Mirroristas/mCaptcha
2
0
Fork 0
mirror of https://github.com/mCaptcha/mCaptcha.git synced 2025-11-24 06:25:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: associate challenges with usernames

Browse Source
This commit is contained in:
Aravinth Manivannan 2023-06-17 16:13:48 +05:30
parent e7b01a5b06
commit 6f029d2945
No known key found for this signature in database
GPG Key ID: AD9F0F08E855ED88
10 changed files with 193 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
db/db-core/src/lib.rs
View File

@ -136,6 +136,15 @@ impl FromStr for ChallengeReason {
} }
} }
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
/// Minimal user representation for use in challenge verification
pub struct ChallengeUser {
/// username of the user
pub username: String,
/// email ID of the user
pub email: String,
}
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)] #[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
/// Email challenge /// Email challenge
pub struct Challenge { pub struct Challenge {
@ -313,10 +322,14 @@ pub trait MCDatabase: std::marker::Send + std::marker::Sync + CloneSPDatabase {
async fn fetch_confirm(&self, user: &str, key: &str) -> DBResult<Vec<i64>>; async fn fetch_confirm(&self, user: &str, key: &str) -> DBResult<Vec<i64>>;
/// Record challenge in database /// Record challenge in database
async fn new_challenge(&self, challenge: &mut Challenge) -> DBResult<()>; async fn new_challenge(&self, user: &str, challenge: &mut Challenge)
-> DBResult<()>;
/// Record challenge in database /// Record challenge in database
async fn fetch_challenge(&self, challenge: &Challenge) -> DBResult<Challenge>; async fn fetch_challenge_user(
&self,
challenge: &Challenge,
) -> DBResult<ChallengeUser>;
/// Delete a challenge from database /// Delete a challenge from database
async fn delete_challenge(&self, challenge: &Challenge) -> DBResult<()>; async fn delete_challenge(&self, challenge: &Challenge) -> DBResult<()>;

14
db/db-core/src/tests.rs
View File

@ -295,15 +295,13 @@ pub async fn database_works<'a, T: MCDatabase>(
// delete captcha; updated key = p.username so invoke delete with it // delete captcha; updated key = p.username so invoke delete with it
db.delete_captcha(p.username, p.username).await.unwrap(); db.delete_captcha(p.username, p.username).await.unwrap();
assert!(!db.captcha_exists(Some(p.username), c.key).await.unwrap()); assert!(!db.captcha_exists(Some(p.username), c.key).await.unwrap());
}
/// test all challenge routines
pub async fn challenges_works<'a, T: MCDatabase>(db: &T) {
let mut challenge = Challenge::new(ChallengeReason::PasswordReset); let mut challenge = Challenge::new(ChallengeReason::PasswordReset);
db.new_challenge(&mut challenge).await.unwrap(); db.new_challenge(p.username, &mut challenge).await.unwrap();
db.new_challenge(&mut challenge).await.unwrap(); db.new_challenge(p.username, &mut challenge).await.unwrap();
let c = db.fetch_challenge(&challenge).await.unwrap(); let c = db.fetch_challenge_user(&challenge).await.unwrap();
assert_eq!(c, challenge); assert_eq!(c.username, p.username);
assert_eq!(&c.email, p.email.as_ref().unwrap());
db.delete_challenge(&challenge).await.unwrap(); db.delete_challenge(&challenge).await.unwrap();
assert!(db.fetch_challenge(&challenge).await.is_err()) assert!(db.fetch_challenge_user(&challenge).await.is_err())
} }

7
db/db-sqlx-maria/migrations/20230610113728_mcaptcha_challenge.sql
View File

@ -10,6 +10,13 @@ CREATE TABLE IF NOT EXISTS mcaptcha_challenge (
reason INT NOT NULL, reason INT NOT NULL,
challenge_id varchar(40) NOT NULL UNIQUE, challenge_id varchar(40) NOT NULL UNIQUE,
received timestamp NOT NULL DEFAULT now(), received timestamp NOT NULL DEFAULT now(),
user_id INT NOT NULL,
CONSTRAINT `fk_mcaptcha_challenge_user`
FOREIGN KEY (user_id)
REFERENCES mcaptcha_users (ID)
ON DELETE CASCADE
ON UPDATE CASCADE,
CONSTRAINT `fk_mcaptcha_mcaptcha_challenge_reason` CONSTRAINT `fk_mcaptcha_mcaptcha_challenge_reason`
FOREIGN KEY (reason) FOREIGN KEY (reason)

