franklinblanco
/
user-lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

User-lib v1

This commit is contained in:
Franklin 2023-09-23 18:39:41 -04:00
parent 890e32de43
commit db2d92b364
8 changed files with 182 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.idea/inspectionProfiles/Project_Default.xml
View File

@ -1,6 +1,11 @@
<component name="InspectionProjectProfileManager"> <component name="InspectionProjectProfileManager">
<profile version="1.0"> <profile version="1.0">
<option name="myName" value="Project Default" /> <option name="myName" value="Project Default" />
<inspection_tool class="DuplicatedCode" enabled="true" level="WEAK WARNING" enabled_by_default="true">
<Languages>
<language minSize="83" name="Rust" />
</Languages>
</inspection_tool>
<inspection_tool class="SqlDialectInspection" enabled="false" level="WARNING" enabled_by_default="false" /> <inspection_tool class="SqlDialectInspection" enabled="false" level="WARNING" enabled_by_default="false" />
<inspection_tool class="SqlNoDataSourceInspection" enabled="false" level="WARNING" enabled_by_default="false" /> <inspection_tool class="SqlNoDataSourceInspection" enabled="false" level="WARNING" enabled_by_default="false" />
</profile> </profile>

2
src/dao/credential.rs
View File

@ -1,7 +1,7 @@
use crate::domain::credential::Credential; use crate::domain::credential::Credential;
use crate::dto::credential::CredentialDto; use crate::dto::credential::CredentialDto;
use chrono::Utc; use chrono::Utc;
use sqlx::{Error, PgConnection, PgPool}; use sqlx::{Error, PgConnection};
pub(crate) async fn insert_credential( pub(crate) async fn insert_credential(
conn: &mut PgConnection, conn: &mut PgConnection,

7
src/dao/token.rs
View File

@ -1,6 +1,6 @@
use crate::domain::token::Token; use crate::domain::token::Token;
use chrono::Utc; use chrono::Utc;
use sqlx::{Error, PgConnection, PgPool}; use sqlx::{Error, PgConnection};
pub(crate) async fn insert_token(conn: &mut PgConnection, token: Token) -> Result<Token, Error> { pub(crate) async fn insert_token(conn: &mut PgConnection, token: Token) -> Result<Token, Error> {
sqlx::query_as(r#"INSERT INTO token ( sqlx::query_as(r#"INSERT INTO token (
@ -11,16 +11,14 @@ pub(crate) async fn insert_token(conn: &mut PgConnection, token: Token) -> Resul
pub(crate) async fn update_token( pub(crate) async fn update_token(
conn: &mut PgConnection, conn: &mut PgConnection,
token_id: &i32,
refresh_token: String, refresh_token: String,
new_auth_token: String, new_auth_token: String,
) -> Result<Token, Error> { ) -> Result<Token, Error> {
sqlx::query_as( sqlx::query_as(
r#"UPDATE token set r#"UPDATE token set
auth_token = $3, last_updated = $4 auth_token = $3, last_updated = $4
WHERE id = $1 AND refresh_token = $2 RETURNING *;"#, WHERE refresh_token = $1 RETURNING *;"#,
) )
.bind(token_id)
.bind(refresh_token) .bind(refresh_token)
.bind(new_auth_token) .bind(new_auth_token)
.bind(Utc::now()) .bind(Utc::now())
@ -28,6 +26,7 @@ pub(crate) async fn update_token(
.await .await
} }
#[allow(unused)]
pub(crate) async fn remove_token(conn: &mut PgConnection, token_id: &i32) -> Result<Option<Token>, Error> { pub(crate) async fn remove_token(conn: &mut PgConnection, token_id: &i32) -> Result<Option<Token>, Error> {
sqlx::query_as(r#"DELETE FROM token WHERE id = $1 RETURNING *;"#) sqlx::query_as(r#"DELETE FROM token WHERE id = $1 RETURNING *;"#)
.bind(token_id) .bind(token_id)

