what2watch/src/login.rs

use argon2::{
    password_hash::{PasswordHash, PasswordVerifier},
    Argon2,
};
use axum::{
    extract::State,
    http::StatusCode,
    response::{IntoResponse, Redirect, Response},
    Form,
};
use sqlx::SqlitePool;

use crate::{util::form_decode, AuthContext, LoginGet, LoginPost, LogoutGet, LogoutPost, User};

//-************************************************************************
// Constants
//-************************************************************************

//-************************************************************************
// Login error and success types
//-************************************************************************

#[Error]
pub struct LoginError(#[from] LoginErrorKind);

#[Error]
#[non_exhaustive]
pub enum LoginErrorKind {
    Internal,
    BadPassword,
    BadUsername,
    Unknown,
}

impl IntoResponse for LoginError {
    fn into_response(self) -> Response {
        match self.0 {
            LoginErrorKind::Internal => (
                StatusCode::INTERNAL_SERVER_ERROR,
                "An unknown error occurred; you cursed, brah?",
            )
                .into_response(),
            LoginErrorKind::Unknown => (StatusCode::OK, "Not successful.").into_response(),
            _ => (StatusCode::OK, format!("{self}")).into_response(),
        }
    }
}

//-************************************************************************
// Login handlers
//-************************************************************************

/// Handle login queries
#[axum::debug_handler]
pub async fn post_login(
    mut auth: AuthContext,
    State(pool): State<SqlitePool>,
    Form(login): Form<LoginPost>,
) -> Result<impl IntoResponse, LoginError> {
    let username = form_decode(&login.username, LoginErrorKind::BadUsername)?;
    let username = username.trim();

    let pw = form_decode(&login.password, LoginErrorKind::BadPassword)?;
    let pw = pw.trim();

    let user = User::try_get(username, &pool)
        .await
        .map_err(|_| LoginErrorKind::Unknown)?;

    let verifier = Argon2::default();
    let hash = PasswordHash::new(&user.pwhash).map_err(|_| LoginErrorKind::Internal)?;
    match verifier.verify_password(pw.as_bytes(), &hash) {
        Ok(_) => {
            // log them in and set a session cookie
            auth.login(&user)
                .await
                .map_err(|_| LoginErrorKind::Internal)?;

            Ok(Redirect::to("/"))
        }
        _ => Err(LoginErrorKind::BadPassword.into()),
    }
}

pub async fn get_login() -> impl IntoResponse {
    LoginGet::default()
}

pub async fn get_logout() -> impl IntoResponse {
    LogoutGet
}

pub async fn post_logout(mut auth: AuthContext) -> impl IntoResponse {
    if auth.current_user.is_some() {
        auth.logout().await;
    }
    LogoutPost
}

#[cfg(test)]
mod test {
    use crate::{
        templates::{LoginGet, LogoutGet, LogoutPost, MainPage},
        test_utils::{get_test_user, massage, server, FORM_CONTENT_TYPE},
    };

    const LOGIN_FORM: &str = "username=test_user&password=a";

    #[tokio::test]
    async fn get_login() {
        let s = server().await;
        let resp = s.get("/login").await;
        let body = std::str::from_utf8(resp.bytes()).unwrap().to_string();
        assert_eq!(body, LoginGet::default().to_string());
    }

    #[tokio::test]
    async fn post_login_success() {
        let s = server().await;

        let body = massage(LOGIN_FORM);

        let resp = s
            .post("/login")
            .expect_failure()
            .content_type(FORM_CONTENT_TYPE)
            .bytes(body)
            .await;
        assert_eq!(resp.status_code(), 303);
    }

    #[tokio::test]
    async fn post_login_bad_user() {
        let s = server().await;

        let form = "username=test_LOSER&password=aaaa";
        let body = massage(form);

        let resp = s
            .post("/login")
            .expect_success()
            .content_type(FORM_CONTENT_TYPE)
            .bytes(body)
            .await;
        assert_eq!(resp.status_code(), 200);
    }

    #[tokio::test]
    async fn post_login_bad_password() {
        let s = server().await;

        let form = "username=test_user&password=bbbb";
        let body = massage(form);

        let resp = s
            .post("/login")
            .expect_success()
            .content_type(FORM_CONTENT_TYPE)
            .bytes(body)
            .await;
        assert_eq!(resp.status_code(), 200);
    }

    #[tokio::test]
    async fn get_logout() {
        let s = server().await;
        let resp = s.get("/logout").await;
        let body = std::str::from_utf8(resp.bytes()).unwrap().to_string();
        assert_eq!(body, LogoutGet.to_string());
    }

    #[tokio::test]
    async fn post_logout_not_logged_in() {
        let s = server().await;
        let resp = s.post("/logout").await;
        resp.assert_status_ok();
        let body = std::str::from_utf8(resp.bytes()).unwrap();
        let default = LogoutPost.to_string();
        assert_eq!(body, &default);
    }

