dan/Portfolio
1
0
Fork 0
mirror of https://github.com/danbulant/Portfolio synced 2026-05-24 12:35:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #47 from EETagent/password_reset

Browse source 
Password reset, candidate list filtering
This commit is contained in:
Sebastian Pravda 2022-11-17 23:51:32 +01:00 committed by GitHub
commit 334a998ad9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 190 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
api/src/lib.rs
View file

@ -69,6 +69,7 @@ async fn start() -> Result<(), rocket::Error> {
routes::admin::hello,
routes::admin::create_candidate,
routes::admin::get_candidate,
routes::admin::reset_candidate_password,
],
)
.mount(

22
api/src/routes/admin.rs
View file

@ -95,6 +95,12 @@ pub async fn list_candidates(
) -> Result<Json<Vec<CandidateResponse>>, Custom<String>> {
let db = conn.into_inner();
let private_key = session.get_private_key();
if let Some(field) = field.clone() {
if !(field == "KB".to_string() || field == "IT".to_string() || field == "G") {
return Err(Custom(Status::BadRequest, "Invalid field of study".to_string()));
}
}
let candidates = CandidateService::list_candidates(private_key, db, field)
.await
@ -121,4 +127,20 @@ pub async fn get_candidate(
.map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?;
Ok(Json(details))
}
#[post("/candidate/<id>/reset_password")]
pub async fn reset_candidate_password(
conn: Connection<'_, Db>,
session: AdminAuth,
id: i32,
) -> Result<String, Custom<String>> {
let db = conn.into_inner();
let private_key = session.get_private_key();
let new_password = CandidateService::reset_password(private_key, db, id)
.await
.map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?;
Ok(new_password)
}

27
core/src/candidate_details.rs
View file

@ -70,7 +70,7 @@ pub struct EncryptedApplicationDetails {
pub citizenship: EncryptedString,
pub email: EncryptedString,
pub sex: EncryptedString,
pub study: EncryptedString,
pub study: String,
// Parent
pub parent_name: EncryptedString,
@ -95,7 +95,7 @@ impl EncryptedApplicationDetails {
EncryptedString::new(&form.citizenship, &recipients),
EncryptedString::new(&form.email, &recipients),
EncryptedString::new(&form.sex, &recipients),
EncryptedString::new(&form.study, &recipients),
EncryptedString::new(&form.parent_name, &recipients),
EncryptedString::new(&form.parent_surname, &recipients),
EncryptedString::new(&form.parent_telephone, &recipients),
@ -112,12 +112,12 @@ impl EncryptedApplicationDetails {
citizenship: d.6,
email: d.7,
sex: d.8,
study: d.9,
study: form.study,
parent_name: d.10,
parent_surname: d.11,
parent_telephone: d.12,
parent_email: d.13,
parent_name: d.9,
parent_surname: d.10,
parent_telephone: d.11,
parent_email: d.12,
})
}
@ -132,7 +132,6 @@ impl EncryptedApplicationDetails {
self.citizenship.decrypt(&priv_key), // 6
self.email.decrypt(&priv_key), // 7
self.sex.decrypt(&priv_key), // 8
self.study.decrypt(&priv_key), // 9
self.parent_name.decrypt(&priv_key),
self.parent_surname.decrypt(&priv_key),
self.parent_telephone.decrypt(&priv_key),
@ -149,12 +148,12 @@ impl EncryptedApplicationDetails {
citizenship: d.6,
email: d.7,
sex: d.8,
study: d.9,
study: self.study,
parent_name: d.10,
parent_surname: d.11,
parent_telephone: d.12,
parent_email: d.13,
parent_name: d.9,
parent_surname: d.10,
parent_telephone: d.11,
parent_email: d.12,
})
}
}
@ -175,7 +174,7 @@ impl TryFrom<(candidate::Model, parent::Model)> for EncryptedApplicationDetails
citizenship: EncryptedString::try_from(candidate.citizenship)?,
email: EncryptedString::try_from(candidate.email)?,
sex: EncryptedString::try_from(candidate.sex)?,
study: EncryptedString::try_from(candidate.study)?,
study: candidate.study.ok_or(ServiceError::CandidateDetailsNotSet)?,
parent_name: EncryptedString::try_from(parent.name)?,
parent_surname: EncryptedString::try_from(parent.surname)?,

19
core/src/database/mutation/candidate.rs
View file

@ -22,8 +22,23 @@ impl Mutation {
updated_at: Set(chrono::offset::Local::now().naive_local()),
..Default::default()
}
.insert(db)
.await
.insert(db)
.await
}
pub async fn update_candidate_password_with_keys(
db: &DbConn,
candidate: candidate::Model,
new_password_hash: String,
pub_key: String,
priv_key_enc: String,
) -> Result<candidate::Model, DbErr> {
let mut candidate: candidate::ActiveModel = candidate.into();
candidate.code = Set(new_password_hash);
candidate.public_key = Set(pub_key);
candidate.private_key = Set(priv_key_enc);
candidate.update(db).await
}
pub async fn add_candidate_details(

