chore: tidying up the codebase

Author: Utilitycoder

src/routes/admin/dashboard.rs

@@ -1,17 +1,11 @@
 use crate::session_state::TypedSession;
+use crate::utils::e500;
 use actix_web::http::header::ContentType;
 use actix_web::{web, HttpResponse};
 use anyhow::Context;
 use sqlx::PgPool;
 use uuid::Uuid;
-
 // Return an opaque 500 while preserving the error's root cause for logging.
-fn e500<T>(e: T) -> actix_web::Error
-where
-    T: std::fmt::Debug + std::fmt::Display + 'static,
-{
-    actix_web::error::ErrorInternalServerError(e)
-}
 
 pub async fn admin_dashboard(
     session: TypedSession,
@@ -29,20 +23,24 @@ pub async fn admin_dashboard(
         .content_type(ContentType::html())
         .body(format!(
             r#"<!DOCTYPE html>
-                <html lang="en">
-                    <head>
-                        <meta http-equiv="content-type" content="text/html; charset=utf-8">
-                        <title>Admin dashboard</title>
-                    </head>
-                        <body>
-                        <p>Welcome {username}!</p>
-                    </body>
-                </html>"#
+            <html lang="en">
+            <head>
+            <meta http-equiv="content-type" content="text/html; charset=utf-8">
+            <title>Admin dashboard</title>
+            </head>
+            <body>
+            <p>Welcome {username}!</p>
+            <p>Available actions:</p>
+            <ol>
+            <li><a href="/admin/password">Change password</a></li>
+            </ol>
+            </body>
+            </html>"#,
         )))
 }
 
 #[tracing::instrument(name = "Get username", skip(pool))]
-async fn get_username(user_id: Uuid, pool: &PgPool) -> Result<String, anyhow::Error> {
+pub async fn get_username(user_id: Uuid, pool: &PgPool) -> Result<String, anyhow::Error> {
     let row = sqlx::query!(
         r#"
     SELECT username

src/routes/admin/password/get.rs

@@ -1,17 +1,34 @@
-use actix_web::http::header::ContentType;
-use actix_web::HttpResponse;
 use crate::session_state::TypedSession;
 use crate::utils::{e500, see_other};
+use actix_web::http::header::ContentType;
+use actix_web::HttpResponse;
+use actix_web_flash_messages::IncomingFlashMessages;
+use std::fmt::Write;
+
+pub async fn change_password_form(
+    session: TypedSession,
+    flash_message: IncomingFlashMessages,
+) -> Result<HttpResponse, actix_web::Error> {
+    if session.get_user_id().map_err(e500)?.is_none() {
+        return Ok(see_other("/login"));
+    };
+
+    let mut msg_html = String::new();
+    for m in flash_message.iter() {
+        writeln!(msg_html, "<p><i>{}</i></p>", m.content()).unwrap();
+    }
 
-pub async fn change_password_form() -> Result<HttpResponse, actix_web::Error> {
-    Ok(HttpResponse::Ok().content_type(ContentType::html()).body(
-        r#"<!DOCTYPE html>
+    Ok(HttpResponse::Ok()
+        .content_type(ContentType::html())
+        .body(format!(
+            r#"<!DOCTYPE html>
             <html lang="en">
                 <head>
                     <meta http-equiv="content-type" content="text/html; charset=utf-8">
                     <title>Change Password</title>
                 </head>
                 <body>
+                    {msg_html}
                     <form action="/admin/password" method="post">
                         <label>Current password
                         <input
@@ -42,5 +59,5 @@ pub async fn change_password_form() -> Result<HttpResponse, actix_web::Error> {
                     <p><a href="/admin/dashboard">&lt;- Back</a></p>
                 </body>
             </html>"#,
-    ))
+        )))
 }

