chore: Added change_admin_passowrd page and logic

Author: Utilitycoder

Cargo.toml

@@ -18,7 +18,8 @@ actix-web-flash-messages = { version = "0.3", features = ["cookies"] }
 actix-session = { version = "0.7", features = ["redis-rs-tls-session"] }
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 serde = {version = "1.0.163", features = ["derive"]}
-serde-aux = "4.2.0" 
+serde-aux = "4.2.0"
+serde_json = "1" 
 config = {version = "0.13", default-features = false, features = ["yaml"] }
 uuid = { version = "1.3.3", features = ["v4", "serde"] }
 chrono = "0.4.15"

migrations/20230710064356_seed_user.sql

@@ -0,0 +1,7 @@
+-- Add migration script here
+INSERT INTO users (user_id, username, password_hash)
+VALUES (
+    'ddf8994f-d522-4659-8d02-c1d479057be6',
+    'admin',
+    '$argon2id$v=19$m=4096,t=3,p=1$mCtoUCDJnzgrD9XuG60AIA$inM+EWltZekuCtI2QI4o5FdJxR9wZS6Nos4xic8fY4M'
+);

src/lib.rs

@@ -3,6 +3,7 @@ pub mod configuration;
 pub mod domain;
 pub mod email_client;
 pub mod routes;
+pub mod session_state;
 pub mod startup;
 pub mod telemetry;
 pub mod utils;

src/routes/admin/dashboard.rs

@@ -1,4 +1,4 @@
-use actix_session::Session;
+use crate::session_state::TypedSession;
 use actix_web::http::header::ContentType;
 use actix_web::{web, HttpResponse};
 use anyhow::Context;
@@ -14,13 +14,15 @@ where
 }
 
 pub async fn admin_dashboard(
-    session: Session,
+    session: TypedSession,
     pool: web::Data<PgPool>,
 ) -> Result<HttpResponse, actix_web::Error> {
-    let username = if let Some(user_id) = session.get::<Uuid>("user_id").map_err(e500)? {
+    let username = if let Some(user_id) = session.get_user_id().map_err(e500)? {
         get_username(user_id, &pool).await.map_err(e500)?
     } else {
-        todo!()
+        return Ok(HttpResponse::SeeOther()
+            .insert_header(("location", "/login"))
+            .finish());
     };
 
     Ok(HttpResponse::Ok()

src/routes/admin/mod.rs

@@ -1,3 +1,5 @@
 mod dashboard;
+mod password;
 
 pub use dashboard::admin_dashboard;
+pub use password::*;

src/routes/admin/password/get.rs

@@ -0,0 +1,46 @@
+use actix_web::http::header::ContentType;
+use actix_web::HttpResponse;
+use crate::session_state::TypedSession;
+use crate::utils::{e500, see_other};
+
+pub async fn change_password_form() -> Result<HttpResponse, actix_web::Error> {
+    Ok(HttpResponse::Ok().content_type(ContentType::html()).body(
+        r#"<!DOCTYPE html>
+            <html lang="en">
+                <head>
+                    <meta http-equiv="content-type" content="text/html; charset=utf-8">
+                    <title>Change Password</title>
+                </head>
+                <body>
+                    <form action="/admin/password" method="post">
+                        <label>Current password
+                        <input
+                        type="password"
+                        placeholder="Enter current password"
+                        name="current_password"
+                        >
+                        </label>
+                        <br>
+                        <label>New password
+                        <input
+                        type="password"
+                        placeholder="Enter new password"
+                        name="new_password"
+                        >
+                        </label>
+                        <br>
+                        <label>Confirm new password
+                        <input
+                        type="password"
+                        placeholder="Type the new password again"
+                        name="new_password_check"
+                        >
+                        </label>
+                        <br>
+                        <button type="submit">Change password</button>
+                    </form>
+                    <p><a href="/admin/dashboard">&lt;- Back</a></p>
+                </body>
+            </html>"#,
+    ))
+}

src/routes/admin/password/mod.rs

@@ -0,0 +1,5 @@
+mod get;
+mod post;
+
+pub use get::change_password_form;
+pub use post::change_password;

src/routes/admin/password/post.rs

@@ -0,0 +1,11 @@
+use actix_web::{web, HttpResponse};
+use secrecy::Secret;
+#[derive(serde::Deserialize)]
+pub struct FormData {
+    current_password: Secret<String>,
+    new_password: Secret<String>,
+    new_password_check: Secret<String>,
+}
+pub async fn change_password(form: web::Form<FormData>) -> Result<HttpResponse, actix_web::Error> {
+    todo!()
+}

src/routes/login/post.rs

@@ -1,7 +1,7 @@
 use crate::authentication::AuthError;
 use crate::authentication::{validate_credentials, Credentials};
 use crate::routes::error_chain_fmt;
-use actix_session::Session;
+use crate::session_state::TypedSession;
 use actix_web::error::InternalError;
 use actix_web::http::header::LOCATION;
 use actix_web::web;
@@ -24,7 +24,7 @@ pub struct FormData {
 pub async fn login(
     form: web::Form<FormData>,
     pool: web::Data<PgPool>,
-    session: Session,
+    session: TypedSession,
 ) -> Result<HttpResponse, InternalError<LoginError>> {
     let credentials = Credentials {
         username: form.0.username,
@@ -35,8 +35,9 @@ pub async fn login(
         Ok(user_id) => {
             tracing::Span::current().record("user_id", &tracing::field::display(&user_id));
 
+            session.renew();
             session
-                .insert("user_id", user_id)
+                .insert_user_id(user_id)
                 .map_err(|e| login_redirect(LoginError::UnexpectedError(e.into())))?;
 
             Ok(HttpResponse::SeeOther()

src/session_state.rs

@@ -0,0 +1,41 @@
+use actix_session::{Session, SessionExt, SessionGetError, SessionInsertError};
+use actix_web::dev::Payload;
+use actix_web::{FromRequest, HttpRequest};
+use std::future::{ready, Ready};
+use uuid::Uuid;
+pub struct TypedSession(Session);
+
+impl TypedSession {
+    const USER_ID_KEY: &'static str = "user_id";
+
+    pub fn renew(&self) {
+        self.0.renew();
+    }
+
+    pub fn insert_user_id(&self, user_id: Uuid) -> Result<(), SessionInsertError> {
+        self.0.insert(Self::USER_ID_KEY, user_id)
+    }
+
+    pub fn get_user_id(&self) -> Result<Option<Uuid>, SessionGetError> {
+        self.0.get(Self::USER_ID_KEY)
+    }
+}
+
+impl FromRequest for TypedSession {
+    // This is a complicated way of saying
+    // "We return the same error returned by the
+    // implementation of `FromRequest` for `Session`".
+    type Error = <Session as FromRequest>::Error;
+    // Rust does not yet support the `async` syntax in traits.
+    // From request expects a `Future` as return type to allow for extractors
+    // that need to perform asynchronous operations (e.g. a HTTP call)
+    // We do not have a `Future`, because we don't perform any I/O,
+    // so we wrap `TypedSession` into `Ready` to convert it into a `Future` that
+    // resolves to the wrapped value the first time it's polled by the executor.
+    type Future = Ready<Result<TypedSession, Self::Error>>;
+
+    // The `from_request` method is called by actix-web to convert the incoming request into a `TypedSession`.
+    fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
+        ready(Ok(TypedSession(req.get_session())))
+    }
+}