Merge pull request #64 from EETagent/api_refactoring

API refactoring
This commit is contained in:
Vojtěch Jungmann 2022-11-29 10:18:27 +01:00 committed by GitHub
commit 4db223f786
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
28 changed files with 342 additions and 360 deletions

1
Cargo.lock generated
View file

@ -2060,6 +2060,7 @@ dependencies = [
"dotenv", "dotenv",
"futures", "futures",
"infer", "infer",
"once_cell",
"portfolio-entity", "portfolio-entity",
"rand 0.8.5", "rand 0.8.5",
"sea-orm", "sea-orm",

View file

@ -31,7 +31,7 @@ impl<'r> FromData<'r> for Letter {
let data_bytes = data_bytes.into_inner(); let data_bytes = data_bytes.into_inner();
let is_pdf = portfolio_core::filetype::filetype_is_pdf(&data_bytes); let is_pdf = portfolio_core::utils::filetype::filetype_is_pdf(&data_bytes);
if !is_pdf { if !is_pdf {
// TODO: Not PDF // TODO: Not PDF

View file

@ -31,7 +31,7 @@ impl<'r> FromData<'r> for Portfolio {
let data_bytes = data_bytes.into_inner(); let data_bytes = data_bytes.into_inner();
let is_zip = portfolio_core::filetype::filetype_is_zip(&data_bytes); let is_zip = portfolio_core::utils::filetype::filetype_is_zip(&data_bytes);
if !is_zip { if !is_zip {
// TODO: Not ZIP // TODO: Not ZIP

View file

@ -43,12 +43,12 @@ pub fn rocket() -> Rocket<Build>{
routes::candidate::logout, routes::candidate::logout,
routes::candidate::whoami, routes::candidate::whoami,
routes::candidate::get_details, routes::candidate::get_details,
routes::candidate::post_details,
], ],
) )
.mount( .mount(
"/candidate/add", "/candidate/add",
routes![ routes![
routes::candidate::add_details,
routes::candidate::upload_portfolio_letter, routes::candidate::upload_portfolio_letter,
routes::candidate::upload_portfolio_zip, routes::candidate::upload_portfolio_zip,
routes::candidate::upload_cover_letter, routes::candidate::upload_cover_letter,

View file

@ -23,7 +23,7 @@ impl sea_orm_rocket::Pool for SeaOrmPool {
#[cfg(test)] #[cfg(test)]
async fn init(_figment: &Figment) -> Result<Self, Self::Error> { async fn init(_figment: &Figment) -> Result<Self, Self::Error> {
let conn = portfolio_core::util::get_memory_sqlite_connection().await; let conn = portfolio_core::utils::db::get_memory_sqlite_connection().await;
crate::test::tests::run_test_migrations(&conn).await; crate::test::tests::run_test_migrations(&conn).await;
return Ok(Self { conn }); return Ok(Self { conn });
} }

View file

@ -2,7 +2,7 @@ use std::net::{SocketAddr, IpAddr, Ipv4Addr};
use portfolio_core::{ use portfolio_core::{
crypto::random_8_char_string, crypto::random_8_char_string,
services::{admin_service::AdminService, candidate_service::CandidateService, application_service::ApplicationService, portfolio_service::PortfolioService}, responses::CandidateResponse, candidate_details::ApplicationDetails, sea_orm::prelude::Uuid, services::{admin_service::AdminService, candidate_service::CandidateService, application_service::ApplicationService, portfolio_service::PortfolioService}, responses::{BaseCandidateResponse, CreateCandidateResponse}, candidate_details::ApplicationDetails, sea_orm::prelude::Uuid,
}; };
use requests::{AdminLoginRequest, RegisterRequest}; use requests::{AdminLoginRequest, RegisterRequest};
use rocket::http::{Cookie, Status, CookieJar}; use rocket::http::{Cookie, Status, CookieJar};
@ -11,7 +11,9 @@ use rocket::serde::json::Json;
use sea_orm_rocket::Connection; use sea_orm_rocket::Connection;
use crate::{guards::request::auth::AdminAuth, pool::Db, requests}; use crate::{guards::request::{auth::AdminAuth}, pool::Db, requests};
use super::to_custom_error;
#[post("/login", data = "<login_form>")] #[post("/login", data = "<login_form>")]
pub async fn login( pub async fn login(
@ -82,14 +84,14 @@ pub async fn hello(_session: AdminAuth) -> Result<String, Custom<String>> {
Ok("Hello admin".to_string()) Ok("Hello admin".to_string())
} }
#[post("/create", data = "<post_form>")] #[post("/create", data = "<request>")]
pub async fn create_candidate( pub async fn create_candidate(
conn: Connection<'_, Db>, conn: Connection<'_, Db>,
_session: AdminAuth, _session: AdminAuth,
post_form: Json<RegisterRequest>, request: Json<RegisterRequest>,
) -> Result<String, Custom<String>> { ) -> Result<Json<CreateCandidateResponse>, Custom<String>> {
let db = conn.into_inner(); let db = conn.into_inner();
let form = post_form.into_inner(); let form = request.into_inner();
let plain_text_password = random_8_char_string(); let plain_text_password = random_8_char_string();
@ -97,12 +99,20 @@ pub async fn create_candidate(
db, db,
form.application_id, form.application_id,
&plain_text_password, &plain_text_password,
form.personal_id_number, form.personal_id_number.clone(),
) )
.await .await
.map_err(|e| Custom(Status::InternalServerError, e.to_string()))?; .map_err(to_custom_error)?;
Ok(plain_text_password) Ok(
Json(
CreateCandidateResponse {
application_id: form.application_id,
personal_id_number: form.personal_id_number,
password: plain_text_password,
}
)
)
} }
#[get("/candidates?<field>&<page>")] #[get("/candidates?<field>&<page>")]
@ -111,7 +121,7 @@ pub async fn list_candidates(
session: AdminAuth, session: AdminAuth,
field: Option<String>, field: Option<String>,
page: Option<u64>, page: Option<u64>,
) -> Result<Json<Vec<CandidateResponse>>, Custom<String>> { ) -> Result<Json<Vec<BaseCandidateResponse>>, Custom<String>> {
let db = conn.into_inner(); let db = conn.into_inner();
let private_key = session.get_private_key(); let private_key = session.get_private_key();
if let Some(field) = field.clone() { if let Some(field) = field.clone() {
@ -123,7 +133,7 @@ pub async fn list_candidates(
let candidates = CandidateService::list_candidates(private_key, db, field, page) let candidates = CandidateService::list_candidates(private_key, db, field, page)
.await .await
.map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; .map_err(to_custom_error)?;
Ok(Json(candidates)) Ok(Json(candidates))
} }
@ -143,7 +153,7 @@ pub async fn get_candidate(
id id
) )
.await .await
.map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; .map_err(to_custom_error)?;
Ok(Json(details)) Ok(Json(details))
} }
@ -153,15 +163,17 @@ pub async fn reset_candidate_password(
conn: Connection<'_, Db>, conn: Connection<'_, Db>,
session: AdminAuth, session: AdminAuth,
id: i32, id: i32,
) -> Result<String, Custom<String>> { ) -> Result<Json<CreateCandidateResponse>, Custom<String>> {
let db = conn.into_inner(); let db = conn.into_inner();
let private_key = session.get_private_key(); let private_key = session.get_private_key();
let new_password = CandidateService::reset_password(private_key, db, id) let response = CandidateService::reset_password(private_key, db, id)
.await .await
.map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; .map_err(to_custom_error)?;
Ok(new_password) Ok(
Json(response)
)
} }
#[get("/candidate/<id>/portfolio")] #[get("/candidate/<id>/portfolio")]
@ -173,13 +185,14 @@ pub async fn get_candidate_portfolio(
let portfolio = PortfolioService::get_portfolio(id, private_key) let portfolio = PortfolioService::get_portfolio(id, private_key)
.await .await
.map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; .map_err(to_custom_error)?;
Ok(portfolio) Ok(portfolio)
} }
#[cfg(test)] #[cfg(test)]
pub mod tests { pub mod tests {
use portfolio_core::responses::CreateCandidateResponse;
use rocket::{local::blocking::Client, http::{Cookie, Status}}; use rocket::{local::blocking::Client, http::{Cookie, Status}};
use crate::test::tests::{test_client, ADMIN_PASSWORD, ADMIN_ID}; use crate::test::tests::{test_client, ADMIN_PASSWORD, ADMIN_ID};
@ -208,7 +221,7 @@ pub mod tests {
cookies: (Cookie, Cookie), cookies: (Cookie, Cookie),
id: i32, id: i32,
pid: String, pid: String,
) -> String { ) -> CreateCandidateResponse {
let response = client let response = client
.post("/admin/create") .post("/admin/create")
.body(format!( .body(format!(
@ -224,15 +237,15 @@ pub mod tests {
assert_eq!(response.status(), Status::Ok); assert_eq!(response.status(), Status::Ok);
response.into_string().unwrap() response.into_json::<CreateCandidateResponse>().unwrap()
} }
#[test] #[test]
fn test_create_candidate() { fn test_create_candidate() {
let client = test_client().lock().unwrap(); let client = test_client().lock().unwrap();
let cookies = admin_login(&client); let cookies = admin_login(&client);
let password = create_candidate(&client, cookies, 1031511, "0".to_string()); let response = create_candidate(&client, cookies, 1031511, "0".to_string());
assert_eq!(password.len(), 8); assert_eq!(response.password.len(), 8);
} }
} }

