From d000e75ab0c20b266e90deec437e02329210db11 Mon Sep 17 00:00:00 2001 From: curly Date: Wed, 17 Jul 2024 14:27:34 -0600 Subject: separate user update forms. require password for deletion --- src/db.rs | 54 ++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 18 deletions(-) (limited to 'src/db.rs') diff --git a/src/db.rs b/src/db.rs index ba86b91..053142a 100644 --- a/src/db.rs +++ b/src/db.rs @@ -64,8 +64,8 @@ impl User { self.name = new_name; } - fn update_password(&mut self, old_password: String, new_password: String) -> Result<(), String> { - if User::hash(&old_password) == self.hashed_password { + fn update_password(&mut self, old_password: &String, new_password: &String) -> Result<(), String> { + if self.same_password(old_password) { self.hashed_password = User::hash(&new_password); return Ok(()); } else { @@ -73,6 +73,10 @@ impl User { } } + fn same_password(&self, password: &String) -> bool { + User::hash(password) == self.hashed_password + } + fn hash(t: &String) -> String { let hashed = Sha256::digest(&t); let hashed = base16ct::lower::encode_string(&hashed); @@ -202,10 +206,9 @@ impl DB { Err("User Not Found".into()) } - pub async fn update_user(&mut self, id: UID, session: &String, name: String, old_password: String, new_password: String) -> Result<(), String> { + pub async fn update_user_password(&mut self, id: UID, session: &String, old_password: &String, new_password: &String) -> Result<(), String> { self.get_user_authenticated(id, session).await?; let user = self.get_mut_user(id).await?; - user.update_name(name); user.update_password(old_password, new_password)?; self.save().await?; @@ -213,6 +216,16 @@ impl DB { Ok(()) } + pub async fn update_user_name(&mut self, id: UID, session: &String, name: &String) -> Result<(), String> { + self.get_user_authenticated(id, session).await?; + let user = self.get_mut_user(id).await?; + user.update_name(name.clone()); + + self.save().await?; + + Ok(()) + } + pub async fn get_user_authenticated(&self, id: UID, session: &String) -> Result<&User, String> { match self.get_user(id) { Ok(u) => { @@ -316,20 +329,25 @@ impl DB { r } - pub async fn delete_user(&mut self, id: UID, session: &String) -> Result { - self.users = self.users.clone().into_iter().filter(|u| !u.authenticate(session) && id != u.id).collect(); - self.uid_generator.delete_uid(id); - - // Validate - let r = match self.get_user(id) { - Ok(_) => Err("Could not delete".into()), - Err(_) => { - Ok("Deleted".into()) - }, - }; - - let _ = self.save().await; - r + pub async fn delete_user(&mut self, id: UID, session: &String, password: &String) -> Result { + let u = self.get_user(id)?; + if u.same_password(password) { + self.users = self.users.clone().into_iter().filter(|u| !u.authenticate(session) && id != u.id).collect(); + self.uid_generator.delete_uid(id); + + // Validate + let r = match self.get_user(id) { + Ok(_) => Err("Could not delete".into()), + Err(_) => { + Ok("Deleted".into()) + }, + }; + + let _ = self.save().await; + r + } else { + return Err("Password does not match".into()) + } } pub async fn transfer(&mut self, from: UID, to: UID, session: &String, color: Color, amount: usize) -> Result<(), String> { -- cgit v1.2.3