2021-10-04 21:21:10 +05:30
|
|
|
/*
|
2023-01-24 19:25:56 +05:30
|
|
|
* Copyright (C) 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
2021-10-04 21:21:10 +05:30
|
|
|
*
|
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
* License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
*/
|
2023-01-24 19:25:56 +05:30
|
|
|
use std::cell::RefCell;
|
|
|
|
|
2021-10-04 21:21:10 +05:30
|
|
|
use actix_identity::Identity;
|
2023-01-24 19:25:56 +05:30
|
|
|
use actix_web::http::header::{self, ContentType};
|
|
|
|
use tera::Context;
|
2021-10-04 21:21:10 +05:30
|
|
|
|
2021-10-13 14:11:39 +05:30
|
|
|
use crate::api::v1::admin::auth::runners;
|
2021-10-13 14:28:18 +05:30
|
|
|
use crate::api::v1::RedirectQuery;
|
2023-01-24 19:25:56 +05:30
|
|
|
use crate::pages::errors::*;
|
|
|
|
use crate::settings::Settings;
|
2021-10-04 21:21:10 +05:30
|
|
|
use crate::AppData;
|
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
pub use super::*;
|
|
|
|
|
|
|
|
pub struct Login {
|
|
|
|
ctx: RefCell<Context>,
|
2021-10-04 21:21:10 +05:30
|
|
|
}
|
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
pub const LOGIN: TemplateFile = TemplateFile::new("login", "auth/login/index.html");
|
2021-10-04 21:21:10 +05:30
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
impl CtxError for Login {
|
|
|
|
fn with_error(&self, e: &ReadableError) -> String {
|
|
|
|
self.ctx.borrow_mut().insert(ERROR_KEY, e);
|
|
|
|
self.render()
|
2021-10-04 21:21:10 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
impl Login {
|
|
|
|
pub fn new(settings: &Settings) -> Self {
|
|
|
|
let ctx = RefCell::new(context(settings, "Login"));
|
|
|
|
Self { ctx }
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn render(&self) -> String {
|
|
|
|
TEMPLATES.render(LOGIN.name, &self.ctx.borrow()).unwrap()
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn page(s: &Settings) -> String {
|
|
|
|
let p = Self::new(s);
|
|
|
|
p.render()
|
2021-10-04 21:21:10 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
#[actix_web_codegen_const_routes::get(path = "PAGES.auth.login")]
|
|
|
|
#[tracing::instrument(name = "Serve login page", skip(ctx))]
|
|
|
|
pub async fn get_login(ctx: AppData) -> impl Responder {
|
|
|
|
let login = Login::page(&ctx.settings);
|
|
|
|
let html = ContentType::html();
|
|
|
|
HttpResponse::Ok().content_type(html).body(login)
|
2021-10-04 21:21:10 +05:30
|
|
|
}
|
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
pub fn services(cfg: &mut web::ServiceConfig) {
|
|
|
|
cfg.service(get_login);
|
|
|
|
cfg.service(login_submit);
|
2021-10-04 21:21:10 +05:30
|
|
|
}
|
|
|
|
|
2023-01-24 19:25:56 +05:30
|
|
|
#[actix_web_codegen_const_routes::post(path = "PAGES.auth.login")]
|
|
|
|
#[tracing::instrument(name = "Web UI Login", skip(id, payload, data, path))]
|
2021-10-04 21:21:10 +05:30
|
|
|
pub async fn login_submit(
|
|
|
|
id: Identity,
|
|
|
|
payload: web::Form<runners::Login>,
|
|
|
|
data: AppData,
|
2021-10-13 14:28:18 +05:30
|
|
|
path: web::Path<RedirectQuery>,
|
