diff --git a/api/src/lib.rs b/api/src/lib.rs index 15d65ca..8a8e476 100644 --- a/api/src/lib.rs +++ b/api/src/lib.rs @@ -69,6 +69,7 @@ async fn start() -> Result<(), rocket::Error> { routes::admin::hello, routes::admin::create_candidate, routes::admin::get_candidate, + routes::admin::reset_candidate_password, ], ) .mount( diff --git a/api/src/routes/admin.rs b/api/src/routes/admin.rs index 5c90006..5b47fbc 100644 --- a/api/src/routes/admin.rs +++ b/api/src/routes/admin.rs @@ -95,6 +95,12 @@ pub async fn list_candidates( ) -> Result>, Custom> { let db = conn.into_inner(); let private_key = session.get_private_key(); + if let Some(field) = field.clone() { + if !(field == "KB".to_string() || field == "IT".to_string() || field == "G") { + return Err(Custom(Status::BadRequest, "Invalid field of study".to_string())); + } + + } let candidates = CandidateService::list_candidates(private_key, db, field) .await @@ -121,4 +127,20 @@ pub async fn get_candidate( .map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; Ok(Json(details)) +} + +#[post("/candidate//reset_password")] +pub async fn reset_candidate_password( + conn: Connection<'_, Db>, + session: AdminAuth, + id: i32, +) -> Result> { + let db = conn.into_inner(); + let private_key = session.get_private_key(); + + let new_password = CandidateService::reset_password(private_key, db, id) + .await + .map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; + + Ok(new_password) } \ No newline at end of file diff --git a/core/src/candidate_details.rs b/core/src/candidate_details.rs index ae3cb4f..47c483e 100644 --- a/core/src/candidate_details.rs +++ b/core/src/candidate_details.rs @@ -70,7 +70,7 @@ pub struct EncryptedApplicationDetails { pub citizenship: EncryptedString, pub email: EncryptedString, pub sex: EncryptedString, - pub study: EncryptedString, + pub study: String, // Parent pub parent_name: EncryptedString, @@ -95,7 +95,7 @@ impl EncryptedApplicationDetails { EncryptedString::new(&form.citizenship, &recipients), EncryptedString::new(&form.email, &recipients), EncryptedString::new(&form.sex, &recipients), - EncryptedString::new(&form.study, &recipients), + EncryptedString::new(&form.parent_name, &recipients), EncryptedString::new(&form.parent_surname, &recipients), EncryptedString::new(&form.parent_telephone, &recipients), @@ -112,12 +112,12 @@ impl EncryptedApplicationDetails { citizenship: d.6, email: d.7, sex: d.8, - study: d.9, + study: form.study, - parent_name: d.10, - parent_surname: d.11, - parent_telephone: d.12, - parent_email: d.13, + parent_name: d.9, + parent_surname: d.10, + parent_telephone: d.11, + parent_email: d.12, }) } @@ -132,7 +132,6 @@ impl EncryptedApplicationDetails { self.citizenship.decrypt(&priv_key), // 6 self.email.decrypt(&priv_key), // 7 self.sex.decrypt(&priv_key), // 8 - self.study.decrypt(&priv_key), // 9 self.parent_name.decrypt(&priv_key), self.parent_surname.decrypt(&priv_key), self.parent_telephone.decrypt(&priv_key), @@ -149,12 +148,12 @@ impl EncryptedApplicationDetails { citizenship: d.6, email: d.7, sex: d.8, - study: d.9, + study: self.study, - parent_name: d.10, - parent_surname: d.11, - parent_telephone: d.12, - parent_email: d.13, + parent_name: d.9, + parent_surname: d.10, + parent_telephone: d.11, + parent_email: d.12, }) } } @@ -175,7 +174,7 @@ impl TryFrom<(candidate::Model, parent::Model)> for EncryptedApplicationDetails citizenship: EncryptedString::try_from(candidate.citizenship)?, email: EncryptedString::try_from(candidate.email)?, sex: EncryptedString::try_from(candidate.sex)?, - study: EncryptedString::try_from(candidate.study)?, + study: candidate.study.ok_or(ServiceError::CandidateDetailsNotSet)?, parent_name: EncryptedString::try_from(parent.name)?, parent_surname: EncryptedString::try_from(parent.surname)?, diff --git a/core/src/database/mutation/candidate.rs b/core/src/database/mutation/candidate.rs index 058a2ec..3fbc113 100644 --- a/core/src/database/mutation/candidate.rs +++ b/core/src/database/mutation/candidate.rs @@ -22,8 +22,23 @@ impl Mutation { updated_at: Set(chrono::offset::Local::now().naive_local()), ..Default::default() } - .insert(db) - .await + .insert(db) + .await + } + + pub async fn update_candidate_password_with_keys( + db: &DbConn, + candidate: candidate::Model, + new_password_hash: String, + pub_key: String, + priv_key_enc: String, + ) -> Result { + let mut candidate: candidate::ActiveModel = candidate.into(); + candidate.code = Set(new_password_hash); + candidate.public_key = Set(pub_key); + candidate.private_key = Set(priv_key_enc); + + candidate.update(db).await } pub async fn add_candidate_details( diff --git a/core/src/database/query/candidate.rs b/core/src/database/query/candidate.rs index 37478b9..b57ce51 100644 --- a/core/src/database/query/candidate.rs +++ b/core/src/database/query/candidate.rs @@ -8,7 +8,7 @@ use serde::Serialize; pub const PAGE_SIZE: u64 = 20; #[derive(FromQueryResult, Serialize)] -pub struct ApplicationResult { +pub struct CandidateParentResult { pub application: i32, pub name: Option, pub surname: Option, @@ -29,13 +29,18 @@ impl Query { pub async fn list_candidates( db: &DbConn, - field_of_study: Option, - ) -> Result, DbErr> { - Candidate::find() + field_of_study_opt: Option, + ) -> Result, DbErr> { + let select = Candidate::find(); + if let Some(study) = field_of_study_opt { + select.filter(candidate::Column::Study.eq(study)) + } else { + select + } .join(JoinType::InnerJoin, candidate::Relation::Parent.def()) .column_as(parent::Column::Name, "parent_name") .column_as(parent::Column::Surname, "parent_surname") - .into_model::() + .into_model::() .paginate(db, PAGE_SIZE) .fetch() .await diff --git a/core/src/responses.rs b/core/src/responses.rs index c2cbdd2..c0b7e5b 100644 --- a/core/src/responses.rs +++ b/core/src/responses.rs @@ -22,13 +22,12 @@ impl CandidateResponse { ) -> Result { let name = decrypt_if_exists(private_key, name_opt).await?; let surname = decrypt_if_exists(private_key, surname_opt).await?; - let study = decrypt_if_exists(private_key, study_opt).await?; Ok( Self { - application_id, name, + application_id, surname, - study, + study: study_opt.unwrap_or("".to_string()), submitted, } ) diff --git a/core/src/services/candidate_service.rs b/core/src/services/candidate_service.rs index 9deacb1..396bea1 100644 --- a/core/src/services/candidate_service.rs +++ b/core/src/services/candidate_service.rs @@ -11,7 +11,7 @@ use crate::{ Mutation, Query, responses::CandidateResponse, }; -use super::session_service::{AdminUser, SessionService}; +use super::{session_service::{AdminUser, SessionService}, application_service::ApplicationService}; // TODO @@ -94,12 +94,44 @@ impl CandidateService { hashed_password, hashed_personal_id_number, pubkey, - encrypted_priv_key, + encrypted_priv_key, ) .await?; Ok(candidate) } + pub async fn reset_password( + admin_private_key: String, + db: &DbConn, + id: i32, + ) -> Result { + let candidate = Query::find_candidate_by_id(db, id).await? + .ok_or(ServiceError::CandidateNotFound)?; + let parent = Query::find_parent_by_id(db, id).await? + .ok_or(ServiceError::CandidateNotFound)?; + + + let new_password_plain = crypto::random_8_char_string(); + let new_password_hash = crypto::hash_password(new_password_plain.clone()).await?; + + let (pubkey, priv_key_plain_text) = crypto::create_identity(); + let encrypted_priv_key = crypto::encrypt_password(priv_key_plain_text, + new_password_plain.to_string() + ).await?; + + + SessionService::revoke_all_sessions(db, Some(id), None).await?; + Mutation::update_candidate_password_with_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?; + + let enc_details_opt = EncryptedApplicationDetails::try_from((candidate, parent)); + if let Ok(enc_details) = enc_details_opt { + let application_details = enc_details.decrypt(admin_private_key).await?; + ApplicationService::add_all_details(db, id, application_details).await?; + } + + Ok(new_password_plain) + } + pub(in crate::services) async fn add_candidate_details( db: &DbConn, candidate: candidate::Model, @@ -115,7 +147,7 @@ impl CandidateService { field_of_study: Option, ) -> Result, ServiceError> { - let candidates = Query::list_candidates(db, None).await?; + let candidates = Query::list_candidates(db, field_of_study).await?; let mut result: Vec = vec![]; for candidate in candidates { @@ -403,9 +435,9 @@ mod tests { use super::EncryptedApplicationDetails; use chrono::NaiveDate; - use entity::{candidate, parent}; + use entity::{candidate, parent, admin}; - use crate::candidate_details::ApplicationDetails; + use crate::candidate_details::{ApplicationDetails}; use crate::services::application_service::ApplicationService; use std::path::{PathBuf}; @@ -423,18 +455,43 @@ mod tests { assert!(!CandidateService::is_application_id_valid(101)); } - // TODO - /* #[tokio::test] + #[tokio::test] + async fn test_password_reset() { + let db = get_memory_sqlite_connection().await; + let admin = create_admin(&db).await; + let (candidate, _parent) = put_user_data(&db).await; + + let private_key = crypto::decrypt_password(admin.private_key, "admin".to_string()).await.unwrap(); + + assert!( + CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_ok() + ); + + let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap(); + + assert!( + CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_err() + ); + + assert!( + CandidateService::login(&db, candidate.application, new_password, "127.0.0.1".to_string()).await.is_ok() + ); + + } + + #[tokio::test] async fn test_list_candidates() { let db = get_memory_sqlite_connection().await; - let candidates = CandidateService::list_candidates(&db, None).await.unwrap(); + let admin = create_admin(&db).await; + let private_key = crypto::decrypt_password(admin.private_key, "admin".to_string()).await.unwrap(); + let candidates = CandidateService::list_candidates(private_key.clone(), &db, None).await.unwrap(); assert_eq!(candidates.len(), 0); put_user_data(&db).await; - let candidates = CandidateService::list_candidates(&db, None).await.unwrap(); + let candidates = CandidateService::list_candidates(private_key.clone(), &db, None).await.unwrap(); assert_eq!(candidates.len(), 1); - } */ + } #[tokio::test] async fn test_encrypt_decrypt_private_key_with_passphrase() { @@ -469,6 +526,31 @@ mod tests { assert_eq!