1
src/dao/user.rs
View File

@ -44,6 +44,7 @@ pub(crate) async fn update_user(conn: &mut PgConnection, user: User) -> Result<U
.await .await
} }
#[allow(unused)]
pub(crate) async fn delete_user(conn: &mut PgConnection, user_id: &i32) -> Result<Option<User>, sqlx::Error> { pub(crate) async fn delete_user(conn: &mut PgConnection, user_id: &i32) -> Result<Option<User>, sqlx::Error> {
sqlx::query_as( sqlx::query_as(
r#" r#"

2
src/domain/credential.rs
View File

@ -1,5 +1,5 @@
use crate::resources::variable_lengths::{ use crate::resources::variable_lengths::{
MAX_EMAIL_LENGTH, MAX_NAME_LENGTH, MAX_PHONE_NUMBER_LENGTH, MAX_USERNAME_LENGTH, MAX_EMAIL_LENGTH, MAX_PHONE_NUMBER_LENGTH, MAX_USERNAME_LENGTH,
MIN_EMAIL_LENGTH, MIN_PHONE_NUMBER_LENGTH, MIN_USERNAME_LENGTH, MIN_EMAIL_LENGTH, MIN_PHONE_NUMBER_LENGTH, MIN_USERNAME_LENGTH,
}; };
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};

8
src/dto/users.rs
View File

@ -18,3 +18,11 @@ pub struct UserRegisterPayload {
pub password: String, pub password: String,
pub name: String, pub name: String,
} }
#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq, Eq, PartialOrd, Ord)]
#[serde(rename_all = "camelCase")]
pub struct UserResetPasswordPayload {
pub id: i32,
pub password: String,
pub new_password: String,
}