View file

@ -16,6 +16,8 @@ use crate::guards::data::letter::Letter;
use crate::guards::data::portfolio::Portfolio; use crate::guards::data::portfolio::Portfolio;
use crate::{guards::request::auth::CandidateAuth, pool::Db, requests}; use crate::{guards::request::auth::CandidateAuth, pool::Db, requests};
use super::to_custom_error;
#[post("/login", data = "<login_form>")] #[post("/login", data = "<login_form>")]
pub async fn login( pub async fn login(
conn: Connection<'_, Db>, conn: Connection<'_, Db>,
@ -25,31 +27,19 @@ pub async fn login(
) -> Result<String, Custom<String>> { ) -> Result<String, Custom<String>> {
let ip_addr: SocketAddr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 0); let ip_addr: SocketAddr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 0);
let db = conn.into_inner(); let db = conn.into_inner();
let session_token_key = CandidateService::login( let (session_token, private_key) = CandidateService::login(
db, db,
login_form.application_id, login_form.application_id,
login_form.password.to_string(), login_form.password.to_string(),
ip_addr.ip().to_string(), ip_addr.ip().to_string(),
) )
.await; .await
.map_err(to_custom_error)?;
let Ok(session_token_key) = session_token_key else {
let e = session_token_key.unwrap_err();
return Err(Custom(
Status::from_code(e.code()).unwrap_or(Status::InternalServerError),
e.to_string(),
));
};
let session_token = session_token_key.0;
let private_key = session_token_key.1;
cookies.add_private(Cookie::new("id", session_token.clone())); cookies.add_private(Cookie::new("id", session_token.clone()));
cookies.add_private(Cookie::new("key", private_key.clone())); cookies.add_private(Cookie::new("key", private_key.clone()));
let response = format!("{} {}", session_token, private_key); return Ok("".to_string());
return Ok(response);
} }
#[post("/logout")] #[post("/logout")]
@ -61,14 +51,14 @@ pub async fn logout(conn: Connection<'_, Db>, _session: CandidateAuth, cookies:
let session_id = Uuid::try_parse(cookie.value()) // unwrap would be safe here because of the auth guard let session_id = Uuid::try_parse(cookie.value()) // unwrap would be safe here because of the auth guard
.map_err(|e| Custom(Status::BadRequest, e.to_string()))?; .map_err(|e| Custom(Status::BadRequest, e.to_string()))?;
let res = CandidateService::logout(db, session_id) CandidateService::logout(db, session_id)
.await .await
.map_err(|e| Custom(Status::from_code(e.code()).unwrap_or(Status::InternalServerError), e.to_string()))?; .map_err(to_custom_error)?;
cookies.remove_private(Cookie::named("id")); cookies.remove_private(Cookie::named("id"));
cookies.remove_private(Cookie::named("key")); cookies.remove_private(Cookie::named("key"));
Ok(res) Ok(())
} }
#[get("/whoami")] #[get("/whoami")]
@ -77,32 +67,27 @@ pub async fn whoami(session: CandidateAuth) -> Result<String, Custom<String>> {
Ok(candidate.application.to_string()) Ok(candidate.application.to_string())
} }
// TODO: use put instead of post???
#[post("/details", data = "<details>")] #[post("/details", data = "<details>")]
pub async fn add_details( pub async fn post_details(
conn: Connection<'_, Db>, conn: Connection<'_, Db>,
details: Json<ApplicationDetails>, details: Json<ApplicationDetails>,
session: CandidateAuth, session: CandidateAuth,
) -> Result<String, Custom<String>> { ) -> Result<Json<ApplicationDetails>, Custom<String>> {
let db = conn.into_inner(); let db = conn.into_inner();
let form = details.into_inner(); let form = details.into_inner();
let candidate: entity::candidate::Model = session.into(); // TODO: don't return candidate from session let candidate: entity::candidate::Model = session.into();
let candidate_parent = let _candidate_parent = ApplicationService::add_all_details(db, candidate.application, &form)
ApplicationService::add_all_details(db, candidate.application, form).await; .await
.map_err(to_custom_error)?;
if candidate_parent.is_err() { Ok(
// TODO cleanup Json(form)
let e = candidate_parent.err().unwrap(); )
return Err(Custom(
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
));
}
Ok("Details added".to_string())
} }
#[post("/get_details")] #[get("/details")]
pub async fn get_details( pub async fn get_details(
conn: Connection<'_, Db>, conn: Connection<'_, Db>,
session: CandidateAuth, session: CandidateAuth,
@ -114,14 +99,10 @@ pub async fn get_details(
// let handle = tokio::spawn(async move { // let handle = tokio::spawn(async move {
let details = ApplicationService::decrypt_all_details(private_key, db, candidate.application) let details = ApplicationService::decrypt_all_details(private_key, db, candidate.application)
.await .await
.map_err(|e| { .map(|x| Json(x))
Custom( .map_err(to_custom_error);
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
)
});
details.map(|d| Json(d)) details
} }
#[post("/cover_letter", data = "<letter>")] #[post("/cover_letter", data = "<letter>")]
pub async fn upload_cover_letter( pub async fn upload_cover_letter(
@ -130,40 +111,25 @@ pub async fn upload_cover_letter(
) -> Result<String, Custom<String>> { ) -> Result<String, Custom<String>> {
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
let candidate = PortfolioService::add_cover_letter_to_cache(candidate.application, letter.into())
PortfolioService::add_cover_letter_to_cache(candidate.application, letter.into()).await; .await
.map_err(to_custom_error)?;
if candidate.is_err() {
// TODO cleanup
let e = candidate.err().unwrap();
return Err(Custom(
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
));
}
Ok("Letter added".to_string()) Ok("Letter added".to_string())
} }
#[get("/submission_progress")] #[get("/submission_progress")]
pub async fn submission_progress( pub async fn submission_progress(
conn: Connection<'_, Db>,
session: CandidateAuth session: CandidateAuth
) -> Result<Json<SubmissionProgress>, Custom<String>> { ) -> Result<Json<SubmissionProgress>, Custom<String>> {
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
let progress = PortfolioService::get_submission_progress(candidate.application) let progress = PortfolioService::get_submission_progress(candidate.application)
.await .await
.map_err(|e| { .map(|x| Json(x))
Custom( .map_err(to_custom_error);
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
)
})?;
Ok( progress
Json(progress)
)
} }
// TODO: JSON // TODO: JSON
#[get["/is_cover_letter"]] #[get["/is_cover_letter"]]
@ -182,17 +148,9 @@ pub async fn upload_portfolio_letter(
) -> Result<String, Custom<String>> { ) -> Result<String, Custom<String>> {
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
let candidate = PortfolioService::add_portfolio_letter_to_cache(candidate.application, letter.into())
PortfolioService::add_portfolio_letter_to_cache(candidate.application, letter.into()).await; .await
.map_err(to_custom_error)?;
if candidate.is_err() {
// TODO cleanup
let e = candidate.err().unwrap();
return Err(Custom(
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
));
}
Ok("Letter added".to_string()) Ok("Letter added".to_string())
} }
@ -214,17 +172,9 @@ pub async fn upload_portfolio_zip(
) -> Result<String, Custom<String>> { ) -> Result<String, Custom<String>> {
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
let candidate = PortfolioService::add_portfolio_zip_to_cache(candidate.application, portfolio.into())
PortfolioService::add_portfolio_zip_to_cache(candidate.application, portfolio.into()).await; .await
.map_err(to_custom_error)?;
if candidate.is_err() {
// TODO cleanup
let e = candidate.err().unwrap();
return Err(Custom(
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
));
}
Ok("Portfolio added".to_string()) Ok("Portfolio added".to_string())
} }
@ -256,19 +206,15 @@ pub async fn submit_portfolio(
// TODO: Více kontrol? // TODO: Více kontrol?
if e.code() == 500 { if e.code() == 500 {
// Cleanup // Cleanup
PortfolioService::delete_portfolio(candidate.application) PortfolioService::delete_portfolio(candidate.application).await.unwrap();
.await
.unwrap();
} }
return Err(Custom( return Err(to_custom_error(e));
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
));
} }
Ok("Portfolio submitted".to_string()) Ok("Portfolio submitted".to_string())
} }
#[deprecated = "Use /submission_progress instead"]
#[get("/is_prepared")] #[get("/is_prepared")]
pub async fn is_portfolio_prepared(session: CandidateAuth) -> Result<String, Custom<String>> { pub async fn is_portfolio_prepared(session: CandidateAuth) -> Result<String, Custom<String>> {
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
@ -286,6 +232,7 @@ pub async fn is_portfolio_prepared(session: CandidateAuth) -> Result<String, Cus
Ok("Portfolio ok".to_string()) Ok("Portfolio ok".to_string())
} }
#[deprecated = "Use /submission_progress instead"]
#[get("/is_submitted")] #[get("/is_submitted")]
pub async fn is_portfolio_submitted(session: CandidateAuth) -> Result<String, Custom<String>> { pub async fn is_portfolio_submitted(session: CandidateAuth) -> Result<String, Custom<String>> {
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
@ -308,17 +255,11 @@ pub async fn download_portfolio(session: CandidateAuth) -> Result<Vec<u8>, Custo
let private_key = session.get_private_key(); let private_key = session.get_private_key();
let candidate: entity::candidate::Model = session.into(); let candidate: entity::candidate::Model = session.into();
let file = PortfolioService::get_portfolio(candidate.application, private_key).await; let file = PortfolioService::get_portfolio(candidate.application, private_key)
.await
.map_err(to_custom_error);
if file.is_err() { file
let e = file.err().unwrap();
return Err(Custom(
Status::from_code(e.code()).unwrap_or_default(),
e.to_string(),
));
}
Ok(file.unwrap())
} }
#[cfg(test)] #[cfg(test)]
@ -359,6 +300,7 @@ mod tests {
\"citizenship\": \"Czech Republic\", \"citizenship\": \"Czech Republic\",
\"email\": \"magor@magor.cz\", \"email\": \"magor@magor.cz\",
\"sex\": \"MALE\", \"sex\": \"MALE\",
\"personal_id_number\": \"0000000000\",
\"study\": \"KB\", \"study\": \"KB\",
\"parent_name\": \"maminka\", \"parent_name\": \"maminka\",
\"parent_surname\": \"chad\", \"parent_surname\": \"chad\",
@ -394,7 +336,7 @@ mod tests {
let details_orig: ApplicationDetails = serde_json::from_str(CANDIDATE_DETAILS).unwrap(); let details_orig: ApplicationDetails = serde_json::from_str(CANDIDATE_DETAILS).unwrap();
let response = client let response = client
.post("/candidate/add/details") .post("/candidate/details")
.cookie(cookies.0.clone()) .cookie(cookies.0.clone())
.cookie(cookies.1.clone()) .cookie(cookies.1.clone())
.body(CANDIDATE_DETAILS.to_string()) .body(CANDIDATE_DETAILS.to_string())
@ -403,7 +345,7 @@ mod tests {
assert_eq!(response.status(), Status::Ok); assert_eq!(response.status(), Status::Ok);
let response = client let response = client
.post("/candidate/get_details") .get("/candidate/details")
.cookie(cookies.0) .cookie(cookies.0)
.cookie(cookies.1) .cookie(cookies.1)
.dispatch(); .dispatch();
@ -424,7 +366,7 @@ mod tests {
let key = Cookie::new("key", private_key); let key = Cookie::new("key", private_key);
let response = client let response = client
.post("/candidate/add/details") .post("/candidate/details")
.cookie(id.clone()) .cookie(id.clone())
.cookie(key.clone()) .cookie(key.clone())
.body(CANDIDATE_DETAILS.to_string()) .body(CANDIDATE_DETAILS.to_string())
@ -432,7 +374,7 @@ mod tests {
assert_eq!(response.status(), Status::Unauthorized); assert_eq!(response.status(), Status::Unauthorized);
let response = client let response = client
.post("/candidate/get_details") .get("/candidate/details")
.cookie(id.clone()) .cookie(id.clone())
.cookie(key.clone()) .cookie(key.clone())
.dispatch(); .dispatch();
@ -452,7 +394,7 @@ mod tests {
let cookies = admin_login(&client); let cookies = admin_login(&client);
let response = client let response = client
.post("/candidate/add/details") .post("/candidate/details")
.cookie(cookies.0.clone()) .cookie(cookies.0.clone())
.cookie(cookies.1.clone()) .cookie(cookies.1.clone())
.body(CANDIDATE_DETAILS.to_string()) .body(CANDIDATE_DETAILS.to_string())
@ -460,7 +402,7 @@ mod tests {
assert_eq!(response.status(), Status::Unauthorized); assert_eq!(response.status(), Status::Unauthorized);
let response = client let response = client
.post("/candidate/get_details") .get("/candidate/details")
.cookie(cookies.0.clone()) .cookie(cookies.0.clone())
.cookie(cookies.1.clone()) .cookie(cookies.1.clone())
.dispatch(); .dispatch();