83
db/db-sqlx-maria/sqlx-data.json
View File

@ -10,6 +10,44 @@
}, },
"query": "INSERT IGNORE INTO\n mcaptcha_challenge_reason (name)\n VALUES (?)" "query": "INSERT IGNORE INTO\n mcaptcha_challenge_reason (name)\n VALUES (?)"
}, },
"12a7d765fb683c8134d032563f2d101e2fd70c261e71696e7a90387507e0ef43": {
"describe": {
"columns": [
{
"name": "name",
"ordinal": 0,
"type_info": {
"char_set": 224,
"flags": {
"bits": 4101
},
"max_size": 400,
"type": "VarString"
}
},
{
"name": "email",
"ordinal": 1,
"type_info": {
"char_set": 224,
"flags": {
"bits": 4
},
"max_size": 400,
"type": "VarString"
}
}
],
"nullable": [
false,
true
],
"parameters": {
"Right": 2
}
},
"query": "SELECT name, email\n FROM mcaptcha_users\n WHERE ID = (SELECT user_id \n FROM mcaptcha_challenge\n WHERE\n challenge_id = ?\n AND reason = (\n SELECT id FROM mcaptcha_challenge_reason WHERE name = ?\n )\n );"
},
"1367dceb151a766a901b5dd771d0b75d0bc61d2fef17a94a90c8ffa0065e2c44": { "1367dceb151a766a901b5dd771d0b75d0bc61d2fef17a94a90c8ffa0065e2c44": {
"describe": { "describe": {
"columns": [ "columns": [
@ -209,16 +247,6 @@
}, },
"query": "UPDATE mcaptcha_users set name = ?\n WHERE name = ?" "query": "UPDATE mcaptcha_users set name = ?\n WHERE name = ?"
}, },
"6a31a6745dc005449f742b516979f195674848222b16c72c48da553a379a4e6f": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Right": 3
}
},
"query": "INSERT INTO mcaptcha_challenge (challenge_id, received, reason)\n VALUES (?, ?, (SELECT id FROM mcaptcha_challenge_reason WHERE name = ?));\n "
},
"6d1b6e5e58ca2ba285cab7b050bbdc43de1f3e46cf7d420bc95c124a1c7c9d1f": { "6d1b6e5e58ca2ba285cab7b050bbdc43de1f3e46cf7d420bc95c124a1c7c9d1f": {
"describe": { "describe": {
"columns": [], "columns": [],
@ -267,6 +295,16 @@
}, },
"query": "SELECT difficulty_factor, visitor_threshold FROM mcaptcha_levels WHERE\n config_id = (\n SELECT config_id FROM mcaptcha_config where captcha_key= (?)\n ) ORDER BY difficulty_factor ASC;" "query": "SELECT difficulty_factor, visitor_threshold FROM mcaptcha_levels WHERE\n config_id = (\n SELECT config_id FROM mcaptcha_config where captcha_key= (?)\n ) ORDER BY difficulty_factor ASC;"
}, },
"740ed2dab8c07c718c1b0e8e4262251bbf2501cdebfc4872fb903f70ec3d0dc8": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Right": 4
}
},
"query": "INSERT INTO mcaptcha_challenge (challenge_id, received, reason, user_id)\n VALUES (?, ?,\n (SELECT id FROM mcaptcha_challenge_reason WHERE name = ?),\n (SELECT id FROM mcaptcha_users WHERE name = ?)\n );\n "
},
"74d68a86f852d3d85957e94ed04e8acd8e6144744f7b13e383ebcb2bcf3360ae": { "74d68a86f852d3d85957e94ed04e8acd8e6144744f7b13e383ebcb2bcf3360ae": {
"describe": { "describe": {
"columns": [], "columns": [],
@ -352,31 +390,6 @@
}, },
"query": "insert into mcaptcha_users \n (name , password, email, secret) values (?, ?, ?, ?)" "query": "insert into mcaptcha_users \n (name , password, email, secret) values (?, ?, ?, ?)"
}, },
"900a1f8c30fed90f8e56f88c4d0a2e81a7ea6af24d90c3a76764ee411b01af73": {
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": {
"char_set": 63,
"flags": {
"bits": 515
},
"max_size": 11,
"type": "Long"
}
}
],
"nullable": [
false
],
"parameters": {
"Right": 2
}
},
"query": "SELECT id\n FROM mcaptcha_challenge\n WHERE\n challenge_id = ?\n AND reason = (SELECT id FROM mcaptcha_challenge_reason WHERE name = ?);"
},
"9c435148ed5655e79dd1e73e3566ce23b7c6d38edcedbb988c95813c5da893ed": { "9c435148ed5655e79dd1e73e3566ce23b7c6d38edcedbb988c95813c5da893ed": {
"describe": { "describe": {
"columns": [ "columns": [

