.password_verify { - return Err(APIError::err(&self.op, "passwords_dont_match"))?; + if data.password != data.password_verify { + return Err(APIError::err(&self.op, "passwords_dont_match").into()); } - // Fetch the user - let read_user = User_::read(&conn, user_id)?; - // Update the user with the new password - let user_form = UserForm { - name: read_user.name, - fedi_name: read_user.fedi_name, - email: read_user.email, - avatar: read_user.avatar, - password_encrypted: data.password.to_owned(), - preferred_username: read_user.preferred_username, - updated: Some(naive_now()), - admin: read_user.admin, - banned: read_user.banned, - show_nsfw: read_user.show_nsfw, - theme: read_user.theme, - default_sort_type: read_user.default_sort_type, - default_listing_type: read_user.default_listing_type, - lang: read_user.lang, - }; - - let updated_user = match User_::update_password(&conn, user_id, &user_form) { + let updated_user = match User_::update_password(&conn, user_id, &data.password) { Ok(user) => user, - Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user"))?, + Err(_e) => return Err(APIError::err(&self.op, "couldnt_update_user").into()), }; // Return the jwt |