View file

@ -1,2 +1,12 @@
use portfolio_core::error::ServiceError;
use rocket::{response::status::Custom, http::Status};
pub mod admin; pub mod admin;
pub mod candidate; pub mod candidate;
pub fn to_custom_error(e: ServiceError) -> Custom<String> {
Custom(
Status::from_code(e.code()).unwrap_or_default(),
e.to_string()
)
}

View file

@ -52,3 +52,4 @@ features = [
tokio = { version = "^1.22", features = ["macros"] } tokio = { version = "^1.22", features = ["macros"] }
async-tempfile = "^0.2" async-tempfile = "^0.2"
serial_test = "0.9.0" serial_test = "0.9.0"
once_cell = "1.9.0"

View file

@ -11,7 +11,8 @@ pub const NAIVE_DATE_FMT: &str = "%Y-%m-%d";
pub struct EncryptedString(String); pub struct EncryptedString(String);
impl EncryptedString { impl EncryptedString {
pub async fn new(s: &str, recipients: &Vec<&str>) -> Result<Self, ServiceError> { pub async fn new(s: &str, recipients: &Vec<String>) -> Result<Self, ServiceError> {
let recipients = recipients.iter().map(|s| &**s).collect();
match crypto::encrypt_password_with_recipients(&s, &recipients).await { match crypto::encrypt_password_with_recipients(&s, &recipients).await {
Ok(encrypted) => Ok(Self(encrypted)), Ok(encrypted) => Ok(Self(encrypted)),
Err(_) => Err(ServiceError::CryptoEncryptFailed), Err(_) => Err(ServiceError::CryptoEncryptFailed),
@ -46,6 +47,11 @@ impl TryFrom<Option<String>> for EncryptedString {
} }
} }
} }
impl From<String> for EncryptedString {
fn from(s: String) -> Self {
Self(s)
}
}
impl TryFrom<Option<NaiveDate>> for EncryptedString { impl TryFrom<Option<NaiveDate>> for EncryptedString {
// TODO: take a look at this // TODO: take a look at this
@ -71,6 +77,7 @@ pub struct EncryptedApplicationDetails {
pub citizenship: EncryptedString, pub citizenship: EncryptedString,
pub email: EncryptedString, pub email: EncryptedString,
pub sex: EncryptedString, pub sex: EncryptedString,
pub personal_id_number: EncryptedString,
pub study: String, pub study: String,
// Parent // Parent
@ -82,8 +89,8 @@ pub struct EncryptedApplicationDetails {
impl EncryptedApplicationDetails { impl EncryptedApplicationDetails {
pub async fn new( pub async fn new(
form: ApplicationDetails, form: &ApplicationDetails,
recipients: Vec<&str>, recipients: Vec<String>,
) -> Result<EncryptedApplicationDetails, ServiceError> { ) -> Result<EncryptedApplicationDetails, ServiceError> {
let birthdate_str = form.birthdate.format(NAIVE_DATE_FMT).to_string(); let birthdate_str = form.birthdate.format(NAIVE_DATE_FMT).to_string();
let d = tokio::try_join!( let d = tokio::try_join!(
@ -96,6 +103,7 @@ impl EncryptedApplicationDetails {
EncryptedString::new(&form.citizenship, &recipients), EncryptedString::new(&form.citizenship, &recipients),
EncryptedString::new(&form.email, &recipients), EncryptedString::new(&form.email, &recipients),
EncryptedString::new(&form.sex, &recipients), EncryptedString::new(&form.sex, &recipients),
EncryptedString::new(&form.personal_id_number, &recipients),
EncryptedString::new(&form.parent_name, &recipients), EncryptedString::new(&form.parent_name, &recipients),
EncryptedString::new(&form.parent_surname, &recipients), EncryptedString::new(&form.parent_surname, &recipients),
@ -113,30 +121,32 @@ impl EncryptedApplicationDetails {
citizenship: d.6, citizenship: d.6,
email: d.7, email: d.7,
sex: d.8, sex: d.8,
study: form.study, personal_id_number: d.9,
study: form.study.clone(),
parent_name: d.9, parent_name: d.10,
parent_surname: d.10, parent_surname: d.11,
parent_telephone: d.11, parent_telephone: d.12,
parent_email: d.12, parent_email: d.13,
}) })
} }
pub async fn decrypt(self, priv_key: String) -> Result<ApplicationDetails, ServiceError> { pub async fn decrypt(self, priv_key: String) -> Result<ApplicationDetails, ServiceError> {
let d = tokio::try_join!( let d = tokio::try_join!(
self.name.decrypt(&priv_key), // 0 self.name.decrypt(&priv_key), // 0
self.surname.decrypt(&priv_key), // 1 self.surname.decrypt(&priv_key), // 1
self.birthplace.decrypt(&priv_key), // 2 self.birthplace.decrypt(&priv_key), // 2
self.birthdate.decrypt(&priv_key), // 3 self.birthdate.decrypt(&priv_key), // 3
self.address.decrypt(&priv_key), // 4 self.address.decrypt(&priv_key), // 4
self.telephone.decrypt(&priv_key), // 5 self.telephone.decrypt(&priv_key), // 5
self.citizenship.decrypt(&priv_key), // 6 self.citizenship.decrypt(&priv_key), // 6
self.email.decrypt(&priv_key), // 7 self.email.decrypt(&priv_key), // 7
self.sex.decrypt(&priv_key), // 8 self.sex.decrypt(&priv_key), // 8
self.parent_name.decrypt(&priv_key), self.personal_id_number.decrypt(&priv_key),// 9
self.parent_surname.decrypt(&priv_key), self.parent_name.decrypt(&priv_key), // 10
self.parent_telephone.decrypt(&priv_key), self.parent_surname.decrypt(&priv_key), // 11
self.parent_email.decrypt(&priv_key), self.parent_telephone.decrypt(&priv_key), // 12
self.parent_email.decrypt(&priv_key), // 13
)?; )?;
Ok(ApplicationDetails { Ok(ApplicationDetails {
@ -149,12 +159,13 @@ impl EncryptedApplicationDetails {
citizenship: d.6, citizenship: d.6,
email: d.7, email: d.7,
sex: d.8, sex: d.8,
personal_id_number: d.9,
study: self.study, study: self.study,
parent_name: d.9, parent_name: d.10,
parent_surname: d.10, parent_surname: d.11,
parent_telephone: d.11, parent_telephone: d.12,
parent_email: d.12, parent_email: d.13,
}) })
} }
} }
@ -175,6 +186,7 @@ impl TryFrom<(candidate::Model, parent::Model)> for EncryptedApplicationDetails
citizenship: EncryptedString::try_from(candidate.citizenship)?, citizenship: EncryptedString::try_from(candidate.citizenship)?,
email: EncryptedString::try_from(candidate.email)?, email: EncryptedString::try_from(candidate.email)?,
sex: EncryptedString::try_from(candidate.sex)?, sex: EncryptedString::try_from(candidate.sex)?,
personal_id_number: EncryptedString::from(candidate.personal_identification_number),
study: candidate.study.ok_or(ServiceError::CandidateDetailsNotSet)?, study: candidate.study.ok_or(ServiceError::CandidateDetailsNotSet)?,
parent_name: EncryptedString::try_from(parent.name)?, parent_name: EncryptedString::try_from(parent.name)?,
@ -201,6 +213,7 @@ impl TryFrom<CandidateWithParent> for EncryptedApplicationDetails {
citizenship: EncryptedString::try_from(cp.citizenship)?, citizenship: EncryptedString::try_from(cp.citizenship)?,
email: EncryptedString::try_from(cp.email)?, email: EncryptedString::try_from(cp.email)?,
sex: EncryptedString::try_from(cp.sex)?, sex: EncryptedString::try_from(cp.sex)?,
personal_id_number: EncryptedString::try_from(cp.personal_identification_number)?,
study: cp.study.ok_or(ServiceError::CandidateDetailsNotSet)?, study: cp.study.ok_or(ServiceError::CandidateDetailsNotSet)?,
parent_name: EncryptedString::try_from(cp.parent_name)?, parent_name: EncryptedString::try_from(cp.parent_name)?,
@ -213,7 +226,7 @@ impl TryFrom<CandidateWithParent> for EncryptedApplicationDetails {
#[derive(Debug, Serialize, Deserialize, PartialEq, Eq)] #[derive(Debug, Serialize, Deserialize, PartialEq, Eq, Clone)]
pub struct ApplicationDetails { pub struct ApplicationDetails {
// Candidate // Candidate
pub name: String, pub name: String,
@ -226,7 +239,7 @@ pub struct ApplicationDetails {
pub email: String, pub email: String,
pub sex: String, pub sex: String,
pub study: String, pub study: String,
pub personal_id_number: String,
// Parent // Parent
pub parent_name: String, pub parent_name: String,
pub parent_surname: String, pub parent_surname: String,
@ -235,34 +248,61 @@ pub struct ApplicationDetails {
} }
#[cfg(test)] #[cfg(test)]
mod tests { pub mod tests {
use std::sync::Mutex;
use once_cell::sync::Lazy;
use crate::crypto; use crate::crypto;
use super::{ApplicationDetails, EncryptedApplicationDetails, EncryptedString}; use super::{ApplicationDetails, EncryptedApplicationDetails, EncryptedString};
const PUBLIC_KEY: &str = "age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5";
const PRIVATE_KEY: &str = "AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS";
pub static APPLICATION_DETAILS: Lazy<Mutex<ApplicationDetails>> = Lazy::new(||
Mutex::new(ApplicationDetails {
name: "name".to_string(),
surname: "surname".to_string(),
birthplace: "birthplace".to_string(),
birthdate: chrono::NaiveDate::from_ymd(2000, 1, 1),
address: "address".to_string(),
telephone: "telephone".to_string(),
citizenship: "citizenship".to_string(),
email: "email".to_string(),
sex: "sex".to_string(),
personal_id_number: "personal_id_number".to_string(),
study: "study".to_string(),
parent_email: "parent_email".to_string(),
parent_name: "parent_name".to_string(),
parent_surname: "parent_surname".to_string(),
parent_telephone: "parent_telephone".to_string()
})
);
pub fn assert_all_application_details(details: &ApplicationDetails) {
assert_eq!(details.name, "name");
assert_eq!(details.surname, "surname");
assert_eq!(details.birthplace, "birthplace");
assert_eq!(details.birthdate, chrono::NaiveDate::from_ymd(2000, 1, 1));
assert_eq!(details.address, "address");
assert_eq!(details.telephone, "telephone");
assert_eq!(details.citizenship, "citizenship");
assert_eq!(details.email, "email");
assert_eq!(details.sex, "sex");
assert_eq!(details.study, "study");
assert_eq!(details.personal_id_number, "personal_id_number");
assert_eq!(details.parent_name, "parent_name");
assert_eq!(details.parent_surname, "parent_surname");
assert_eq!(details.parent_telephone, "parent_telephone");
assert_eq!(details.parent_email, "parent_email");
}
#[tokio::test] #[tokio::test]
async fn test_encrypted_application_details_new() { async fn test_encrypted_application_details_new() {
const PUBLIC_KEY: &str = "age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5";
const PRIVATE_KEY: &str =
"AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS";
let encrypted_details = EncryptedApplicationDetails::new( let encrypted_details = EncryptedApplicationDetails::new(
ApplicationDetails { &APPLICATION_DETAILS.lock().unwrap().clone(),
name: "test".to_string(), vec![PUBLIC_KEY.to_string()],
surname: "test".to_string(),
birthplace: "test".to_string(),
birthdate: chrono::offset::Local::now().date_naive(),
address: "test".to_string(),
telephone: "test".to_string(),
citizenship: "test".to_string(),
email: "test".to_string(),
parent_email: "test".to_string(),
parent_name: "test".to_string(),
parent_surname: "test".to_string(),
parent_telephone: "test".to_string(),
sex: "test".to_string(),
study: "test".to_string(),
},
vec![PUBLIC_KEY],
) )
.await .await
.unwrap(); .unwrap();
@ -271,44 +311,49 @@ mod tests {
crypto::decrypt_password_with_private_key(&encrypted_details.name.0, PRIVATE_KEY) crypto::decrypt_password_with_private_key(&encrypted_details.name.0, PRIVATE_KEY)
.await .await
.unwrap(), .unwrap(),
"test" "name"
); );
assert_eq!( assert_eq!(
crypto::decrypt_password_with_private_key(&encrypted_details.email.0, PRIVATE_KEY) crypto::decrypt_password_with_private_key(&encrypted_details.email.0, PRIVATE_KEY)
.await .await
.unwrap(), .unwrap(),
"test" "email"
); );
assert_eq!( assert_eq!(
crypto::decrypt_password_with_private_key(&encrypted_details.sex.0, PRIVATE_KEY) crypto::decrypt_password_with_private_key(&encrypted_details.sex.0, PRIVATE_KEY)
.await .await
.unwrap(), .unwrap(),
"test" "sex"
); );
} }
#[tokio::test] #[tokio::test]
async fn test_encrypted_application_details_decrypt() { async fn test_encrypted_application_details_decrypt() {
let encrypted_details = EncryptedApplicationDetails::new(
&APPLICATION_DETAILS.lock().unwrap().clone(),
vec![PUBLIC_KEY.to_string()],
)
.await
.unwrap();
let application_details = encrypted_details
.decrypt(PRIVATE_KEY.to_string())
.await
.unwrap();
assert_all_application_details(&application_details);
}
// TODO
/* #[tokio::test]
async fn test_encrypted_application_details_from_candidate_parent() {
const PUBLIC_KEY: &str = "age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5"; const PUBLIC_KEY: &str = "age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5";
const PRIVATE_KEY: &str = const PRIVATE_KEY: &str =
"AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS"; "AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS";
let encrypted_details = EncryptedApplicationDetails::new(
ApplicationDetails { const birthdate: NaiveDate = chrono::offset::Local::now().date_naive();
name: "test".to_string(), let encrypted_details = EncryptedApplicationDetails::try_from(
surname: "test".to_string(), ,
birthplace: "test".to_string(),
birthdate: chrono::offset::Local::now().date_naive(),
address: "test".to_string(),
telephone: "test".to_string(),
citizenship: "test".to_string(),
email: "test".to_string(),
parent_email: "test".to_string(),
parent_name: "test".to_string(),
parent_surname: "test".to_string(),
parent_telephone: "test".to_string(),
sex: "test".to_string(),
study: "test".to_string(),
},
vec![PUBLIC_KEY], vec![PUBLIC_KEY],
) )
.await .await
@ -319,10 +364,8 @@ mod tests {
.await .await
.unwrap(); .unwrap();
assert_eq!(application_details.name, "test"); assert_all_application_details(&application_details);
assert_eq!(application_details.email, "test"); } */
assert_eq!(application_details.sex, "test");
}
#[tokio::test] #[tokio::test]
async fn test_encrypted_string_new() { async fn test_encrypted_string_new() {
@ -330,7 +373,7 @@ mod tests {
const PRIVATE_KEY: &str = const PRIVATE_KEY: &str =
"AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS"; "AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS";
let encrypted = EncryptedString::new("test", &vec![PUBLIC_KEY]) let encrypted = EncryptedString::new("test", &vec![PUBLIC_KEY.to_string()])
.await .await
.unwrap(); .unwrap();
@ -348,7 +391,7 @@ mod tests {
const PRIVATE_KEY: &str = const PRIVATE_KEY: &str =
"AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS"; "AGE-SECRET-KEY-14QG24502DMUUQDT2SPMX2YXPSES0X8UD6NT0PCTDAT6RH8V5Q3GQGSRXPS";
let encrypted = EncryptedString::new("test", &vec![PUBLIC_KEY]) let encrypted = EncryptedString::new("test", &vec![PUBLIC_KEY.to_string()])
.await .await
.unwrap(); .unwrap();