46
db/db-sqlx-maria/src/lib.rs
View File

@ -913,16 +913,24 @@ impl MCDatabase for Database {
} }
/// Record challenge in database /// Record challenge in database
async fn new_challenge(&self, challenge: &mut Challenge) -> DBResult<()> { async fn new_challenge(
&self,
user: &str,
challenge: &mut Challenge,
) -> DBResult<()> {
let now = now_unix_time_stamp(); let now = now_unix_time_stamp();
loop { loop {
let res = sqlx::query!( let res = sqlx::query!(
"INSERT INTO mcaptcha_challenge (challenge_id, received, reason) "INSERT INTO mcaptcha_challenge (challenge_id, received, reason, user_id)
VALUES (?, ?, (SELECT id FROM mcaptcha_challenge_reason WHERE name = ?)); VALUES (?, ?,
(SELECT id FROM mcaptcha_challenge_reason WHERE name = ?),
(SELECT id FROM mcaptcha_users WHERE name = ?)
);
", ",
&challenge.challenge.to_string(), &challenge.challenge.to_string(),
now, now,
challenge.reason.to_str() challenge.reason.to_str(),
user
) )
.execute(&self.pool) .execute(&self.pool)
.await; .await;
@ -943,24 +951,36 @@ impl MCDatabase for Database {
} }
/// Record challenge in database /// Record challenge in database
async fn fetch_challenge(&self, challenge: &Challenge) -> DBResult<Challenge> { async fn fetch_challenge_user(
&self,
challenge: &Challenge,
) -> DBResult<ChallengeUser> {
struct C { struct C {
id: i32, name: String,
email: Option<String>,
} }
sqlx::query_as!( let res = sqlx::query_as!(
C, C,
"SELECT id "SELECT name, email
FROM mcaptcha_challenge FROM mcaptcha_users
WHERE WHERE ID = (SELECT user_id
challenge_id = ? FROM mcaptcha_challenge
AND reason = (SELECT id FROM mcaptcha_challenge_reason WHERE name = ?);", WHERE
challenge_id = ?
AND reason = (
SELECT id FROM mcaptcha_challenge_reason WHERE name = ?
)
);",
&challenge.challenge.to_string(), &challenge.challenge.to_string(),
challenge.reason.to_str(), challenge.reason.to_str(),
) )
.fetch_one(&self.pool) .fetch_one(&self.pool)
.await .await
.map_err(map_register_err)?; .map_err(map_register_err)?;
Ok(challenge.clone()) Ok(ChallengeUser {
username: res.name,
email: res.email.unwrap(),
})
} }
/// Delete a challenge from database /// Delete a challenge from database

1
db/db-sqlx-maria/src/tests.rs
View File

@ -89,5 +89,4 @@ async fn everyting_works() {
description: CAPTCHA_DESCRIPTION, description: CAPTCHA_DESCRIPTION,
}; };
database_works(&db, &p, &c, &LEVELS, &TRAFFIC_PATTERN, &ADD_NOTIFICATION).await; database_works(&db, &p, &c, &LEVELS, &TRAFFIC_PATTERN, &ADD_NOTIFICATION).await;
challenges_works(&db).await;
} }