172
src/service/user.rs
View File

@ -1,20 +1,21 @@
use std::future::Future;
use chrono::Utc; use chrono::Utc;
use log::{debug, error}; use log::{debug, error};
use sqlx::{PgConnection, Postgres, Transaction}; use sqlx::{Error, PgConnection, Postgres, Transaction};
use crate::dao::credential::{fetch_user_credentials, get_credential, insert_credential}; use crate::dao::credential::{fetch_user_credentials, get_credential, insert_credential};
use crate::dao::token::{insert_token, validate_user_token}; use crate::dao::token::{insert_token, update_token, validate_user_token};
use crate::dao::user::{get_user_with_id, insert_user}; use crate::dao::user::{get_user_with_id, insert_user, update_user};
use crate::domain::credential::Credential; use crate::domain::credential::Credential;
use crate::domain::token::Token; use crate::domain::token::Token;
use crate::domain::user::User; use crate::domain::user::User;
use crate::dto::token::AuthenticateUserDto; use crate::dto::token::{AuthenticateUserDto, RefreshAuthTokenForUserDto};
use crate::dto::users::{UserLoginPayload, UserRegisterPayload}; use crate::dto::users::{UserLoginPayload, UserRegisterPayload, UserResetPasswordPayload};
use crate::resources::error_messages::{ERROR_CREDENTIAL_DOES_NOT_EXIST, ERROR_EXPIRED_TOKEN, ERROR_INCORRECT_TOKEN, ERROR_TOKEN_NOT_CREATED, ERROR_TOO_MANY_CREDENTIALS, ERROR_USER_ALREADY_EXISTS, ERROR_USER_DOES_NOT_EXIST, ErrorResource}; use crate::resources::error_messages::{ERROR_CREDENTIAL_DOES_NOT_EXIST, ERROR_EXPIRED_TOKEN, ERROR_INCORRECT_TOKEN, ERROR_PASSWORD_INCORRECT, ERROR_TOKEN_NOT_CREATED, ERROR_TOO_MANY_CREDENTIALS, ERROR_USER_ALREADY_EXISTS, ERROR_USER_DOES_NOT_EXIST, ErrorResource};
use crate::resources::expirations::AUTH_TOKEN_EXPIRATION_TIME_MILLIS; use crate::resources::expirations::AUTH_TOKEN_EXPIRATION_TIME_MILLIS;
use crate::utils::hasher::{generate_multiple_random_token_with_rng, hash_password, hash_password_with_existing_salt}; use crate::utils::hasher::{generate_multiple_random_token_with_rng, hash_password, hash_password_with_existing_salt};
use crate::validation::user_validator::validate_user_for_creation; use crate::validation::user_validator::validate_user_for_creation;
pub async fn register_user<'a>(transaction: &mut Transaction<'a, Postgres>, user: UserRegisterPayload) -> Result<Token, Vec<ErrorResource<'a>>> { pub async fn register_user<'a>(transaction: &mut PgConnection, user: UserRegisterPayload) -> Result<Token, Vec<ErrorResource<'a>>> {
let mut error_resources: Vec<ErrorResource> = Vec::new(); let mut error_resources: Vec<ErrorResource> = Vec::new();
// Validate user // Validate user
validate_user_for_creation(&user, &mut error_resources); validate_user_for_creation(&user, &mut error_resources);
@ -135,19 +136,100 @@ pub async fn authenticate_user<'a>(conn: &mut PgConnection, user: AuthenticateUs
} }
/// ///
pub async fn refresh_auth_token() {} pub async fn refresh_auth_token<'a>(conn: &mut PgConnection, user: RefreshAuthTokenForUserDto) -> Result<Token, Vec<ErrorResource>> {
let mut error_resources = Vec::new();
let persisted_user = match get_user_with_id(conn, &user.id).await {
Ok(persisted_user_opt) => match persisted_user_opt {
None => {
error_resources.push(ERROR_USER_DOES_NOT_EXIST);
return Err(error_resources);
},
Some(persisted_user) => persisted_user
},
Err(error) => {
error!("{:?}", error);
error_resources.push(("ERROR.DATABASE_ERROR", ""));
return Err(error_resources);
}
};
/// let mut tokens: Vec<String> = match generate_multiple_random_token_with_rng(2).await {
pub async fn reset_password() {} Ok(tokens) => tokens,
Err(e) => {
error!("{}", e);
error_resources.push(("ERROR.JOIN_ERROR", ""));
return Err(error_resources);
}
};
if tokens.len() > 0 {
let new_auth_token = tokens.remove(0);
return match update_token(conn, user.refresh_token, new_auth_token).await {
Ok(persisted_token) => Ok(persisted_token),
Err(e) => {
error!("{:?}", e);
error_resources.push(("ERROR.DATABASE_ERROR", ""));
Err(error_resources)
}
}
}
Err(error_resources)
}
/// reset a user's password by validating the user's own password.
pub async fn reset_password(conn: &mut PgConnection, user: UserResetPasswordPayload) -> Result<User, Vec<ErrorResource>>{
let mut error_resources: Vec<ErrorResource> = Vec::new();
let password_matches = match validate_user_password(conn, &user.id, user.password).await {
Ok(matches) => matches,
Err(e) => {
error!("{:?}", e);
error_resources.push(e);
return Err(error_resources);
}
};
if let Some(persisted_user) = password_matches { // Change pass
match change_password(conn, persisted_user, &user.new_password).await {
Ok(user_changed) => Ok(user_changed),
Err(e) => {
error!("{:?}", e);
error_resources.push(e);
Err(error_resources)
}
}
} else {
error_resources.push(ERROR_PASSWORD_INCORRECT);
Err(error_resources)
}
}
/// ## This resets a user's password without any validations! /// ## This resets a user's password without any validations!
/// Don't expose this to any public endpoint!! /// Don't expose this to any public endpoint!!