15
core/src/database/query/candidate.rs
View file

@ -8,7 +8,7 @@ use serde::Serialize;
pub const PAGE_SIZE: u64 = 20;
#[derive(FromQueryResult, Serialize)]
pub struct ApplicationResult {
pub struct CandidateParentResult {
pub application: i32,
pub name: Option<String>,
pub surname: Option<String>,
@ -29,13 +29,18 @@ impl Query {
pub async fn list_candidates(
db: &DbConn,
field_of_study: Option<String>,
) -> Result<Vec<ApplicationResult>, DbErr> {
Candidate::find()
field_of_study_opt: Option<String>,
) -> Result<Vec<CandidateParentResult>, DbErr> {
let select = Candidate::find();
if let Some(study) = field_of_study_opt {
select.filter(candidate::Column::Study.eq(study))
} else {
select
}
.join(JoinType::InnerJoin, candidate::Relation::Parent.def())
.column_as(parent::Column::Name, "parent_name")
.column_as(parent::Column::Surname, "parent_surname")
.into_model::<ApplicationResult>()
.into_model::<CandidateParentResult>()
.paginate(db, PAGE_SIZE)
.fetch()
.await

5
core/src/responses.rs
View file

@ -22,13 +22,12 @@ impl CandidateResponse {
) -> Result<Self, ServiceError> {
let name = decrypt_if_exists(private_key, name_opt).await?;
let surname = decrypt_if_exists(private_key, surname_opt).await?;
let study = decrypt_if_exists(private_key, study_opt).await?;
Ok(
Self {
application_id,
name,
application_id,
surname,
study,
study: study_opt.unwrap_or("".to_string()),
submitted,
}
)

