update error messages in POST /login
This commit is contained in:
parent
2cd4cf784e
commit
085878f9f8
78
src/main.rs
78
src/main.rs
|
|
@ -114,34 +114,41 @@ async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> status::Cus
|
||||||
}
|
}
|
||||||
|
|
||||||
#[post("/login", data = "<info>")]
|
#[post("/login", data = "<info>")]
|
||||||
async fn login(mut db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> String {
|
async fn login(
|
||||||
|
mut db: Connection<Db>,
|
||||||
|
info: Json<LoginInfo>,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
) -> status::Custom<&'static str> {
|
||||||
let token = cookies.get_private("token");
|
let token = cookies.get_private("token");
|
||||||
match token {
|
match token {
|
||||||
Some(_) => {
|
Some(_) => {
|
||||||
"already logged in".to_string()
|
status::Custom(Status::Continue, "already logged in")
|
||||||
}
|
}
|
||||||
None => {
|
None => {
|
||||||
match User::get_by_username(&mut db, &info.username).await {
|
match User::get_by_username(&mut db, &info.username).await {
|
||||||
Some(user) => {
|
Some(user) => {
|
||||||
if user.password == sha256::digest(&info.password) {
|
if user.password == sha256::digest(&info.password) {
|
||||||
match user.token {
|
match user.token {
|
||||||
Some(t) => {cookies.add_private(("token", t)); "Logged in".to_string()},
|
Some(t) => {cookies.add_private(("token", t)); status::Custom(Status::Ok, "Logged in")},
|
||||||
None => {
|
None => {
|
||||||
match user.set_new_token(&mut db).await {
|
match user.set_new_token(&mut db).await {
|
||||||
Ok(t) => {
|
Ok(t) => {
|
||||||
cookies.add_private(("token", t));
|
cookies.add_private(("token", t));
|
||||||
"logged in".to_string()
|
status::Custom(Status::Ok, "Logged in")
|
||||||
|
},
|
||||||
|
Err(why) => {
|
||||||
|
eprintln!("{why:?}");
|
||||||
|
status::Custom(Status::InternalServerError, "Couldn't generate a token for you, therefore you weren't logged in.")
|
||||||
},
|
},
|
||||||
Err(why) => why,
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None =>
|
None =>
|
||||||
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)"),
|
status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -253,25 +260,29 @@ async fn toggleperms(
|
||||||
cookies: &CookieJar<'_>,
|
cookies: &CookieJar<'_>,
|
||||||
) -> status::Custom<String> {
|
) -> status::Custom<String> {
|
||||||
match cookies.get_private("token") {
|
match cookies.get_private("token") {
|
||||||
Some(t) => match User::get_by_token(&mut db, t).await {
|
Some(t) => {
|
||||||
Some(user) => match user.admin {
|
match User::get_by_token(&mut db, t).await {
|
||||||
true => match User::get_by_username(&mut db, &info.username).await {
|
Some(user) => {
|
||||||
Some(toggled_user) => {
|
match user.admin {
|
||||||
match toggled_user.username == user.username && info.perm == "admin" {
|
true => match User::get_by_username(&mut db, &info.username).await {
|
||||||
true => status::Custom(
|
Some(toggled_user) => {
|
||||||
Status::Forbidden,
|
match toggled_user.username == user.username && info.perm == "admin"
|
||||||
"You can't change your own admin status".to_string(),
|
{
|
||||||
),
|
|
||||||
false => {
|
|
||||||
let admin_username = std::env::var("ADMIN_USERNAME")
|
|
||||||
.expect("set ADMIN_USERNAME env var");
|
|
||||||
match toggled_user.username == admin_username {
|
|
||||||
true => status::Custom(
|
true => status::Custom(
|
||||||
Status::Forbidden,
|
Status::Forbidden,
|
||||||
"You can't change the system admin's perms.".to_string(),
|
"You can't change your own admin status".to_string(),
|
||||||
),
|
),
|
||||||
false => {
|
false => {
|
||||||
match info.perm == "admin"
|
let admin_username = std::env::var("ADMIN_USERNAME")
|
||||||
|
.expect("set ADMIN_USERNAME env var");
|
||||||
|
match toggled_user.username == admin_username {
|
||||||
|
true => status::Custom(
|
||||||
|
Status::Forbidden,
|
||||||
|
"You can't change the system admin's perms."
|
||||||
|
.to_string(),
|
||||||
|
),
|
||||||
|
false => {
|
||||||
|
match info.perm == "admin"
|
||||||
&& user.username != admin_username
|
&& user.username != admin_username
|
||||||
{
|
{
|
||||||
true => status::Custom(
|
true => status::Custom(
|
||||||
|
|
@ -288,20 +299,25 @@ async fn toggleperms(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
None => status::Custom(
|
||||||
|
Status::NotFound,
|
||||||
|
"The user you're trying to toggle perms for doesn't exist."
|
||||||
|
.to_string(),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
false => {
|
||||||
|
status::Custom(Status::Unauthorized, "You aren't an admin.".to_string())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
None => status::Custom(
|
}
|
||||||
Status::NotFound,
|
None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
|
||||||
"The user you're trying to toggle perms for doesn't exist.".to_string(),
|
}
|
||||||
),
|
}
|
||||||
},
|
|
||||||
false => status::Custom(Status::Unauthorized, "You aren't an admin.".to_string()),
|
|
||||||
},
|
|
||||||
None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
|
|
||||||
},
|
|
||||||
None => status::Custom(Status::Unauthorized, "Not logged in".to_string()),
|
None => status::Custom(Status::Unauthorized, "Not logged in".to_string()),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue