update error messages in POST /login

This commit is contained in:
SadlyNotSappho 2024-03-22 11:19:22 -07:00
parent 2cd4cf784e
commit 085878f9f8
1 changed files with 47 additions and 31 deletions

View File

@ -114,34 +114,41 @@ async fn account(mut db: Connection<Db>, cookies: &CookieJar<'_>) -> status::Cus
} }
#[post("/login", data = "<info>")] #[post("/login", data = "<info>")]
async fn login(mut db: Connection<Db>, info: Json<LoginInfo>, cookies: &CookieJar<'_>) -> String { async fn login(
mut db: Connection<Db>,
info: Json<LoginInfo>,
cookies: &CookieJar<'_>,
) -> status::Custom<&'static str> {
let token = cookies.get_private("token"); let token = cookies.get_private("token");
match token { match token {
Some(_) => { Some(_) => {
"already logged in".to_string() status::Custom(Status::Continue, "already logged in")
} }
None => { None => {
match User::get_by_username(&mut db, &info.username).await { match User::get_by_username(&mut db, &info.username).await {
Some(user) => { Some(user) => {
if user.password == sha256::digest(&info.password) { if user.password == sha256::digest(&info.password) {
match user.token { match user.token {
Some(t) => {cookies.add_private(("token", t)); "Logged in".to_string()}, Some(t) => {cookies.add_private(("token", t)); status::Custom(Status::Ok, "Logged in")},
None => { None => {
match user.set_new_token(&mut db).await { match user.set_new_token(&mut db).await {
Ok(t) => { Ok(t) => {
cookies.add_private(("token", t)); cookies.add_private(("token", t));
"logged in".to_string() status::Custom(Status::Ok, "Logged in")
},
Err(why) => {
eprintln!("{why:?}");
status::Custom(Status::InternalServerError, "Couldn't generate a token for you, therefore you weren't logged in.")
}, },
Err(why) => why,
} }
} }
} }
} else { } else {
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)") status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
} }
} }
None => None =>
String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)"), status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)")
} }
} }
} }
@ -253,25 +260,29 @@ async fn toggleperms(
cookies: &CookieJar<'_>, cookies: &CookieJar<'_>,
) -> status::Custom<String> { ) -> status::Custom<String> {
match cookies.get_private("token") { match cookies.get_private("token") {
Some(t) => match User::get_by_token(&mut db, t).await { Some(t) => {
Some(user) => match user.admin { match User::get_by_token(&mut db, t).await {
true => match User::get_by_username(&mut db, &info.username).await { Some(user) => {
Some(toggled_user) => { match user.admin {
match toggled_user.username == user.username && info.perm == "admin" { true => match User::get_by_username(&mut db, &info.username).await {
true => status::Custom( Some(toggled_user) => {
Status::Forbidden, match toggled_user.username == user.username && info.perm == "admin"
"You can't change your own admin status".to_string(), {
),
false => {
let admin_username = std::env::var("ADMIN_USERNAME")
.expect("set ADMIN_USERNAME env var");
match toggled_user.username == admin_username {
true => status::Custom( true => status::Custom(
Status::Forbidden, Status::Forbidden,
"You can't change the system admin's perms.".to_string(), "You can't change your own admin status".to_string(),
), ),
false => { false => {
match info.perm == "admin" let admin_username = std::env::var("ADMIN_USERNAME")
.expect("set ADMIN_USERNAME env var");
match toggled_user.username == admin_username {
true => status::Custom(
Status::Forbidden,
"You can't change the system admin's perms."
.to_string(),
),
false => {
match info.perm == "admin"
&& user.username != admin_username && user.username != admin_username
{ {
true => status::Custom( true => status::Custom(
@ -288,20 +299,25 @@ async fn toggleperms(
} }
} }
} }
}
}
} }
} }
} }
None => status::Custom(
Status::NotFound,
"The user you're trying to toggle perms for doesn't exist."
.to_string(),
),
},
false => {
status::Custom(Status::Unauthorized, "You aren't an admin.".to_string())
} }
} }
None => status::Custom( }
Status::NotFound, None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
"The user you're trying to toggle perms for doesn't exist.".to_string(), }
), }
},
false => status::Custom(Status::Unauthorized, "You aren't an admin.".to_string()),
},
None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()),
},
None => status::Custom(Status::Unauthorized, "Not logged in".to_string()), None => status::Custom(Status::Unauthorized, "Not logged in".to_string()),
} }
} }