    #[tokio::test]
    async fn post_logout_logged_in() {
        let s = server().await;

        // log in and prove it
        {
            let body = massage(LOGIN_FORM);
            let resp = s
                .post("/login")
                .expect_failure()
                .content_type(FORM_CONTENT_TYPE)
                .bytes(body)
                .await;
            assert_eq!(resp.status_code(), 303);

            let logged_in = MainPage {
                user: Some(get_test_user()),
            }
            .to_string();

            let idx = s.get("/").await;
            let body = std::str::from_utf8(idx.bytes()).unwrap();
            assert_eq!(&logged_in, body);
        }

        let resp = s.post("/logout").await;
        let body = std::str::from_utf8(resp.bytes()).unwrap();
        let default = LogoutPost.to_string();
        assert_eq!(body, &default);
    }
}
Adds working login route. 2023-05-29 00:55:16 +00:00			`use argon2::{`
			`password_hash::{PasswordHash, PasswordVerifier},`
			`Argon2,`
			`};`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`use axum::{`
			`extract::State,`
			`http::StatusCode,`
Adds working login route. 2023-05-29 00:55:16 +00:00			`response::{IntoResponse, Redirect, Response},`
			`Form,`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`};`
			`use sqlx::SqlitePool;`

minor re-org and rename of main page template struct. 2023-06-08 16:16:38 +00:00			`use crate::{util::form_decode, AuthContext, LoginGet, LoginPost, LogoutGet, LogoutPost, User};`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00
Adds working login route. 2023-05-29 00:55:16 +00:00			`//-************************************************************************`
			`// Constants`
			`//-************************************************************************`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00
			`//-************************************************************************`
			`// Login error and success types`
			`//-************************************************************************`

			`#[Error]`
			`pub struct LoginError(#[from] LoginErrorKind);`

			`#[Error]`
			`#[non_exhaustive]`
			`pub enum LoginErrorKind {`
Adds working login route. 2023-05-29 00:55:16 +00:00			`Internal,`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`BadPassword,`
Adds working login route. 2023-05-29 00:55:16 +00:00			`BadUsername,`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`Unknown,`
			`}`

			`impl IntoResponse for LoginError {`
			`fn into_response(self) -> Response {`
			`match self.0 {`
Minor tweaks. 2023-06-02 21:15:13 +00:00			`LoginErrorKind::Internal => (`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`StatusCode::INTERNAL_SERVER_ERROR,`
			`"An unknown error occurred; you cursed, brah?",`
			`)`
			`.into_response(),`
Minor tweaks. 2023-06-02 21:15:13 +00:00			`LoginErrorKind::Unknown => (StatusCode::OK, "Not successful.").into_response(),`
End-to-end web-based signup, login, and logout flows work. 2023-05-29 21:25:50 +00:00			`_ => (StatusCode::OK, format!("{self}")).into_response(),`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`}`
			`}`
			`}`

			`//-************************************************************************`
			`// Login handlers`
			`//-************************************************************************`

			`/// Handle login queries`
			`#[axum::debug_handler]`
			`pub async fn post_login(`
			`mut auth: AuthContext,`
			`State(pool): State<SqlitePool>,`
Adds working login route. 2023-05-29 00:55:16 +00:00			`Form(login): Form<LoginPost>,`
			`) -> Result<impl IntoResponse, LoginError> {`
			`let username = form_decode(&login.username, LoginErrorKind::BadUsername)?;`
			`let username = username.trim();`

			`let pw = form_decode(&login.password, LoginErrorKind::BadPassword)?;`
			`let pw = pw.trim();`

Add middleware to update `last_seen`. 2023-05-30 21:51:52 +00:00			`let user = User::try_get(username, &pool)`
Adds working login route. 2023-05-29 00:55:16 +00:00			`.await`
			`.map_err(\|_\| LoginErrorKind::Unknown)?;`

			`let verifier = Argon2::default();`
			`let hash = PasswordHash::new(&user.pwhash).map_err(\|_\| LoginErrorKind::Internal)?;`
			`match verifier.verify_password(pw.as_bytes(), &hash) {`
			`Ok(_) => {`
			`// log them in and set a session cookie`
			`auth.login(&user)`
			`.await`
			`.map_err(\|_\| LoginErrorKind::Internal)?;`

Minor tweaks. 2023-06-02 21:15:13 +00:00			`Ok(Redirect::to("/"))`
Adds working login route. 2023-05-29 00:55:16 +00:00			`}`
			`_ => Err(LoginErrorKind::BadPassword.into()),`
			`}`
Move login stuff to own module. 2023-05-28 20:44:50 +00:00			`}`

			`pub async fn get_login() -> impl IntoResponse {`
			`LoginGet::default()`
			`}`
stub out logout 2023-05-29 18:13:12 +00:00
			`pub async fn get_logout() -> impl IntoResponse {`
End-to-end web-based signup, login, and logout flows work. 2023-05-29 21:25:50 +00:00			`LogoutGet`
stub out logout 2023-05-29 18:13:12 +00:00			`}`