pub async fn force_reset_password() {} pub async fn force_reset_password<'a>(conn: &mut PgConnection, user_id: &i32, new_password: String) -> Result<User, ErrorResource<'a>> {
let persisted_user = match get_user_with_id(conn, user_id).await {
Ok(persisted_user_opt) => match persisted_user_opt {
None => {
error!("Serious error. User doesn't exist but credentials pointing to the user do.");
return Err(("ERROR.DATABASE_ERROR", "Critical. User doesn't exist but credentials pointing to the user do."));
},
Some(persisted_user) => {
persisted_user
}
},
Err(e) => {
error!("{}", e);
return Err(("ERROR.DATABASE_ERROR", ""));
}
};
Ok(change_password(conn, persisted_user, &new_password).await?)
}
/// ///
pub async fn password_login<'a>(transaction: &mut Transaction<'a, Postgres>, user: UserLoginPayload) -> Result<Token, Vec<ErrorResource<'a>>>{ pub async fn password_login<'a>(conn: &mut Transaction<'a, Postgres>, user: UserLoginPayload) -> Result<Token, Vec<ErrorResource<'a>>>{
let mut error_resources = Vec::new(); let mut error_resources = Vec::new();
let persisted_user_credential = match get_credential(transaction, user.credential).await { let persisted_user_credential = match get_credential(conn, user.credential).await {
Ok(credential_opt) => match credential_opt { Ok(credential_opt) => match credential_opt {
None => { None => {
error!("Credential not found for password login."); error!("Credential not found for password login.");
@ -162,25 +244,16 @@ pub async fn password_login<'a>(transaction: &mut Transaction<'a, Postgres>, use
return Err(error_resources); return Err(error_resources);
} }
}; };
let persisted_user = match get_user_with_id(transaction, &persisted_user_credential.user_id).await { let persisted_user_opt = match validate_user_password(conn, &persisted_user_credential.user_id, user.password).await {
Ok(persisted_user_opt) => match persisted_user_opt { Ok(matches) => matches,
None => {
error!("Serious error. User doesn't exist but credentials pointing to the user do.");
error_resources.push(("ERROR.DATABASE_ERROR", "Critical. User doesn't exist but credentials pointing to the user do."));
return Err(error_resources);
},
Some(persisted_user) => {
persisted_user
}
},
Err(e) => { Err(e) => {
error!("{}", e); error!("{:?}", e);
error_resources.push(("ERROR.DATABASE_ERROR", "")); error_resources.push(e);
return Err(error_resources);} return Err(error_resources);
}
}; };
let hashed_password = hash_password_with_existing_salt(&user.password, &persisted_user.salt); if let Some(_) = persisted_user_opt {
if hashed_password.hash == persisted_user.password { return if let Some(persisted_token) = create_token_for_user(conn, persisted_user_credential.user_id, &mut error_resources).await {
return if let Some(persisted_token) = create_token_for_user(transaction, persisted_user.id, &mut error_resources).await {
Ok(persisted_token) Ok(persisted_token)
} else { } else {
Err(error_resources) Err(error_resources)
@ -204,7 +277,7 @@ pub async fn get_user_credentials<'a>(transaction: &mut Transaction<'a, Postgres
} }
} }
async fn create_token_for_user<'a>(transaction: &mut Transaction<'a, Postgres>, user_id: i32, error_resources: &mut Vec<ErrorResource<'a>>) -> Option<Token> { async fn create_token_for_user<'a>(transaction: &mut PgConnection, user_id: i32, error_resources: &mut Vec<ErrorResource<'a>>) -> Option<Token> {
// Create token and send it back. // Create token and send it back.
let tokens: Vec<String> = match generate_multiple_random_token_with_rng(2).await { let tokens: Vec<String> = match generate_multiple_random_token_with_rng(2).await {
Ok(tokens) => tokens, Ok(tokens) => tokens,
@ -250,3 +323,40 @@ async fn create_token_for_user<'a>(transaction: &mut Transaction<'a, Postgres>,
} }
} }
} }
async fn validate_user_password<'a>(conn: &mut PgConnection, user_id: &i32, password: String) -> Result<Option<User>, ErrorResource<'a>> {
let persisted_user = match get_user_with_id(conn, user_id).await {
Ok(persisted_user_opt) => match persisted_user_opt {
None => {
error!("Serious error. User doesn't exist but credentials pointing to the user do.");
return Err(("ERROR.DATABASE_ERROR", "Critical. User doesn't exist but credentials pointing to the user do."));
},
Some(persisted_user) => {
persisted_user
}
},
Err(e) => {
error!("{}", e);
return Err(("ERROR.DATABASE_ERROR", ""));
}
};
let hashed_password = hash_password_with_existing_salt(&password, &persisted_user.salt);
if hashed_password.hash == persisted_user.password {
Ok(Some(persisted_user))
} else {
Ok(None)
}
}
async fn change_password<'a>(conn: &mut PgConnection, mut persisted_user: User, new_password: &String) -> Result<User, ErrorResource<'a>> {
let hash_result = hash_password(&new_password);
persisted_user.password = hash_result.hash;
persisted_user.salt = hash_result.salt;
match update_user(conn, persisted_user).await {
Ok(user) => Ok(user),
Err(error) => {
error!("{}", error);
return Err(("ERROR.DATABASE_ERROR", ""));
}
}
}