src/routes/admin/password/post.rs

@@ -1,11 +1,53 @@
+use crate::authentication::{validate_credentials, AuthError, Credentials};
+use crate::routes::admin::dashboard::get_username;
+use crate::session_state::TypedSession;
+use crate::utils::{e500, see_other};
 use actix_web::{web, HttpResponse};
-use secrecy::Secret;
+use actix_web_flash_messages::FlashMessage;
+use secrecy::{ExposeSecret, Secret};
+use sqlx::PgPool;
+
 #[derive(serde::Deserialize)]
 pub struct FormData {
     current_password: Secret<String>,
     new_password: Secret<String>,
     new_password_check: Secret<String>,
 }
-pub async fn change_password(form: web::Form<FormData>) -> Result<HttpResponse, actix_web::Error> {
+pub async fn change_password(
+    form: web::Form<FormData>,
+    session: TypedSession,
+    pool: web::Data<PgPool>,
+) -> Result<HttpResponse, actix_web::Error> {
+    let user_id = session.get_user_id().map_err(e500)?;
+    if user_id.is_none() {
+        return Ok(see_other("/login"));
+    };
+
+    let user_id = user_id.unwrap();
+
+    if form.new_password.expose_secret() != form.new_password_check.expose_secret() {
+        FlashMessage::error(
+            "You entered two different new passwords - the field values must match.",
+        )
+        .send();
+        return Ok(see_other("/admin/password"));
+    };
+
+    let username = get_username(user_id, &pool).await.map_err(e500)?;
+
+    let credentials = Credentials {
+        username,
+        password: form.0.current_password,
+    };
+    if let Err(e) = validate_credentials(credentials, &pool).await {
+        return match e {
+            AuthError::InvalidCredentials(_) => {
+                FlashMessage::error("The current password is incorrect.").send();
+                Ok(see_other("/admin/password"))
+            }
+            AuthError::UnexpectedError(_) => Err(e500(e)),
+        };
+    };
+
     todo!()
 }

tests/api/change_password.rs

@@ -27,3 +27,59 @@ async fn you_must_be_logged_in_to_change_your_password() {
     // Assert
     assert_is_redirected_to("/login", &response);
 }
+
+#[tokio::test]
+async fn new_password_fields_must_match() {
+    // Arrange
+    let app = spawn_app().await;
+    let new_password = Uuid::new_v4().to_string();
+    let another_new_password = Uuid::new_v4().to_string();
+    // Act - Part 1 - Login
+    app.post_login(&serde_json::json!({
+        "username": &app.test_user.username,
+        "password": &app.test_user.password
+    }))
+    .await;
+    // Act - Part 2 - Try to change password
+    let response = app
+        .post_change_password(&serde_json::json!({
+            "current_password": &app.test_user.password,
+            "new_password": &new_password,
+            "new_password_check": &another_new_password,
+        }))
+        .await;
+    assert_is_redirected_to("/admin/password", &response);
+    // Act - Part 3 - Follow the redirect
+    let html_page = app.get_change_password_html().await;
+    assert!(html_page.contains(
+        "<p><i>You entered two different new passwords - \
+            the field values must match.</i></p>"
+    ));
+}
+
+#[tokio::test]
+async fn current_password_must_be_valid() {
+    // Arrange
+    let app = spawn_app().await;
+    let new_password = Uuid::new_v4().to_string();
+    let wrong_password = Uuid::new_v4().to_string();
+    // Act - Part 1 - Login
+    app.post_login(&serde_json::json!({
+        "username": &app.test_user.username,
+        "password": &app.test_user.password
+    }))
+    .await;
+    // Act - Part 2 - Try to change password
+    let response = app
+        .post_change_password(&serde_json::json!({
+            "current_password": &wrong_password,
+            "new_password": &new_password,
+            "new_password_check": &new_password,
+        }))
+        .await;
+    // Assert
+    assert_is_redirected_to("/admin/password", &response);
+    // Act - Part 3 - Follow the redirect
+    let html_page = app.get_change_password_html().await;
+    assert!(html_page.contains("<p><i>The current password is incorrect.</i></p>"));
+}

tests/api/helpers.rs

@@ -120,6 +120,15 @@ impl TestApp {
             .await
             .expect("Failed to execute request.")
     }
+
+    pub async fn get_change_password_html(&self) -> String {
+        self.get_change_password()
+            .await
+            .text()
+            .await
+            .expect("Failed to get response text.")
+    }
+
     pub async fn post_change_password<Body>(&self, body: &Body) -> reqwest::Response
     where
         Body: serde::Serialize,