End-to-end web-based signup, login, and logout flows work. 2023-05-29 21:25:50 +00:00			`pub async fn post_logout(mut auth: AuthContext) -> impl IntoResponse {`
			`if auth.current_user.is_some() {`
			`auth.logout().await;`
			`}`
			`LogoutPost`
stub out logout 2023-05-29 18:13:12 +00:00			`}`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00
			`#[cfg(test)]`
			`mod test {`
			`use crate::{`
minor re-org and rename of main page template struct. 2023-06-08 16:16:38 +00:00			`templates::{LoginGet, LogoutGet, LogoutPost, MainPage},`
Finish signup tests. 2023-06-03 22:45:19 +00:00			`test_utils::{get_test_user, massage, server, FORM_CONTENT_TYPE},`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`};`

Fix broken test and move helpers to test util module. 2023-06-03 00:32:48 +00:00			`const LOGIN_FORM: &str = "username=test_user&password=a";`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00
			`#[tokio::test]`
			`async fn get_login() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`let resp = s.get("/login").await;`
			`let body = std::str::from_utf8(resp.bytes()).unwrap().to_string();`
			`assert_eq!(body, LoginGet::default().to_string());`
			`}`

			`#[tokio::test]`
			`async fn post_login_success() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`let body = massage(LOGIN_FORM);`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00
			`let resp = s`
			`.post("/login")`
			`.expect_failure()`
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`.content_type(FORM_CONTENT_TYPE)`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`.bytes(body)`
			`.await;`
			`assert_eq!(resp.status_code(), 303);`
			`}`

			`#[tokio::test]`
			`async fn post_login_bad_user() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`let form = "username=test_LOSER&password=aaaa";`
			`let body = massage(form);`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00
			`let resp = s`
			`.post("/login")`
			`.expect_success()`
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`.content_type(FORM_CONTENT_TYPE)`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`.bytes(body)`
			`.await;`
			`assert_eq!(resp.status_code(), 200);`
			`}`

More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00			`#[tokio::test]`
			`async fn post_login_bad_password() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`let form = "username=test_user&password=bbbb";`
			`let body = massage(form);`
More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00
			`let resp = s`
			`.post("/login")`
			`.expect_success()`
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`.content_type(FORM_CONTENT_TYPE)`
More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00			`.bytes(body)`
			`.await;`
			`assert_eq!(resp.status_code(), 200);`
			`}`

Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`#[tokio::test]`
			`async fn get_logout() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`let resp = s.get("/logout").await;`
			`let body = std::str::from_utf8(resp.bytes()).unwrap().to_string();`
			`assert_eq!(body, LogoutGet.to_string());`
			`}`

			`#[tokio::test]`
More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00			`async fn post_logout_not_logged_in() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`let resp = s.post("/logout").await;`
			`resp.assert_status_ok();`
			`let body = std::str::from_utf8(resp.bytes()).unwrap();`
			`let default = LogoutPost.to_string();`
			`assert_eq!(body, &default);`
			`}`
More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00
			`#[tokio::test]`
			`async fn post_logout_logged_in() {`
Add more test utils. 2023-06-03 17:11:07 +00:00			`let s = server().await;`
Fix broken test and move helpers to test util module. 2023-06-03 00:32:48 +00:00
			`// log in and prove it`
			`{`
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`let body = massage(LOGIN_FORM);`
Fix broken test and move helpers to test util module. 2023-06-03 00:32:48 +00:00			`let resp = s`
			`.post("/login")`
			`.expect_failure()`
backport test utils improvments to login tests 2023-06-03 20:58:37 +00:00			`.content_type(FORM_CONTENT_TYPE)`
Fix broken test and move helpers to test util module. 2023-06-03 00:32:48 +00:00			`.bytes(body)`
			`.await;`
			`assert_eq!(resp.status_code(), 303);`

minor re-org and rename of main page template struct. 2023-06-08 16:16:38 +00:00			`let logged_in = MainPage {`
Finish signup tests. 2023-06-03 22:45:19 +00:00			`user: Some(get_test_user()),`
Fix broken test and move helpers to test util module. 2023-06-03 00:32:48 +00:00			`}`
			`.to_string();`

			`let idx = s.get("/").await;`
			`let body = std::str::from_utf8(idx.bytes()).unwrap();`
			`assert_eq!(&logged_in, body);`
			`}`
More login testing, added reference user factory fn. 2023-06-03 00:01:59 +00:00
			`let resp = s.post("/logout").await;`
			`let body = std::str::from_utf8(resp.bytes()).unwrap();`
			`let default = LogoutPost.to_string();`
			`assert_eq!(body, &default);`
			`}`
Add tests for login/logout endpoints. Changes in the test DB setup are there to support persistent in-memory DBs for testing. 2023-06-02 21:12:29 +00:00			`}`