refactor: reset password response

2026-06-13 03:22:29 +00:00 · 2022-11-27 11:44:08 +01:00 · 2022-11-27 11:44:08 +01:00 · 8a9b7a4ae4
commit 8a9b7a4ae4
parent 314138a111
3 changed files with 34 additions and 16 deletions
--- a/api/src/routes/admin.rs
+++ b/api/src/routes/admin.rs
@ -11,7 +11,7 @@ use rocket::serde::json::Json;

 use sea_orm_rocket::Connection;

-use crate::{guards::request::{auth::AdminAuth, self}, pool::Db, requests};
+use crate::{guards::request::{auth::AdminAuth}, pool::Db, requests};

 #[post("/login", data = "<login_form>")]
 pub async fn login(
@ -161,15 +161,17 @@ pub async fn reset_candidate_password(
    conn: Connection<'_, Db>,
    session: AdminAuth,
    id: i32,
-) -> Result<String, Custom<String>> {
+) -> Result<Json<CreateCandidateResponse>, Custom<String>> {
    let db = conn.into_inner();
    let private_key = session.get_private_key();

-    let new_password = CandidateService::reset_password(private_key, db, id)
+    let response = CandidateService::reset_password(private_key, db, id)
        .await
        .map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?;

-    Ok(new_password)
+    Ok(
+        Json(response)
+    )
 }

 #[get("/candidate/<id>/portfolio")]
@ -188,6 +190,7 @@ pub async fn get_candidate_portfolio(

 #[cfg(test)]
 pub mod tests {
+    use portfolio_core::responses::CreateCandidateResponse;
    use rocket::{local::blocking::Client, http::{Cookie, Status}};

    use crate::test::tests::{test_client, ADMIN_PASSWORD, ADMIN_ID};
@ -216,7 +219,7 @@ pub mod tests {
        cookies: (Cookie, Cookie),
        id: i32,
        pid: String,
-    ) -> String {
+    ) -> CreateCandidateResponse {
        let response = client
            .post("/admin/create")
            .body(format!(
@ -232,15 +235,15 @@ pub mod tests {

        assert_eq!(response.status(), Status::Ok);

-        response.into_string().unwrap()
+        response.into_json::<CreateCandidateResponse>().unwrap()
    }

    #[test]
    fn test_create_candidate() {
        let client = test_client().lock().unwrap();
        let cookies = admin_login(&client);
-        let password = create_candidate(&client, cookies, 1031511, "0".to_string());
+        let response = create_candidate(&client, cookies, 1031511, "0".to_string());
    
-        assert_eq!(password.len(), 8);
+        assert_eq!(response.password.len(), 8);
    }
 }
--- a/core/src/responses.rs
+++ b/core/src/responses.rs
@ -1,8 +1,8 @@
-use serde::Serialize;
+use serde::{Serialize, Deserialize};

 use crate::{candidate_details::EncryptedString, error::ServiceError};

-#[derive(Debug, Serialize)]
+#[derive(Debug, Serialize, Deserialize)]
 pub struct CreateCandidateResponse {
    pub application_id: i32,
    pub personal_id_number: String,
--- a/core/src/services/candidate_service.rs
+++ b/core/src/services/candidate_service.rs
@ -4,10 +4,10 @@ use entity::candidate;
 use sea_orm::{prelude::Uuid, DbConn};

 use crate::{
-    candidate_details::{EncryptedApplicationDetails},
+    candidate_details::{EncryptedApplicationDetails, EncryptedString},
    crypto::{self, hash_password},
    error::ServiceError,
-    Mutation, Query, responses::BaseCandidateResponse,
+    Mutation, Query, responses::{BaseCandidateResponse, CreateCandidateResponse},
 };

 use super::{session_service::{AdminUser, SessionService}, application_service::ApplicationService};
@ -103,7 +103,7 @@ impl CandidateService {
        admin_private_key: String,
        db: &DbConn,
        id: i32,
-    ) -> Result<String, ServiceError> {
+    ) -> Result<CreateCandidateResponse, ServiceError> {
        let candidate = Query::find_candidate_by_id(db, id).await?
            .ok_or(ServiceError::CandidateNotFound)?;
        let parent = Query::find_parent_by_id(db, id).await?
@ -122,13 +122,28 @@ impl CandidateService {
        SessionService::revoke_all_sessions(db, Some(id), None).await?;
        Mutation::update_candidate_password_with_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?;
        
-        let enc_details_opt = EncryptedApplicationDetails::try_from((candidate, parent));
+        // user might no have filled his details yet, but personal id number is filled from beginning
+        // TODO: make personal id number required
+        let personal_id_number = EncryptedString::try_from(candidate.personal_identification_number.clone())?
+            .decrypt(&admin_private_key)
+            .await?;
+        
+        let enc_details_opt = EncryptedApplicationDetails::try_from(
+            (candidate, parent)
+        );
+        
        if let Ok(enc_details) = enc_details_opt {
            let application_details = enc_details.decrypt(admin_private_key).await?;
            ApplicationService::add_all_details(db, id, &application_details).await?;
        }

-        Ok(new_password_plain)
+        Ok(
+            CreateCandidateResponse {
+                application_id: id,
+                personal_id_number: personal_id_number,
+                password: new_password_plain,
+            }
+        )
    }

    pub async fn logout(db: &DbConn, session_id: Uuid) -> Result<(), ServiceError> {
@ -281,7 +296,7 @@ pub mod tests {
            CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_ok()
        );

-        let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap();
+        let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap().password;

        assert!(
            CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_err()