1
db/db-sqlx-postgres/migrations/20230610105810_mcaptcha_challenge.sql
View File

@ -6,6 +6,7 @@ CREATE TABLE IF NOT EXISTS mcaptcha_challenge_reason (
CREATE TABLE IF NOT EXISTS mcaptcha_challenge ( CREATE TABLE IF NOT EXISTS mcaptcha_challenge (
id SERIAL PRIMARY KEY NOT NULL, id SERIAL PRIMARY KEY NOT NULL,
reason INTEGER NOT NULL references mcaptcha_challenge_reason(ID) ON DELETE CASCADE, reason INTEGER NOT NULL references mcaptcha_challenge_reason(ID) ON DELETE CASCADE,
user_id INTEGER NOT NULL references mcaptcha_users(ID) ON DELETE CASCADE,
challenge_id varchar(40) NOT NULL UNIQUE, challenge_id varchar(40) NOT NULL UNIQUE,
received timestamptz NOT NULL DEFAULT now() received timestamptz NOT NULL DEFAULT now()
); );

77
db/db-sqlx-postgres/sqlx-data.json
View File

@ -81,6 +81,33 @@
}, },
"query": "DELETE FROM mcaptcha_sitekey_user_provided_avg_traffic\n WHERE config_id = (\n SELECT config_id \n FROM \n mcaptcha_config \n WHERE\n key = ($1) \n AND \n user_id = (SELECT ID FROM mcaptcha_users WHERE name = $2)\n );" "query": "DELETE FROM mcaptcha_sitekey_user_provided_avg_traffic\n WHERE config_id = (\n SELECT config_id \n FROM \n mcaptcha_config \n WHERE\n key = ($1) \n AND \n user_id = (SELECT ID FROM mcaptcha_users WHERE name = $2)\n );"
}, },
"0fe29ca10e9a83f2064b1b98f570161d339891a74c637077b94d138a4360340e": {
"describe": {
"columns": [
{
"name": "email",
"ordinal": 0,
"type_info": "Varchar"
},
{
"name": "name",
"ordinal": 1,
"type_info": "Varchar"
}
],
"nullable": [
true,
false
],
"parameters": {
"Left": [
"Text",
"Text"
]
}
},
"query": "SELECT\n email, name\n FROM\n mcaptcha_users\n WHERE\n ID = (\n SELECT\n user_id\n FROM\n mcaptcha_challenge\n WHERE\n challenge_id = $1\n AND reason = (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $2)\n );"
},
"16864df9cf9a69c299d9ab68bac559c48f4fc433541a10f7c1b60717df2b820e": { "16864df9cf9a69c299d9ab68bac559c48f4fc433541a10f7c1b60717df2b820e": {
"describe": { "describe": {
"columns": [ "columns": [
@ -119,6 +146,21 @@
}, },
"query": "SELECT key, name, config_id, duration FROM mcaptcha_config WHERE\n user_id = (SELECT ID FROM mcaptcha_users WHERE name = $1) " "query": "SELECT key, name, config_id, duration FROM mcaptcha_config WHERE\n user_id = (SELECT ID FROM mcaptcha_users WHERE name = $1) "
}, },
"1e08fab612b17ab3cf3f76cd1543fb4d4006f7c20e09ecb58e1a1cfd5a7e70a2": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Left": [
"Varchar",
"Timestamptz",
"Text",
"Text"
]
}
},
"query": "INSERT INTO mcaptcha_challenge (challenge_id, received, reason, user_id)\n VALUES ($1, $2, \n (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $3),\n (SELECT ID FROM mcaptcha_users WHERE name = $4)\n );\n "
},
"1e9fe69b23e4bfa7bb369455753100307e334e8dbaf02ff37cda08992fe95910": { "1e9fe69b23e4bfa7bb369455753100307e334e8dbaf02ff37cda08992fe95910": {
"describe": { "describe": {
"columns": [], "columns": [],
@ -478,41 +520,6 @@
}, },
"query": "INSERT INTO\n mcaptcha_challenge_reason (name)\n VALUES ($1) ON CONFLICT DO NOTHING\n " "query": "INSERT INTO\n mcaptcha_challenge_reason (name)\n VALUES ($1) ON CONFLICT DO NOTHING\n "
}, },
"aacf81df0a8ca303428d51345cd6f72e015808103516b9f32723aadf302afcdc": {
"describe": {
"columns": [
{
"name": "id",
"ordinal": 0,
"type_info": "Int4"
}
],
"nullable": [
false
],
"parameters": {
"Left": [
"Text",
"Text"
]
}
},
"query": "SELECT ID\n FROM mcaptcha_challenge\n WHERE\n challenge_id = $1\n AND reason = (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $2);"
},
"ab2a6711d8a457f055ce005ff971e9fd6f4d77f425d4eb26cc5ae050aac647f1": {
"describe": {
"columns": [],
"nullable": [],
"parameters": {
"Left": [
"Varchar",
"Timestamptz",
"Text"
]
}
},
"query": "INSERT INTO mcaptcha_challenge (challenge_id, received, reason)\n VALUES ($1, $2, (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $3));\n "
},
"ad196ab3ef9dc32f6de2313577ccd6c26eae9ab19df5f71ce182651983efb99a": { "ad196ab3ef9dc32f6de2313577ccd6c26eae9ab19df5f71ce182651983efb99a": {
"describe": { "describe": {
"columns": [ "columns": [