View file

@ -8,13 +8,13 @@ impl Mutation {
db: &DbConn, db: &DbConn,
application_id: i32, application_id: i32,
hashed_password: String, hashed_password: String,
hashed_personal_id_number: String, enc_personal_id_number: String,
pubkey: String, pubkey: String,
encrypted_priv_key: String, encrypted_priv_key: String,
) -> Result<candidate::Model, DbErr> { ) -> Result<candidate::Model, DbErr> {
candidate::ActiveModel { candidate::ActiveModel {
application: Set(application_id), application: Set(application_id),
personal_identification_number_hash: Set(hashed_personal_id_number), personal_identification_number: Set(enc_personal_id_number),
code: Set(hashed_password), code: Set(hashed_password),
public_key: Set(pubkey), public_key: Set(pubkey),
private_key: Set(encrypted_priv_key), private_key: Set(encrypted_priv_key),
@ -26,7 +26,7 @@ impl Mutation {
.await .await
} }
pub async fn update_candidate_password_with_keys( pub async fn update_candidate_password_and_keys(
db: &DbConn, db: &DbConn,
candidate: candidate::Model, candidate: candidate::Model,
new_password_hash: String, new_password_hash: String,
@ -56,6 +56,7 @@ impl Mutation {
user.citizenship = Set(Some(enc_details.citizenship.into())); user.citizenship = Set(Some(enc_details.citizenship.into()));
user.email = Set(Some(enc_details.email.into())); user.email = Set(Some(enc_details.email.into()));
user.sex = Set(Some(enc_details.sex.into())); user.sex = Set(Some(enc_details.sex.into()));
user.personal_identification_number = Set(enc_details.personal_id_number.into()); // TODO: do not set this here, it is already set in the create_candidate mutation???
user.study = Set(Some(enc_details.study.into())); user.study = Set(Some(enc_details.study.into()));
user.updated_at = Set(chrono::offset::Local::now().naive_local()); user.updated_at = Set(chrono::offset::Local::now().naive_local());
@ -66,8 +67,9 @@ impl Mutation {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::candidate_details::{ApplicationDetails, EncryptedApplicationDetails}; use crate::candidate_details::tests::APPLICATION_DETAILS;
use crate::util::get_memory_sqlite_connection; use crate::candidate_details::{EncryptedApplicationDetails};
use crate::utils::db::get_memory_sqlite_connection;
use crate::{Mutation, Query}; use crate::{Mutation, Query};
#[tokio::test] #[tokio::test]
@ -111,23 +113,8 @@ mod tests {
.unwrap(); .unwrap();
let encrypted_details: EncryptedApplicationDetails = EncryptedApplicationDetails::new( let encrypted_details: EncryptedApplicationDetails = EncryptedApplicationDetails::new(
ApplicationDetails { &APPLICATION_DETAILS.lock().unwrap().clone(),
name: "test".to_string(), vec!["age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5".to_string()],
surname: "test".to_string(),
birthplace: "test".to_string(),
birthdate: chrono::offset::Local::now().date_naive(),
address: "test".to_string(),
telephone: "test".to_string(),
citizenship: "test".to_string(),
email: "test".to_string(),
parent_email: "test".to_string(),
parent_name: "test".to_string(),
parent_surname: "test".to_string(),
parent_telephone: "test".to_string(),
sex: "test".to_string(),
study: "test".to_string(),
},
vec!["age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5"],
).await.unwrap(); ).await.unwrap();
Mutation::add_candidate_details(&db, candidate, encrypted_details).await.unwrap(); Mutation::add_candidate_details(&db, candidate, encrypted_details).await.unwrap();