56
src/validation/user_validator.rs
View File

@ -38,23 +38,7 @@ pub(crate) fn validate_user_for_creation(
error_resources: &mut Vec<ErrorResource>, error_resources: &mut Vec<ErrorResource>,
) { ) {
for credential_dto in user.credentials.iter() { for credential_dto in user.credentials.iter() {
match credential_dto.credential_type { validate_credential(error_resources, &credential_dto.credential, &credential_dto.credential_type);
CredentialType::Email => {
if !validate_user_email(&credential_dto.credential) {
error_resources.push(ERROR_INVALID_EMAIL);
}
}
CredentialType::PhoneNumber => {
if !validate_user_phone_number(&credential_dto.credential) {
error_resources.push(ERROR_INVALID_PHONE_NUMBER);
}
}
CredentialType::Username => {
if !validate_user_username(&credential_dto.credential) {
error_resources.push(ERROR_INVALID_USERNAME);
}
}
};
} }
if !validate_user_name(&user.name) { if !validate_user_name(&user.name) {
@ -68,24 +52,28 @@ pub(crate) fn validate_user_for_password_authentication(
user: &UserLoginPayload, user: &UserLoginPayload,
error_resources: &mut Vec<ErrorResource>, error_resources: &mut Vec<ErrorResource>,
) { ) {
match user.credential_type { validate_credential(error_resources, &user.credential, &user.credential_type);
CredentialType::Email => {
if !validate_user_email(&user.credential) {
error_resources.push(ERROR_INVALID_EMAIL);
}
}
CredentialType::PhoneNumber => {
if !validate_user_phone_number(&user.credential) {
error_resources.push(ERROR_INVALID_PHONE_NUMBER);
}
}
CredentialType::Username => {
if !validate_user_username(&user.credential) {
error_resources.push(ERROR_INVALID_USERNAME);
}
}
}
if !validate_user_password(&user.password) { if !validate_user_password(&user.password) {
error_resources.push(ERROR_INVALID_PASSWORD); error_resources.push(ERROR_INVALID_PASSWORD);
} }
} }
fn validate_credential(error_resources: &mut Vec<ErrorResource>, credential: &String, credential_type: &CredentialType) {
match credential_type {
CredentialType::Email => {
if !validate_user_email(credential) {
error_resources.push(ERROR_INVALID_EMAIL);
}
}
CredentialType::PhoneNumber => {
if !validate_user_phone_number(credential) {
error_resources.push(ERROR_INVALID_PHONE_NUMBER);
}
}
CredentialType::Username => {
if !validate_user_username(credential) {
error_resources.push(ERROR_INVALID_USERNAME);
}
}
}
}