From 8a9b7a4ae4cbea453ce4bc388b50f0d73656bb66 Mon Sep 17 00:00:00 2001 From: Sebastian Pravda Date: Sun, 27 Nov 2022 11:44:08 +0100 Subject: [PATCH] refactor: reset password response --- api/src/routes/admin.rs | 19 ++++++++++-------- core/src/responses.rs | 4 ++-- core/src/services/candidate_service.rs | 27 ++++++++++++++++++++------ 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/api/src/routes/admin.rs b/api/src/routes/admin.rs index c71e383..904527c 100644 --- a/api/src/routes/admin.rs +++ b/api/src/routes/admin.rs @@ -11,7 +11,7 @@ use rocket::serde::json::Json; use sea_orm_rocket::Connection; -use crate::{guards::request::{auth::AdminAuth, self}, pool::Db, requests}; +use crate::{guards::request::{auth::AdminAuth}, pool::Db, requests}; #[post("/login", data = "")] pub async fn login( @@ -161,15 +161,17 @@ pub async fn reset_candidate_password( conn: Connection<'_, Db>, session: AdminAuth, id: i32, -) -> Result> { +) -> Result, Custom> { let db = conn.into_inner(); let private_key = session.get_private_key(); - let new_password = CandidateService::reset_password(private_key, db, id) + let response = CandidateService::reset_password(private_key, db, id) .await .map_err(|e| Custom(Status::from_code(e.code()).unwrap(), e.to_string()))?; - Ok(new_password) + Ok( + Json(response) + ) } #[get("/candidate//portfolio")] @@ -188,6 +190,7 @@ pub async fn get_candidate_portfolio( #[cfg(test)] pub mod tests { + use portfolio_core::responses::CreateCandidateResponse; use rocket::{local::blocking::Client, http::{Cookie, Status}}; use crate::test::tests::{test_client, ADMIN_PASSWORD, ADMIN_ID}; @@ -216,7 +219,7 @@ pub mod tests { cookies: (Cookie, Cookie), id: i32, pid: String, - ) -> String { + ) -> CreateCandidateResponse { let response = client .post("/admin/create") .body(format!( @@ -232,15 +235,15 @@ pub mod tests { assert_eq!(response.status(), Status::Ok); - response.into_string().unwrap() + response.into_json::().unwrap() } #[test] fn test_create_candidate() { let client = test_client().lock().unwrap(); let cookies = admin_login(&client); - let password = create_candidate(&client, cookies, 1031511, "0".to_string()); + let response = create_candidate(&client, cookies, 1031511, "0".to_string()); - assert_eq!(password.len(), 8); + assert_eq!(response.password.len(), 8); } } \ No newline at end of file diff --git a/core/src/responses.rs b/core/src/responses.rs index 967ee0b..a1ccf56 100644 --- a/core/src/responses.rs +++ b/core/src/responses.rs @@ -1,8 +1,8 @@ -use serde::Serialize; +use serde::{Serialize, Deserialize}; use crate::{candidate_details::EncryptedString, error::ServiceError}; -#[derive(Debug, Serialize)] +#[derive(Debug, Serialize, Deserialize)] pub struct CreateCandidateResponse { pub application_id: i32, pub personal_id_number: String, diff --git a/core/src/services/candidate_service.rs b/core/src/services/candidate_service.rs index c750990..4b1033f 100644 --- a/core/src/services/candidate_service.rs +++ b/core/src/services/candidate_service.rs @@ -4,10 +4,10 @@ use entity::candidate; use sea_orm::{prelude::Uuid, DbConn}; use crate::{ - candidate_details::{EncryptedApplicationDetails}, + candidate_details::{EncryptedApplicationDetails, EncryptedString}, crypto::{self, hash_password}, error::ServiceError, - Mutation, Query, responses::BaseCandidateResponse, + Mutation, Query, responses::{BaseCandidateResponse, CreateCandidateResponse}, }; use super::{session_service::{AdminUser, SessionService}, application_service::ApplicationService}; @@ -103,7 +103,7 @@ impl CandidateService { admin_private_key: String, db: &DbConn, id: i32, - ) -> Result { + ) -> Result { let candidate = Query::find_candidate_by_id(db, id).await? .ok_or(ServiceError::CandidateNotFound)?; let parent = Query::find_parent_by_id(db, id).await? @@ -122,13 +122,28 @@ impl CandidateService { SessionService::revoke_all_sessions(db, Some(id), None).await?; Mutation::update_candidate_password_with_keys(db, candidate.clone(), new_password_hash, pubkey, encrypted_priv_key).await?; - let enc_details_opt = EncryptedApplicationDetails::try_from((candidate, parent)); + // user might no have filled his details yet, but personal id number is filled from beginning + // TODO: make personal id number required + let personal_id_number = EncryptedString::try_from(candidate.personal_identification_number.clone())? + .decrypt(&admin_private_key) + .await?; + + let enc_details_opt = EncryptedApplicationDetails::try_from( + (candidate, parent) + ); + if let Ok(enc_details) = enc_details_opt { let application_details = enc_details.decrypt(admin_private_key).await?; ApplicationService::add_all_details(db, id, &application_details).await?; } - Ok(new_password_plain) + Ok( + CreateCandidateResponse { + application_id: id, + personal_id_number: personal_id_number, + password: new_password_plain, + } + ) } pub async fn logout(db: &DbConn, session_id: Uuid) -> Result<(), ServiceError> { @@ -281,7 +296,7 @@ pub mod tests { CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_ok() ); - let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap(); + let new_password = CandidateService::reset_password(private_key, &db, candidate.application).await.unwrap().password; assert!( CandidateService::login(&db, candidate.application, "test".to_string(), "127.0.0.1".to_string()).await.is_err()