162 lines
4.5 KiB
Rust
162 lines
4.5 KiB
Rust
// Copyright (C) 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
|
// SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
|
//
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
use std::cell::RefCell;
|
|
|
|
use actix_identity::Identity;
|
|
use actix_web::http::header::{self, ContentType};
|
|
use tera::Context;
|
|
|
|
use crate::api::v1::admin::auth::runners;
|
|
use crate::api::v1::RedirectQuery;
|
|
use crate::pages::errors::*;
|
|
use crate::settings::Settings;
|
|
use crate::AppData;
|
|
|
|
pub use super::*;
|
|
|
|
pub struct Login {
|
|
ctx: RefCell<Context>,
|
|
}
|
|
|
|
pub const LOGIN: TemplateFile = TemplateFile::new("login", "auth/login/index.html");
|
|
|
|
impl CtxError for Login {
|
|
fn with_error(&self, e: &ReadableError) -> String {
|
|
self.ctx.borrow_mut().insert(ERROR_KEY, e);
|
|
self.render()
|
|
}
|
|
}
|
|
|
|
impl Login {
|
|
pub fn new(settings: &Settings) -> Self {
|
|
let ctx = RefCell::new(context(settings, "Login"));
|
|
Self { ctx }
|
|
}
|
|
|
|
pub fn render(&self) -> String {
|
|
TEMPLATES.render(LOGIN.name, &self.ctx.borrow()).unwrap()
|
|
}
|
|
|
|
pub fn page(s: &Settings) -> String {
|
|
let p = Self::new(s);
|
|
p.render()
|
|
}
|
|
}
|
|
|
|
#[actix_web_codegen_const_routes::get(path = "PAGES.auth.login")]
|
|
#[tracing::instrument(name = "Serve login page", skip(ctx))]
|
|
pub async fn get_login(ctx: AppData) -> impl Responder {
|
|
let login = Login::page(&ctx.settings);
|
|
let html = ContentType::html();
|
|
HttpResponse::Ok().content_type(html).body(login)
|
|
}
|
|
|
|
pub fn services(cfg: &mut web::ServiceConfig) {
|
|
cfg.service(get_login);
|
|
cfg.service(login_submit);
|
|
}
|
|
|
|
#[actix_web_codegen_const_routes::post(path = "PAGES.auth.login")]
|
|
#[tracing::instrument(name = "Web UI Login", skip(id, payload, data, path))]
|
|
pub async fn login_submit(
|
|
id: Identity,
|
|
payload: web::Form<runners::Login>,
|
|
data: AppData,
|
|
path: web::Path<RedirectQuery>,
|
|
) -> PageResult<impl Responder, Login> {
|
|
let payload = payload.into_inner();
|
|
let username = runners::login_runner(&payload, &data)
|
|
.await
|
|
.map_err(|e| PageError::new(Login::new(&data.settings), e))?;
|
|
|
|
id.remember(username);
|
|
let path = path.into_inner();
|
|
if let Some(redirect_to) = path.redirect_to {
|
|
Ok(HttpResponse::Found()
|
|
.insert_header((header::LOCATION, redirect_to))
|
|
.finish())
|
|
} else {
|
|
Ok(HttpResponse::Found()
|
|
.insert_header((header::LOCATION, PAGES.home))
|
|
.finish())
|
|
}
|
|
}
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use actix_web::test;
|
|
|
|
use super::*;
|
|
|
|
use crate::api::v1::admin::auth::runners::{Login, Register};
|
|
use crate::tests::*;
|
|
use crate::*;
|
|
use actix_web::http::StatusCode;
|
|
|
|
#[actix_rt::test]
|
|
async fn auth_form_works() {
|
|
let data = get_test_data().await;
|
|
const NAME: &str = "testuserform";
|
|
const PASSWORD: &str = "longpassword";
|
|
|
|
let app = get_app!(data).await;
|
|
|
|
delete_user(NAME, &data).await;
|
|
|
|
// 1. Register with email == None
|
|
let msg = Register {
|
|
username: NAME.into(),
|
|
password: PASSWORD.into(),
|
|
confirm_password: PASSWORD.into(),
|
|
email: None,
|
|
};
|
|
let resp = test::call_service(
|
|
&app,
|
|
post_request!(&msg, V1_API_ROUTES.admin.auth.register).to_request(),
|
|
)
|
|
.await;
|
|
assert_eq!(resp.status(), StatusCode::OK);
|
|
|
|
// correct form login
|
|
let msg = Login {
|
|
login: NAME.into(),
|
|
password: PASSWORD.into(),
|
|
};
|
|
|
|
let resp = test::call_service(
|
|
&app,
|
|
post_request!(&msg, PAGES.auth.login, FORM).to_request(),
|
|
)
|
|
.await;
|
|
assert_eq!(resp.status(), StatusCode::FOUND);
|
|
let headers = resp.headers();
|
|
assert_eq!(headers.get(header::LOCATION).unwrap(), PAGES.home,);
|
|
|
|
// incorrect form login
|
|
let msg = Login {
|
|
login: NAME.into(),
|
|
password: NAME.into(),
|
|
};
|
|
let resp = test::call_service(
|
|
&app,
|
|
post_request!(&msg, PAGES.auth.login, FORM).to_request(),
|
|
)
|
|
.await;
|
|
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
|
|
|
|
// non-existent form login
|
|
let msg = Login {
|
|
login: PASSWORD.into(),
|
|
password: PASSWORD.into(),
|
|
};
|
|
let resp = test::call_service(
|
|
&app,
|
|
post_request!(&msg, PAGES.auth.login, FORM).to_request(),
|
|
)
|
|
.await;
|
|
assert_eq!(resp.status(), StatusCode::NOT_FOUND);
|
|
}
|
|
}
|