144
core/src/services/candidate_service.rs
View file

@ -11,7 +11,7 @@ use crate::{
Mutation, Query, responses::CandidateResponse,
};
use super::session_service::{AdminUser, SessionService};
use super::{session_service::{AdminUser, SessionService}, application_service::ApplicationService};
// TODO
@ -94,12 +94,44 @@ impl CandidateService {
hashed_password,
hashed_personal_id_number,
pubkey,
encrypted_priv_key,
encrypted_priv_key,
)
.await?;
Ok(candidate)
}
pub async fn reset_password(
admin_private_key: String,
db: &DbConn,
id: i32,
) -> Result<String, ServiceError> {
let candidate = Query::find_candidate_by_id(db, id).await?
.ok_or(ServiceError::CandidateNotFound)?;
let parent = Query::find_parent_by_id(db, id).await?
.ok_or(ServiceError::CandidateNotFound)?;
let new_password_plain = crypto::random_8_char_string();
let new_password_hash = crypto::hash_password(new_password_plain.clone()).await?;
let (pubkey, priv_key_plain_text) = crypto::create_identity();
let encrypted_priv_key = crypto::encrypt_password(priv_key_plain_text,
new_password_plain.to_string()
).await?;
SessionService::revoke_all_sessions(db, Some(id), None).await?;
Mutation::update_candidate_password_with_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?;
let enc_details_opt = EncryptedApplicationDetails::try_from((candidate, parent));
if let Ok(enc_details) = enc_details_opt {
let application_details = enc_details.decrypt(admin_private_key).await?;
ApplicationService::add_all_details(db, id, application_details).await?;
}
Ok(new_password_plain)
}
pub(in crate::services) async fn add_candidate_details(
db: &DbConn,
candidate: candidate::Model,
@ -115,7 +147,7 @@ impl CandidateService {
field_of_study: Option<String>,
) -> Result<Vec<CandidateResponse>, ServiceError> {
let candidates = Query::list_candidates(db, None).await?;
let candidates = Query::list_candidates(db, field_of_study).await?;
let mut result: Vec<CandidateResponse> = vec![];
for candidate in candidates {
@ -403,9 +435,9 @@ mod tests {
use super::EncryptedApplicationDetails;
use chrono::NaiveDate;
use entity::{candidate, parent};
use entity::{candidate, parent, admin};
use crate::candidate_details::ApplicationDetails;
use crate::candidate_details::{ApplicationDetails};
use crate::services::application_service::ApplicationService;
use std::path::{PathBuf};
@ -423,18 +455,43 @@ mod tests {
assert!(!CandidateService::is_application_id_valid(101));
}
// TODO
/* #[tokio::test]
#[tokio::test]
async fn test_password_reset() {
let db = get_memory_sqlite_connection().await;
let admin = create_admin(&db).await;
let (candidate, _parent) = put_user_data(&db).await;
let private_key = crypto::decrypt_password(admin.private_key, "admin".to_string()).await.unwrap();
assert!(
CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_ok()
);
let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap();
assert!(
CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_err()
);
assert!(
CandidateService::login(&db, candidate.application, new_password, "127.0.0.1".to_string()).await.is_ok()
);
}
#[tokio::test]
async fn test_list_candidates() {
let db = get_memory_sqlite_connection().await;
let candidates = CandidateService::list_candidates(&db, None).await.unwrap();
let admin = create_admin(&db).await;
let private_key = crypto::decrypt_password(admin.private_key, "admin".to_string()).await.unwrap();
let candidates = CandidateService::list_candidates(private_key.clone(), &db, None).await.unwrap();
assert_eq!(candidates.len(), 0);
put_user_data(&db).await;
let candidates = CandidateService::list_candidates(&db, None).await.unwrap();
let candidates = CandidateService::list_candidates(private_key.clone(), &db, None).await.unwrap();
assert_eq!(candidates.len(), 1);
} */
}
#[tokio::test]
async fn test_encrypt_decrypt_private_key_with_passphrase() {
@ -469,6 +526,31 @@ mod tests {
assert_eq!(secret_message, decrypted_message);
}
#[cfg(test)]
async fn create_admin(db: &DbConn) -> admin::Model {
use chrono::Utc;
use sea_orm::{Set, ActiveModelTrait};
let password = "admin".to_string();
let (pubkey, priv_key) = crypto::create_identity();
let enc_priv_key = crypto::encrypt_password(priv_key, password).await.unwrap();
let admin = admin::ActiveModel {
name: Set("admin".to_string()),
public_key: Set(pubkey),
private_key: Set(enc_priv_key),
password: Set("admin".to_string()),
created_at: Set(Utc::now().naive_utc()),
updated_at: Set(Utc::now().naive_utc()),
..Default::default()
}
.insert(db)
.await
.unwrap();
admin
}
#[cfg(test)]
async fn put_user_data(db: &DbConn) -> (candidate::Model, parent::Model) {
let plain_text_password = "test".to_string();
@ -483,20 +565,20 @@ mod tests {
.unwrap();
let form = ApplicationDetails {
name: "test".to_string(),
surname: "aaa".to_string(),
birthplace: "b".to_string(),
birthdate: NaiveDate::from_ymd(1999, 1, 1),
address: "test".to_string(),
telephone: "test".to_string(),
citizenship: "test".to_string(),
email: "test".to_string(),
sex: "test".to_string(),
name: "name".to_string(),
surname: "surname".to_string(),
birthplace: "birthplace".to_string(),
birthdate: NaiveDate::from_ymd(2000, 1, 1),
address: "address".to_string(),
telephone: "telephone".to_string(),
citizenship: "citizenship".to_string(),
email: "email".to_string(),
sex: "sex".to_string(),
study: "KB".to_string(),
parent_name: "test".to_string(),
parent_surname: "test".to_string(),
parent_telephone: "test".to_string(),
parent_email: "test".to_string(),
parent_name: "parent_name".to_string(),
parent_surname: "parent_surname".to_string(),
parent_telephone: "parent_telephone".to_string(),
parent_email: "parent_email".to_string(),
};
ApplicationService::add_all_details(&db, candidate.application, form)
@ -526,8 +608,20 @@ mod tests {
.unwrap();
let dec_details = enc_details.decrypt(dec_priv_key).await.ok().unwrap();
assert_eq!(dec_details.name, "test"); // TODO: test every element
assert_eq!(dec_details.parent_surname, "test");
assert_eq!(dec_details.name, "name");
assert_eq!(dec_details.surname, "surname");
assert_eq!(dec_details.birthplace, "birthplace");
assert_eq!(dec_details.birthdate, NaiveDate::from_ymd(2000, 1, 1));
assert_eq!(dec_details.address, "address");
assert_eq!(dec_details.telephone, "telephone");
assert_eq!(dec_details.citizenship, "citizenship");
assert_eq!(dec_details.email, "email");
assert_eq!(dec_details.sex, "sex");
assert_eq!(dec_details.study, "KB");
assert_eq!(dec_details.parent_name, "parent_name");
assert_eq!(dec_details.parent_surname, "parent_surname");
assert_eq!(dec_details.parent_telephone, "parent_telephone");
assert_eq!(dec_details.parent_email, "parent_email");
}
#[cfg(test)]

12
core/src/services/session_service.rs
View file

@ -1,7 +1,7 @@
use std::cmp::min;
use entity::{admin, candidate};
use sea_orm::{prelude::Uuid, DatabaseConnection, ModelTrait};
use sea_orm::{prelude::Uuid, DatabaseConnection, ModelTrait, DbConn};
use crate::{
crypto::{self},
@ -114,9 +114,12 @@ impl SessionService {
Ok(session.id.to_string())
}
pub async fn revoke_all_sessions(db: &DbConn, user_id: Option<i32>, admin_id: Option<i32>) -> Result<(), ServiceError> {
Self::delete_old_sessions(db, user_id, admin_id, 0).await
}
/// Authenticate user by session id
/// Return user model if session is valid
pub async fn auth_user_session(
db: &DatabaseConnection,
uuid: Uuid,
@ -162,11 +165,8 @@ impl SessionService {
#[cfg(test)]
mod tests {
use entity::{admin, candidate, session, parent};
use sea_orm::{
prelude::Uuid, sea_query::TableCreateStatement, ConnectionTrait, Database, DbBackend,
DbConn, Schema,
prelude::Uuid,
};
use crate::{