View file

@ -34,8 +34,9 @@ impl Mutation {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::candidate_details::{ApplicationDetails, EncryptedApplicationDetails}; use crate::candidate_details::tests::APPLICATION_DETAILS;
use crate::util::get_memory_sqlite_connection; use crate::candidate_details::{EncryptedApplicationDetails};
use crate::utils::db::get_memory_sqlite_connection;
use crate::{Mutation, Query}; use crate::{Mutation, Query};
#[tokio::test] #[tokio::test]
@ -81,23 +82,8 @@ mod tests {
let parent = Mutation::create_parent(&db, APPLICATION_ID).await.unwrap(); let parent = Mutation::create_parent(&db, APPLICATION_ID).await.unwrap();
let encrypted_details: EncryptedApplicationDetails = EncryptedApplicationDetails::new( let encrypted_details: EncryptedApplicationDetails = EncryptedApplicationDetails::new(
ApplicationDetails { &APPLICATION_DETAILS.lock().unwrap().clone(),
name: "test".to_string(), vec!["age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5".to_string()],
surname: "test".to_string(),
birthplace: "test".to_string(),
birthdate: chrono::offset::Local::now().date_naive(),
address: "test".to_string(),
telephone: "test".to_string(),
citizenship: "test".to_string(),
email: "test".to_string(),
parent_email: "test".to_string(),
parent_name: "test".to_string(),
parent_surname: "test".to_string(),
parent_telephone: "test".to_string(),
sex: "test".to_string(),
study: "test".to_string(),
},
vec!["age1u889gp407hsz309wn09kxx9anl6uns30m27lfwnctfyq9tq4qpus8tzmq5"],
) )
.await .await
.unwrap(); .unwrap();

View file

@ -25,7 +25,7 @@ mod tests {
use entity::admin; use entity::admin;
use sea_orm::{ActiveModelTrait, Set}; use sea_orm::{ActiveModelTrait, Set};
use crate::util::get_memory_sqlite_connection; use crate::utils::db::get_memory_sqlite_connection;
use crate::Query; use crate::Query;
#[tokio::test] #[tokio::test]

View file

@ -122,7 +122,7 @@ mod tests {
use entity::candidate; use entity::candidate;
use crate::Query; use crate::Query;
use crate::util::get_memory_sqlite_connection; use crate::utils::db::get_memory_sqlite_connection;
#[tokio::test] #[tokio::test]
async fn test_find_candidate_by_id() { async fn test_find_candidate_by_id() {
@ -132,7 +132,7 @@ mod tests {
code: Set("test".to_string()), code: Set("test".to_string()),
public_key: Set("test".to_string()), public_key: Set("test".to_string()),
private_key: Set("test".to_string()), private_key: Set("test".to_string()),
personal_identification_number_hash: Set("test".to_string()), personal_identification_number: Set("test".to_string()),
created_at: Set(chrono::offset::Local::now().naive_local()), created_at: Set(chrono::offset::Local::now().naive_local()),
updated_at: Set(chrono::offset::Local::now().naive_local()), updated_at: Set(chrono::offset::Local::now().naive_local()),
..Default::default() ..Default::default()
@ -141,7 +141,7 @@ mod tests {
.await .await
.unwrap(); .unwrap();
let candidate = Query::find_candidate_by_id(&db, candidate.application) let candidate = Query::find_candidate_by_id(&db, candidate.application)
.await .await
.unwrap(); .unwrap();
assert!(candidate.is_some()); assert!(candidate.is_some());

View file

@ -22,7 +22,7 @@ mod tests {
use sea_orm::{ActiveModelTrait, Set}; use sea_orm::{ActiveModelTrait, Set};
use crate::Query; use crate::Query;
use crate::util::get_memory_sqlite_connection; use crate::utils::db::get_memory_sqlite_connection;
#[tokio::test] #[tokio::test]
async fn test_find_parent_by_id() { async fn test_find_parent_by_id() {
@ -35,7 +35,7 @@ mod tests {
code: Set("test".to_string()), code: Set("test".to_string()),
public_key: Set("test".to_string()), public_key: Set("test".to_string()),
private_key: Set("test".to_string()), private_key: Set("test".to_string()),
personal_identification_number_hash: Set("test".to_string()), personal_identification_number: Set("test".to_string()),
created_at: Set(chrono::offset::Local::now().naive_local()), created_at: Set(chrono::offset::Local::now().naive_local()),
updated_at: Set(chrono::offset::Local::now().naive_local()), updated_at: Set(chrono::offset::Local::now().naive_local()),
..Default::default() ..Default::default()

View file

@ -35,7 +35,7 @@ mod tests {
use entity::{session}; use entity::{session};
use sea_orm::{prelude::Uuid, ActiveModelTrait, Set}; use sea_orm::{prelude::Uuid, ActiveModelTrait, Set};
use crate::util::get_memory_sqlite_connection; use crate::utils::db::get_memory_sqlite_connection;
use crate::Query; use crate::Query;
#[tokio::test] #[tokio::test]

View file

@ -5,11 +5,9 @@ pub use database::query::*;
pub mod database; pub mod database;
pub mod crypto; pub mod crypto;
pub mod filetype;
pub mod services; pub mod services;
pub mod error; pub mod error;
pub mod candidate_details; pub mod candidate_details;
pub mod util;
pub mod responses; pub mod responses;
pub mod utils; pub mod utils;

View file

@ -1,9 +1,16 @@
use serde::Serialize; use serde::{Serialize, Deserialize};
use crate::{candidate_details::EncryptedString, error::ServiceError}; use crate::{candidate_details::EncryptedString, error::ServiceError};
#[derive(Debug, Serialize, Deserialize)]
pub struct CreateCandidateResponse {
pub application_id: i32,
pub personal_id_number: String,
pub password: String,
}
#[derive(Debug, Serialize)] #[derive(Debug, Serialize)]
pub struct CandidateResponse { pub struct BaseCandidateResponse {
pub application_id: i32, pub application_id: i32,
pub name: String, pub name: String,
pub surname: String, pub surname: String,
@ -11,7 +18,7 @@ pub struct CandidateResponse {
pub submitted: bool, pub submitted: bool,
} }
impl CandidateResponse { impl BaseCandidateResponse {
pub async fn from_encrypted( pub async fn from_encrypted(
private_key: &String, private_key: &String,
application_id: i32, application_id: i32,

View file

@ -57,7 +57,7 @@ mod admin_tests {
use entity::admin; use entity::admin;
use sea_orm::{Set, ActiveModelTrait}; use sea_orm::{Set, ActiveModelTrait};
use crate::{util::get_memory_sqlite_connection, error::ServiceError}; use crate::{utils::db::get_memory_sqlite_connection, error::ServiceError};
use super::*; use super::*;

View file

@ -1,7 +1,7 @@
use entity::{candidate, parent}; use entity::{candidate, parent};
use sea_orm::DbConn; use sea_orm::DbConn;
use crate::{error::ServiceError, candidate_details::{ApplicationDetails, EncryptedApplicationDetails}, Query}; use crate::{error::ServiceError, candidate_details::{ApplicationDetails, EncryptedApplicationDetails}, Query, utils::db::get_recipients};
use super::{parent_service::ParentService, candidate_service::CandidateService}; use super::{parent_service::ParentService, candidate_service::CandidateService};
@ -31,7 +31,7 @@ impl ApplicationService {
pub async fn add_all_details( pub async fn add_all_details(
db: &DbConn, db: &DbConn,
application: i32, application: i32,
form: ApplicationDetails, form: &ApplicationDetails,
) -> Result<(candidate::Model, parent::Model), ServiceError> { ) -> Result<(candidate::Model, parent::Model), ServiceError> {
let candidate = Query::find_candidate_by_id(db, application) let candidate = Query::find_candidate_by_id(db, application)
.await? .await?
@ -41,13 +41,7 @@ impl ApplicationService {
.await? .await?
.ok_or(ServiceError::ParentNotFound)?; .ok_or(ServiceError::ParentNotFound)?;
let admin_public_keys = Query::get_all_admin_public_keys(db).await?; let recipients = get_recipients(db, &candidate.public_key).await?;
let mut admin_public_keys_refrence: Vec<&str> =
admin_public_keys.iter().map(|s| &**s).collect();
let mut recipients = vec![&*candidate.public_key];
recipients.append(&mut admin_public_keys_refrence);
let enc_details = EncryptedApplicationDetails::new(form, recipients).await?; let enc_details = EncryptedApplicationDetails::new(form, recipients).await?;

