diff --git a/sqlx-data.json b/sqlx-data.json index 3046604f..b02869fe 100644 --- a/sqlx-data.json +++ b/sqlx-data.json @@ -523,6 +523,26 @@ }, "query": "SELECT name FROM mcaptcha_config \n WHERE key = $1 \n AND user_id = (\n SELECT user_id FROM mcaptcha_users WHERE NAME = $2)" }, + "a900d304a69809e98eedfc7d807bf6f4f88998763f914cd1ac3e98c6b755c2e2": { + "describe": { + "columns": [ + { + "name": "password", + "ordinal": 0, + "type_info": "Text" + } + ], + "nullable": [ + false + ], + "parameters": { + "Left": [ + "Text" + ] + } + }, + "query": "SELECT password FROM mcaptcha_users WHERE email = ($1)" + }, "ad23588ee4bcbb13e208460ce21e2fa9f1373893934b530b339fea10360b34a8": { "describe": { "columns": [ diff --git a/src/api/v1/account/password.rs b/src/api/v1/account/password.rs index 505e9cbb..fe6a80d1 100644 --- a/src/api/v1/account/password.rs +++ b/src/api/v1/account/password.rs @@ -17,6 +17,7 @@ use actix_identity::Identity; use actix_web::{web, HttpResponse, Responder}; use argon2_creds::Config; +use db_core::Login; use serde::{Deserialize, Serialize}; use sqlx::Error::RowNotFound; @@ -83,26 +84,15 @@ async fn update_user_password( let username = id.identity().unwrap(); - let rec = sqlx::query_as!( - Password, - r#"SELECT password FROM mcaptcha_users WHERE name = ($1)"#, - &username, - ) - .fetch_one(&data.db) - .await; + // TODO: verify behavior when account is not found + let res = data.dblib.get_password(&Login::Username(&username)).await?; - match rec { - Ok(s) => { - if Config::verify(&s.password, &payload.password)? { - let update: UpdatePassword = payload.into_inner().into(); - update_password_runner(&username, update, &data).await?; - Ok(HttpResponse::Ok()) - } else { - Err(ServiceError::WrongPassword) - } - } - Err(RowNotFound) => Err(ServiceError::AccountNotFound), - Err(_) => Err(ServiceError::InternalServerError), + if Config::verify(&res.hash, &payload.password)? { + let update: UpdatePassword = payload.into_inner().into(); + update_password_runner(&username, update, &data).await?; + Ok(HttpResponse::Ok()) + } else { + Err(ServiceError::WrongPassword) } } diff --git a/src/api/v1/auth.rs b/src/api/v1/auth.rs index b0a25f66..86e81476 100644 --- a/src/api/v1/auth.rs +++ b/src/api/v1/auth.rs @@ -91,7 +91,6 @@ pub mod runners { /// returns Ok(()) when everything checks out and the user is authenticated. Erros otherwise pub async fn login_runner(payload: Login, data: &AppData) -> ServiceResult { use argon2_creds::Config; - use sqlx::Error::RowNotFound; let verify = |stored: &str, received: &str| { if Config::verify(stored, received)? { @@ -101,50 +100,19 @@ pub mod runners { } }; - if payload.login.contains('@') { - #[derive(Clone, Debug)] - struct EmailLogin { - name: String, - password: String, - } - - let email_fut = sqlx::query_as!( - EmailLogin, - r#"SELECT name, password FROM mcaptcha_users WHERE email = ($1)"#, - &payload.login, - ) - .fetch_one(&data.db) - .await; - - match email_fut { - Ok(s) => { - verify(&s.password, &payload.password)?; - Ok(s.name) - } - - Err(RowNotFound) => Err(ServiceError::AccountNotFound), - Err(_) => Err(ServiceError::InternalServerError), - } + let s = if payload.login.contains('@') { + data.dblib + .get_password(&db_core::Login::Email(&payload.login)) + .await? } else { - let username_fut = sqlx::query_as!( - Password, - r#"SELECT password FROM mcaptcha_users WHERE name = ($1)"#, - &payload.login, - ) - .fetch_one(&data.db) - .await; + data.dblib + .get_password(&db_core::Login::Username(&payload.login)) + .await? + }; - match username_fut { - Ok(s) => { - verify(&s.password, &payload.password)?; - Ok(payload.login) - } - Err(RowNotFound) => Err(ServiceError::AccountNotFound), - Err(_) => Err(ServiceError::InternalServerError), - } - } + verify(&s.hash, &payload.password)?; + Ok(s.username) } - pub async fn register_runner( payload: &Register, data: &AppData,