diff options
| author | curly <curly@infernal.garden> | 2024-07-17 14:27:34 -0600 |
|---|---|---|
| committer | curly <curly@infernal.garden> | 2024-07-17 14:27:34 -0600 |
| commit | d000e75ab0c20b266e90deec437e02329210db11 (patch) | |
| tree | ede26f9e54c7d6c9b1e2719fde2c2dac15e87027 /src/db.rs | |
| parent | 12c1da413d09d48ce85bb46d0629166ce986b5d6 (diff) | |
| download | poko_server-d000e75ab0c20b266e90deec437e02329210db11.tar.gz poko_server-d000e75ab0c20b266e90deec437e02329210db11.tar.bz2 poko_server-d000e75ab0c20b266e90deec437e02329210db11.zip | |
separate user update forms. require password for deletion
Diffstat (limited to 'src/db.rs')
| -rw-r--r-- | src/db.rs | 54 |
1 files changed, 36 insertions, 18 deletions
@@ -64,8 +64,8 @@ impl User { self.name = new_name; } - fn update_password(&mut self, old_password: String, new_password: String) -> Result<(), String> { - if User::hash(&old_password) == self.hashed_password { + fn update_password(&mut self, old_password: &String, new_password: &String) -> Result<(), String> { + if self.same_password(old_password) { self.hashed_password = User::hash(&new_password); return Ok(()); } else { @@ -73,6 +73,10 @@ impl User { } } + fn same_password(&self, password: &String) -> bool { + User::hash(password) == self.hashed_password + } + fn hash(t: &String) -> String { let hashed = Sha256::digest(&t); let hashed = base16ct::lower::encode_string(&hashed); @@ -202,10 +206,9 @@ impl DB { Err("User Not Found".into()) } - pub async fn update_user(&mut self, id: UID, session: &String, name: String, old_password: String, new_password: String) -> Result<(), String> { + pub async fn update_user_password(&mut self, id: UID, session: &String, old_password: &String, new_password: &String) -> Result<(), String> { self.get_user_authenticated(id, session).await?; let user = self.get_mut_user(id).await?; - user.update_name(name); user.update_password(old_password, new_password)?; self.save().await?; @@ -213,6 +216,16 @@ impl DB { Ok(()) } + pub async fn update_user_name(&mut self, id: UID, session: &String, name: &String) -> Result<(), String> { + self.get_user_authenticated(id, session).await?; + let user = self.get_mut_user(id).await?; + user.update_name(name.clone()); + + self.save().await?; + + Ok(()) + } + pub async fn get_user_authenticated(&self, id: UID, session: &String) -> Result<&User, String> { match self.get_user(id) { Ok(u) => { @@ -316,20 +329,25 @@ impl DB { r } - pub async fn delete_user(&mut self, id: UID, session: &String) -> Result<String, String> { - self.users = self.users.clone().into_iter().filter(|u| !u.authenticate(session) && id != u.id).collect(); - self.uid_generator.delete_uid(id); - - // Validate - let r = match self.get_user(id) { - Ok(_) => Err("Could not delete".into()), - Err(_) => { - Ok("Deleted".into()) - }, - }; - - let _ = self.save().await; - r + pub async fn delete_user(&mut self, id: UID, session: &String, password: &String) -> Result<String, String> { + let u = self.get_user(id)?; + if u.same_password(password) { + self.users = self.users.clone().into_iter().filter(|u| !u.authenticate(session) && id != u.id).collect(); + self.uid_generator.delete_uid(id); + + // Validate + let r = match self.get_user(id) { + Ok(_) => Err("Could not delete".into()), + Err(_) => { + Ok("Deleted".into()) + }, + }; + + let _ = self.save().await; + r + } else { + return Err("Password does not match".into()) + } } pub async fn transfer(&mut self, from: UID, to: UID, session: &String, color: Color, amount: usize) -> Result<(), String> { |