2023-01-24 19:25:56 +05:30
|
|
|
) -> PageResult<impl Responder, Login> {
|
2021-10-04 21:21:10 +05:30
|
|
|
let payload = payload.into_inner();
|
2023-01-24 19:25:56 +05:30
|
|
|
let username = runners::login_runner(&payload, &data)
|
|
|
|
.await
|
|
|
|
.map_err(|e| PageError::new(Login::new(&data.settings), e))?;
|
|
|
|
|
|
|
|
id.remember(username);
|
|
|
|
let path = path.into_inner();
|
|
|
|
if let Some(redirect_to) = path.redirect_to {
|
|
|
|
Ok(HttpResponse::Found()
|
|
|
|
.insert_header((header::LOCATION, redirect_to))
|
|
|
|
.finish())
|
|
|
|
} else {
|
|
|
|
Ok(HttpResponse::Found()
|
|
|
|
.insert_header((header::LOCATION, PAGES.home))
|
|
|
|
.finish())
|
2021-10-04 21:21:10 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
|
|
|
use actix_web::test;
|
|
|
|
|
|
|
|
use super::*;
|
|
|
|
|
2021-10-13 14:11:39 +05:30
|
|
|
use crate::api::v1::admin::auth::runners::{Login, Register};
|
2021-10-04 21:21:10 +05:30
|
|
|
use crate::tests::*;
|
|
|
|
use crate::*;
|
|
|
|
use actix_web::http::StatusCode;
|
|
|
|
|
|
|
|
#[actix_rt::test]
|
|
|
|
async fn auth_form_works() {
|
2023-01-24 19:25:56 +05:30
|
|
|
let data = get_test_data().await;
|
2021-10-04 21:21:10 +05:30
|
|
|
const NAME: &str = "testuserform";
|
|
|
|
const PASSWORD: &str = "longpassword";
|
|
|
|
|
|
|
|
let app = get_app!(data).await;
|
|
|
|
|
|
|
|
delete_user(NAME, &data).await;
|
|
|
|
|
|
|
|
// 1. Register with email == None
|
|
|
|
let msg = Register {
|
|
|
|
username: NAME.into(),
|
|
|
|
password: PASSWORD.into(),
|
|
|
|
confirm_password: PASSWORD.into(),
|
|
|
|
email: None,
|
|
|
|
};
|
|
|
|
let resp = test::call_service(
|
|
|
|
&app,
|
2021-10-13 14:11:39 +05:30
|
|
|
post_request!(&msg, V1_API_ROUTES.admin.auth.register).to_request(),
|
2021-10-04 21:21:10 +05:30
|
|
|
)
|
|
|
|
.await;
|
|
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
|
|
|
|
|
|
// correct form login
|
|
|
|
let msg = Login {
|
|
|
|
login: NAME.into(),
|
|
|
|
password: PASSWORD.into(),
|
|
|
|
};
|
|
|
|
|
|
|
|
let resp = test::call_service(
|
|
|
|
&app,
|
|
|
|
post_request!(&msg, PAGES.auth.login, FORM).to_request(),
|
|
|
|
)
|
|
|
|
.await;
|
|
|
|
assert_eq!(resp.status(), StatusCode::FOUND);
|
|
|
|
let headers = resp.headers();
|
|
|
|
assert_eq!(headers.get(header::LOCATION).unwrap(), PAGES.home,);
|
|
|
|
|
|
|
|
// incorrect form login
|
|
|
|
let msg = Login {
|
|
|
|
login: NAME.into(),
|
|
|
|
password: NAME.into(),
|
|
|
|
};
|
|
|
|
let resp = test::call_service(
|
|
|
|
&app,
|
|
|
|
post_request!(&msg, PAGES.auth.login, FORM).to_request(),
|
|
|
|
)
|
|
|
|
.await;
|
|
|
|
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
|
|
|
|
|
|
|
|
// non-existent form login
|
|
|
|
let msg = Login {
|
|
|
|
login: PASSWORD.into(),
|
|
|
|
password: PASSWORD.into(),
|
|
|
|
};
|
|
|
|
let resp = test::call_service(
|
|
|
|
&app,
|
|
|
|
post_request!(&msg, PAGES.auth.login, FORM).to_request(),
|
|
|
|
)
|
|
|
|
.await;
|
|
|
|
assert_eq!(resp.status(), StatusCode::NOT_FOUND);
|
|
|
|
}
|
|
|
|
}
|