View file

@ -1,16 +1,14 @@
use std::path::{Path, PathBuf};
use entity::candidate; use entity::candidate;
use sea_orm::{prelude::Uuid, DbConn}; use sea_orm::{prelude::Uuid, DbConn};
use crate::{ use crate::{
candidate_details::{EncryptedApplicationDetails}, candidate_details::{EncryptedApplicationDetails, EncryptedString},
crypto::{self, hash_password}, crypto::{self, hash_password},
error::ServiceError, error::ServiceError,
Mutation, Query, responses::CandidateResponse, Mutation, Query, responses::{BaseCandidateResponse, CreateCandidateResponse}, utils::db::get_recipients,
}; };
use super::{session_service::{AdminUser, SessionService}, application_service::ApplicationService}; use super::{session_service::{AdminUser, SessionService}, application_service::ApplicationService, portfolio_service::PortfolioService};
// TODO // TODO
@ -45,12 +43,6 @@ const FIELD_OF_STUDY_PREFIXES: [&str; 3] = ["101", "102", "103"];
pub struct CandidateService; pub struct CandidateService;
impl CandidateService { impl CandidateService {
// Get root path or local directory
fn get_file_store_path() -> PathBuf {
dotenv::dotenv().ok();
Path::new(&std::env::var("STORE_PATH").unwrap_or_else(|_| "".to_string())).to_path_buf()
}
/// Creates a new candidate with: /// Creates a new candidate with:
/// Encrypted personal identification number /// Encrypted personal identification number
/// Hashed password /// Hashed password
@ -69,33 +61,37 @@ impl CandidateService {
// Check if user with that application id already exists // Check if user with that application id already exists
if Query::find_candidate_by_id(db, application_id) if Query::find_candidate_by_id(db, application_id)
.await .await?
.unwrap()
.is_some() .is_some()
{ {
return Err(ServiceError::UserAlreadyExists); return Err(ServiceError::UserAlreadyExists);
} }
PortfolioService::create_user_dir(application_id).await?;
let hashed_password = hash_password(plain_text_password.to_string()).await?; let hashed_password = hash_password(plain_text_password.to_string()).await?;
let (pubkey, priv_key_plain_text) = crypto::create_identity(); let (pubkey, priv_key_plain_text) = crypto::create_identity();
let encrypted_priv_key = crypto::encrypt_password(
priv_key_plain_text,
plain_text_password.to_string()
).await?;
let encrypted_priv_key = let recipients = get_recipients(db, &pubkey).await?;
crypto::encrypt_password(priv_key_plain_text, plain_text_password.to_string()).await?; let enc_personal_id_number = EncryptedString::new(
&personal_id_number,
let hashed_personal_id_number = hash_password(personal_id_number).await?; &recipients,
).await?;
tokio::fs::create_dir_all(Self::get_file_store_path().join(&application_id.to_string()).join("cache")).await?;
let candidate = Mutation::create_candidate( let candidate = Mutation::create_candidate(
db, db,
application_id, application_id,
hashed_password, hashed_password,
hashed_personal_id_number, enc_personal_id_number.to_string(),
pubkey, pubkey,
encrypted_priv_key, encrypted_priv_key,
) )
.await?; .await?;
Ok(candidate) Ok(candidate)
} }
@ -103,7 +99,7 @@ impl CandidateService {
admin_private_key: String, admin_private_key: String,
db: &DbConn, db: &DbConn,
id: i32, id: i32,
) -> Result<String, ServiceError> { ) -> Result<CreateCandidateResponse, ServiceError> {
let candidate = Query::find_candidate_by_id(db, id).await? let candidate = Query::find_candidate_by_id(db, id).await?
.ok_or(ServiceError::CandidateNotFound)?; .ok_or(ServiceError::CandidateNotFound)?;
let parent = Query::find_parent_by_id(db, id).await? let parent = Query::find_parent_by_id(db, id).await?
@ -120,15 +116,30 @@ impl CandidateService {
SessionService::revoke_all_sessions(db, Some(id), None).await?; SessionService::revoke_all_sessions(db, Some(id), None).await?;
Mutation::update_candidate_password_with_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?; Mutation::update_candidate_password_and_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?;
// user might no have filled his details yet, but personal id number is filled from beginning
// TODO: make personal id number required
let personal_id_number = EncryptedString::from(candidate.personal_identification_number.clone())
.decrypt(&admin_private_key)
.await?;
let enc_details_opt = EncryptedApplicationDetails::try_from(
(candidate, parent)
);
let enc_details_opt = EncryptedApplicationDetails::try_from((candidate, parent));
if let Ok(enc_details) = enc_details_opt { if let Ok(enc_details) = enc_details_opt {
let application_details = enc_details.decrypt(admin_private_key).await?; let application_details = enc_details.decrypt(admin_private_key).await?;
ApplicationService::add_all_details(db, id, application_details).await?; ApplicationService::add_all_details(db, id, &application_details).await?;
} }
Ok(new_password_plain) Ok(
CreateCandidateResponse {
application_id: id,
personal_id_number: personal_id_number,
password: new_password_plain,
}
)
} }
pub async fn logout(db: &DbConn, session_id: Uuid) -> Result<(), ServiceError> { pub async fn logout(db: &DbConn, session_id: Uuid) -> Result<(), ServiceError> {
@ -150,7 +161,7 @@ impl CandidateService {
db: &DbConn, db: &DbConn,
field_of_study: Option<String>, field_of_study: Option<String>,
page: Option<u64>, page: Option<u64>,
) -> Result<Vec<CandidateResponse>, ServiceError> { ) -> Result<Vec<BaseCandidateResponse>, ServiceError> {
let candidates = Query::list_candidates( let candidates = Query::list_candidates(
db, db,
@ -158,11 +169,11 @@ impl CandidateService {
page page
).await?; ).await?;
let mut result: Vec<CandidateResponse> = vec![]; let mut result: Vec<BaseCandidateResponse> = vec![];
for candidate in candidates { for candidate in candidates {
result.push( result.push(
CandidateResponse::from_encrypted( BaseCandidateResponse::from_encrypted(
&private_key, &private_key,
candidate.application, candidate.application,
candidate.name, candidate.name,
@ -212,14 +223,10 @@ impl CandidateService {
let session_id = let session_id =
SessionService::new_session(db, Some(candidate_id), None, password.clone(), ip_addr) SessionService::new_session(db, Some(candidate_id), None, password.clone(), ip_addr)
.await; .await?;
match session_id {
Ok(session_id) => { let private_key = Self::decrypt_private_key(candidate, password).await?;
let private_key = Self::decrypt_private_key(candidate, password).await?; Ok((session_id, private_key))
Ok((session_id, private_key))
}
Err(e) => Err(e),
}
} }
pub async fn auth(db: &DbConn, session_uuid: Uuid) -> Result<candidate::Model, ServiceError> { pub async fn auth(db: &DbConn, session_uuid: Uuid) -> Result<candidate::Model, ServiceError> {
@ -247,14 +254,13 @@ impl CandidateService {
pub mod tests { pub mod tests {
use sea_orm::{DbConn}; use sea_orm::{DbConn};
use crate::util::get_memory_sqlite_connection; use crate::candidate_details::tests::assert_all_application_details;
use crate::utils::db::get_memory_sqlite_connection;
use crate::{crypto, services::candidate_service::CandidateService, Mutation}; use crate::{crypto, services::candidate_service::CandidateService, Mutation};
use super::EncryptedApplicationDetails; use super::EncryptedApplicationDetails;
use chrono::NaiveDate;
use entity::{candidate, parent, admin}; use entity::{candidate, parent, admin};
use crate::candidate_details::{ApplicationDetails};
use crate::services::application_service::ApplicationService; use crate::services::application_service::ApplicationService;
const APPLICATION_ID: i32 = 103151; const APPLICATION_ID: i32 = 103151;
@ -282,7 +288,7 @@ pub mod tests {
CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_ok() CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_ok()
); );
let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap(); let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap().password;
assert!( assert!(
CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_err() CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_err()
@ -368,6 +374,8 @@ pub mod tests {
#[cfg(test)] #[cfg(test)]
pub async fn put_user_data(db: &DbConn) -> (candidate::Model, parent::Model) { pub async fn put_user_data(db: &DbConn) -> (candidate::Model, parent::Model) {
use crate::candidate_details::tests::APPLICATION_DETAILS;
let plain_text_password = "test".to_string(); let plain_text_password = "test".to_string();
let (candidate, _parent) = ApplicationService::create_candidate_with_parent( let (candidate, _parent) = ApplicationService::create_candidate_with_parent(
&db, &db,
@ -379,24 +387,9 @@ pub mod tests {
.ok() .ok()
.unwrap(); .unwrap();
let form = ApplicationDetails { let form = APPLICATION_DETAILS.lock().unwrap().clone();
name: "name".to_string(),
surname: "surname".to_string(),
birthplace: "birthplace".to_string(),
birthdate: NaiveDate::from_ymd(2000, 1, 1),
address: "address".to_string(),
telephone: "telephone".to_string(),
citizenship: "citizenship".to_string(),
email: "email".to_string(),
sex: "sex".to_string(),
study: "KB".to_string(),
parent_name: "parent_name".to_string(),
parent_surname: "parent_surname".to_string(),
parent_telephone: "parent_telephone".to_string(),
parent_email: "parent_email".to_string(),
};
ApplicationService::add_all_details(&db, candidate.application, form) ApplicationService::add_all_details(&db, candidate.application, &form)
.await .await
.unwrap() .unwrap()
} }
@ -423,19 +416,6 @@ pub mod tests {
.unwrap(); .unwrap();
let dec_details = enc_details.decrypt(dec_priv_key).await.ok().unwrap(); let dec_details = enc_details.decrypt(dec_priv_key).await.ok().unwrap();
assert_eq!(dec_details.name, "name"); assert_all_application_details(&dec_details);
assert_eq!(dec_details.surname, "surname");
assert_eq!(dec_details.birthplace, "birthplace");
assert_eq!(dec_details.birthdate, NaiveDate::from_ymd(2000, 1, 1));
assert_eq!(dec_details.address, "address");
assert_eq!(dec_details.telephone, "telephone");
assert_eq!(dec_details.citizenship, "citizenship");
assert_eq!(dec_details.email, "email");
assert_eq!(dec_details.sex, "sex");
assert_eq!(dec_details.study, "KB");
assert_eq!(dec_details.parent_name, "parent_name");
assert_eq!(dec_details.parent_surname, "parent_surname");
assert_eq!(dec_details.parent_telephone, "parent_telephone");
assert_eq!(dec_details.parent_email, "parent_email");
} }
} }