56
db/db-sqlx-postgres/src/lib.rs
View File

@ -920,16 +920,24 @@ impl MCDatabase for Database {
} }
/// Record challenge in database /// Record challenge in database
async fn new_challenge(&self, challenge: &mut Challenge) -> DBResult<()> { async fn new_challenge(
&self,
user: &str,
challenge: &mut Challenge,
) -> DBResult<()> {
let now = now_unix_time_stamp(); let now = now_unix_time_stamp();
loop { loop {
let res = sqlx::query!( let res = sqlx::query!(
"INSERT INTO mcaptcha_challenge (challenge_id, received, reason) "INSERT INTO mcaptcha_challenge (challenge_id, received, reason, user_id)
VALUES ($1, $2, (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $3)); VALUES ($1, $2,
(SELECT ID FROM mcaptcha_challenge_reason WHERE name = $3),
(SELECT ID FROM mcaptcha_users WHERE name = $4)
);
", ",
&challenge.challenge.to_string(), &challenge.challenge.to_string(),
now, now,
challenge.reason.to_str() challenge.reason.to_str(),
user
) )
.execute(&self.pool) .execute(&self.pool)
.await; .await;
@ -950,24 +958,42 @@ impl MCDatabase for Database {
} }
/// Record challenge in database /// Record challenge in database
async fn fetch_challenge(&self, challenge: &Challenge) -> DBResult<Challenge> { async fn fetch_challenge_user(
struct C { &self,
id: i32, challenge: &Challenge,
) -> DBResult<ChallengeUser> {
struct U {
name: String,
email: Option<String>,
} }
sqlx::query_as!(
C, let res = sqlx::query_as!(
"SELECT ID U,
FROM mcaptcha_challenge "SELECT
email, name
FROM
mcaptcha_users
WHERE WHERE
challenge_id = $1 ID = (
AND reason = (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $2);", SELECT
&challenge.challenge.to_string(), user_id
FROM
mcaptcha_challenge
WHERE
challenge_id = $1
AND reason = (SELECT ID FROM mcaptcha_challenge_reason WHERE name = $2)
);",
challenge.challenge.to_string(),
challenge.reason.to_str(), challenge.reason.to_str(),
) )
.fetch_one(&self.pool) .fetch_one(&self.pool)
.await .await
.map_err(map_register_err)?; .map_err(map_register_err)?;
Ok(challenge.clone())
Ok(ChallengeUser {
username: res.name,
email: res.email.unwrap(),
})
} }
/// Delete a challenge from database /// Delete a challenge from database

2
db/db-sqlx-postgres/src/tests.rs
View File

@ -89,6 +89,4 @@ async fn everyting_works() {
description: CAPTCHA_DESCRIPTION, description: CAPTCHA_DESCRIPTION,
}; };
database_works(&db, &p, &c, &LEVELS, &TRAFFIC_PATTERN, &ADD_NOTIFICATION).await; database_works(&db, &p, &c, &LEVELS, &TRAFFIC_PATTERN, &ADD_NOTIFICATION).await;
challenges_works(&db).await;
} }