(secret_message, decrypted_message); } + #[cfg(test)] + async fn create_admin(db: &DbConn) -> admin::Model { + use chrono::Utc; + use sea_orm::{Set, ActiveModelTrait}; + + let password = "admin".to_string(); + let (pubkey, priv_key) = crypto::create_identity(); + let enc_priv_key = crypto::encrypt_password(priv_key, password).await.unwrap(); + + let admin = admin::ActiveModel { + name: Set("admin".to_string()), + public_key: Set(pubkey), + private_key: Set(enc_priv_key), + password: Set("admin".to_string()), + created_at: Set(Utc::now().naive_utc()), + updated_at: Set(Utc::now().naive_utc()), + ..Default::default() + } + .insert(db) + .await + .unwrap(); + + admin + } + #[cfg(test)] async fn put_user_data(db: &DbConn) -> (candidate::Model, parent::Model) { let plain_text_password = "test".to_string(); @@ -483,20 +565,20 @@ mod tests { .unwrap(); let form = ApplicationDetails { - name: "test".to_string(), - surname: "aaa".to_string(), - birthplace: "b".to_string(), - birthdate: NaiveDate::from_ymd(1999, 1, 1), - address: "test".to_string(), - telephone: "test".to_string(), - citizenship: "test".to_string(), - email: "test".to_string(), - sex: "test".to_string(), + name: "name".to_string(), + surname: "surname".to_string(), + birthplace: "birthplace".to_string(), + birthdate: NaiveDate::from_ymd(2000, 1, 1), + address: "address".to_string(), + telephone: "telephone".to_string(), + citizenship: "citizenship".to_string(), + email: "email".to_string(), + sex: "sex".to_string(), study: "KB".to_string(), - parent_name: "test".to_string(), - parent_surname: "test".to_string(), - parent_telephone: "test".to_string(), - parent_email: "test".to_string(), + parent_name: "parent_name".to_string(), + parent_surname: "parent_surname".to_string(), + parent_telephone: "parent_telephone".to_string(), + parent_email: "parent_email".to_string(), }; ApplicationService::add_all_details(&db, candidate.application, form) @@ -526,8 +608,20 @@ mod tests { .unwrap(); let dec_details = enc_details.decrypt(dec_priv_key).await.ok().unwrap(); - assert_eq!(dec_details.name, "test"); // TODO: test every element - assert_eq!(dec_details.parent_surname, "test"); + assert_eq!(dec_details.name, "name"); + assert_eq!(dec_details.surname, "surname"); + assert_eq!(dec_details.birthplace, "birthplace"); + assert_eq!(dec_details.birthdate, NaiveDate::from_ymd(2000, 1, 1)); + assert_eq!(dec_details.address, "address"); + assert_eq!(dec_details.telephone, "telephone"); + assert_eq!(dec_details.citizenship, "citizenship"); + assert_eq!(dec_details.email, "email"); + assert_eq!(dec_details.sex, "sex"); + assert_eq!(dec_details.study, "KB"); + assert_eq!(dec_details.parent_name, "parent_name"); + assert_eq!(dec_details.parent_surname, "parent_surname"); + assert_eq!(dec_details.parent_telephone, "parent_telephone"); + assert_eq!(dec_details.parent_email, "parent_email"); } #[cfg(test)] diff --git a/core/src/services/session_service.rs b/core/src/services/session_service.rs index 4960fc4..08c9bac 100644 --- a/core/src/services/session_service.rs +++ b/core/src/services/session_service.rs @@ -1,7 +1,7 @@ use std::cmp::min; use entity::{admin, candidate}; -use sea_orm::{prelude::Uuid, DatabaseConnection, ModelTrait}; +use sea_orm::{prelude::Uuid, DatabaseConnection, ModelTrait, DbConn}; use crate::{ crypto::{self}, @@ -114,9 +114,12 @@ impl SessionService { Ok(session.id.to_string()) } + pub async fn revoke_all_sessions(db: &DbConn, user_id: Option, admin_id: Option) -> Result<(), ServiceError> { + Self::delete_old_sessions(db, user_id, admin_id, 0).await + } + /// Authenticate user by session id /// Return user model if session is valid - pub async fn auth_user_session( db: &DatabaseConnection, uuid: Uuid, @@ -162,11 +165,8 @@ impl SessionService { #[cfg(test)] mod tests { - use entity::{admin, candidate, session, parent}; - use sea_orm::{ - prelude::Uuid, sea_query::TableCreateStatement, ConnectionTrait, Database, DbBackend, - DbConn, Schema, + prelude::Uuid, }; use crate::{