View file

@ -145,6 +145,14 @@ impl PortfolioService {
Ok(()) Ok(())
} }
pub async fn create_user_dir(application_id: i32) -> tokio::io::Result<()> {
tokio::fs::create_dir_all(
Self::get_file_store_path()
.join(&application_id.to_string())
.join("cache"))
.await
}
pub async fn add_cover_letter_to_cache( pub async fn add_cover_letter_to_cache(
candidate_id: i32, candidate_id: i32,
@ -324,7 +332,7 @@ impl PortfolioService {
mod tests { mod tests {
use serial_test::serial; use serial_test::serial;
use crate::{services::{portfolio_service::{PortfolioService, FileType}, candidate_service::{CandidateService, tests::put_user_data}}, util::get_memory_sqlite_connection, crypto}; use crate::{services::{portfolio_service::{PortfolioService, FileType}, candidate_service::{CandidateService, tests::put_user_data}}, utils::db::get_memory_sqlite_connection, crypto};
use std::path::PathBuf; use std::path::PathBuf;
const APPLICATION_ID: i32 = 103151; const APPLICATION_ID: i32 = 103151;

View file

@ -172,7 +172,7 @@ mod tests {
use crate::{ use crate::{
crypto, crypto,
services::{application_service::ApplicationService, session_service::SessionService}, services::{application_service::ApplicationService, session_service::SessionService},
util::get_memory_sqlite_connection, utils::db::get_memory_sqlite_connection,
}; };
#[tokio::test] #[tokio::test]

View file

@ -2,6 +2,16 @@ use entity::{admin, candidate, parent, session};
use sea_orm::{Schema, Database, DbConn}; use sea_orm::{Schema, Database, DbConn};
use sea_orm::{sea_query::TableCreateStatement, ConnectionTrait, DbBackend}; use sea_orm::{sea_query::TableCreateStatement, ConnectionTrait, DbBackend};
use crate::Query;
use crate::error::ServiceError;
pub async fn get_recipients(db: &DbConn, candidate_pubkey: &str) -> Result<Vec<String>, ServiceError> {
let mut admin_public_keys = Query::get_all_admin_public_keys(db).await?;
let mut recipients = vec![candidate_pubkey.to_string()];
recipients.append(&mut admin_public_keys);
Ok(recipients)
}
pub async fn get_memory_sqlite_connection() -> sea_orm::DbConn { pub async fn get_memory_sqlite_connection() -> sea_orm::DbConn {
let base_url = "sqlite::memory:"; let base_url = "sqlite::memory:";

View file

@ -1 +1,3 @@
pub mod csv; pub mod csv;
pub mod filetype;
pub mod db;

View file

@ -19,9 +19,9 @@ pub struct Model {
pub email: Option<String>, pub email: Option<String>,
pub sex: Option<String>, pub sex: Option<String>,
pub study: Option<String>, pub study: Option<String>,
pub personal_identification_number: Option<String>, pub personal_identification_number: String,
#[sea_orm(column_type = "Text")] #[sea_orm(column_type = "Text", nullable)]
pub personal_identification_number_hash: String, pub personal_identification_number_hash: Option<String>,
pub public_key: String, pub public_key: String,
pub private_key: String, pub private_key: String,
pub created_at: DateTime, pub created_at: DateTime,
@ -30,16 +30,10 @@ pub struct Model {
#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)] #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
pub enum Relation { pub enum Relation {
#[sea_orm(has_many = "super::parent::Entity")]
Parent,
#[sea_orm(has_many = "super::session::Entity")] #[sea_orm(has_many = "super::session::Entity")]
Session, Session,
} #[sea_orm(has_many = "super::parent::Entity")]
Parent,
impl Related<super::parent::Entity> for Entity {
fn to() -> RelationDef {
Relation::Parent.def()
}
} }
impl Related<super::session::Entity> for Entity { impl Related<super::session::Entity> for Entity {
@ -48,4 +42,10 @@ impl Related<super::session::Entity> for Entity {
} }
} }
impl Related<super::parent::Entity> for Entity {
fn to() -> RelationDef {
Relation::Parent.def()
}
}
impl ActiveModelBehavior for ActiveModel {} impl ActiveModelBehavior for ActiveModel {}

View file

@ -30,8 +30,8 @@ impl MigrationTrait for Migration {
.col(ColumnDef::new(Candidate::Email).string()) .col(ColumnDef::new(Candidate::Email).string())
.col(ColumnDef::new(Candidate::Sex).string()) .col(ColumnDef::new(Candidate::Sex).string())
.col(ColumnDef::new(Candidate::Study).string()) .col(ColumnDef::new(Candidate::Study).string())
.col(ColumnDef::new(Candidate::PersonalIdentificationNumber).string()) .col(ColumnDef::new(Candidate::PersonalIdentificationNumber).string().not_null())
.col(ColumnDef::new(Candidate::PersonalIdentificationNumberHash).text().not_null()) .col(ColumnDef::new(Candidate::PersonalIdentificationNumberHash).text())
.col(ColumnDef::new(Candidate::PublicKey).string().not_null()) .col(ColumnDef::new(Candidate::PublicKey).string().not_null())
.col(ColumnDef::new(Candidate::PrivateKey).string().not_null()) .col(ColumnDef::new(Candidate::PrivateKey).string().not_null())
.col(ColumnDef::new(Candidate::CreatedAt).date_time().not_null()) .col(ColumnDef::new(Candidate::CreatedAt).date_time().not_null())