Register form and confirmation messages

README.md

@@ -8,3 +8,10 @@ sudo apt install pkg-config
 sudo apt install libssl-dev
 cargo install sqlx-cli --no-default-features --features rustls,postgres
 ```
+
+## TODO
+
+- Register form on homepage
+- Success message displayed to new subscriber who confirmed his account
+- Worker to remove idempotency key from database
+- List of subscribers (confirmed and unconfirmed) on admin dashboard

configuration/base.yaml

@@ -1,14 +1,6 @@
 application:
   port: 8000
 database:
-  host: "127.0.0.1"
-  port: 5432
-  username: "postgres"
-  password: "password"
   database_name: "newsletter"
 email_client:
-  base_url: "http://127.0.0.1"
-  sender_email: "sender@example.com"
-  authorization_token: "my-secret-token"
   timeout_milliseconds: 10000
-redis_uri: "redis://127.0.0.1:6379"

configuration/local.yaml

@@ -2,4 +2,13 @@ application:
   host: "127.0.0.1"
   base_url: "http://127.0.0.1:8000"
 database:
+  host: "127.0.0.1"
+  port: 5432
+  username: "postgres"
+  password: "password"
   require_ssl: false
+email_client:
+  base_url: "https://api.mailersend.com"
+  sender_email: "MS_PTrumQ@test-r6ke4n1mmzvgon12.mlsender.net"
+  authorization_token: "secret-token"
+redis_uri: "redis://127.0.0.1:6379"

src/routes.rs

@@ -2,6 +2,7 @@ mod admin;
 mod health_check;
 mod home;
 mod login;
+mod register;
 mod subscriptions;
 mod subscriptions_confirm;
 
@@ -9,5 +10,6 @@ pub use admin::*;
 pub use health_check::*;
 pub use home::*;
 pub use login::*;
+pub use register::*;
 pub use subscriptions::*;
 pub use subscriptions_confirm::*;

src/routes/home/home.html

@@ -7,6 +7,9 @@
   </head>
   <body>
     <p>Welcome to our newsletter!</p>
-    <p><a href="/login">Login</a></p>
+    <ol>
+      <li><a href="/login">Admin login</a></li>
+      <li><a href="/register">Register</a></li>
+    </ol>
   </body>
 </html>

src/routes/register.rs

@@ -0,0 +1,11 @@
+use axum::response::{Html, IntoResponse, Response};
+use axum_messages::Messages;
+use std::fmt::Write;
+
+pub async fn register(messages: Messages) -> Response {
+    let mut error_html = String::new();
+    for message in messages {
+        writeln!(error_html, "<p><i>{}</i></p>", message).unwrap();
+    }
+    Html(format!(include_str!("register/register.html"), error_html)).into_response()
+}

src/routes/register/confirm.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width" />
+    <title>Account confirmed</title>
+  </head>
+  <body>
+    <p>Your account has been confirmed. Welcome!</p>
+  </body>
+</html>

src/routes/register/register.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width" />
+    <title>Register</title>
+  </head>
+  <body>
+    <form action="/subscriptions" method="post">
+      <input type="text" name="name" placeholder="Name" />
+      <input type="text" name="email" placeholder="Email address" />
+      <input
+        type="text"
+        name="email_check"
+        placeholder="Confirm email address"
+      />
+      <button type="Register">Register</button>
+    </form>
+    {}
+    <p><a href="/">Back</a></p>
+  </body>
+</html>

src/routes/subscriptions.rs

@@ -8,8 +8,9 @@ use axum::{
     Form, Json,
     extract::State,
     http::StatusCode,
-    response::{IntoResponse, Response},
+    response::{IntoResponse, Redirect, Response},
 };
+use axum_messages::Messages;
 use chrono::Utc;
 use rand::{Rng, distr::Alphanumeric};
 use serde::Deserialize;
@@ -63,12 +64,16 @@ impl IntoResponse for SubscribeError {
 
         tracing::error!("{:?}", self);
 
-        let status = match self {
+        match self {
-            SubscribeError::UnexpectedError(_) => StatusCode::INTERNAL_SERVER_ERROR,
+            SubscribeError::UnexpectedError(_) => (
-            SubscribeError::ValidationError(_) => StatusCode::BAD_REQUEST,
+                StatusCode::INTERNAL_SERVER_ERROR,
-        };
+                Json(ErrorResponse {
-        let message = "An internal server error occured.";
+                    message: "An internal server error occured.",
-        (status, Json(ErrorResponse { message })).into_response()
+                }),
+            )
+                .into_response(),
+            SubscribeError::ValidationError(_) => Redirect::to("/register").into_response(),
+        }
     }
 }
 
@@ -81,6 +86,7 @@ impl IntoResponse for SubscribeError {
     )
 )]
 pub async fn subscribe(
+    messages: Messages,
     State(AppState {
         connection_pool,
         email_client,
@@ -89,11 +95,17 @@ pub async fn subscribe(
     }): State<AppState>,
     Form(form): Form<SubscriptionFormData>,
 ) -> Result<Response, SubscribeError> {
+    let new_subscriber = match form.try_into() {
+        Ok(new_sub) => new_sub,
+        Err(e) => {
+            messages.error(&e);
+            return Err(SubscribeError::ValidationError(e));
+        }
+    };
     let mut transaction = connection_pool
         .begin()
         .await
         .context("Failed to acquire a Postgres connection from the pool.")?;
-    let new_subscriber = form.try_into().map_err(SubscribeError::ValidationError)?;
     let subscriber_id = insert_subscriber(&mut transaction, &new_subscriber)
         .await
         .context("Failed to insert new subscriber in the database.")?;
@@ -113,7 +125,8 @@ pub async fn subscribe(
         .commit()
         .await
         .context("Failed to commit the database transaction to store a new subscriber.")?;
-    Ok(StatusCode::OK.into_response())
+    messages.success("A confirmation email has been sent.");
+    Ok(Redirect::to("/register").into_response())
 }
 
 #[tracing::instrument(
@@ -198,6 +211,7 @@ Click <a href=\"{}\">here</a> to confirm your subscription.",
 pub struct SubscriptionFormData {
     name: String,
     email: String,
+    email_check: String,
 }
 
 impl TryFrom<SubscriptionFormData> for NewSubscriber {
@@ -205,6 +219,9 @@ impl TryFrom<SubscriptionFormData> for NewSubscriber {
 
     fn try_from(value: SubscriptionFormData) -> Result<Self, Self::Error> {
         let name = SubscriberName::parse(value.name)?;
+        if value.email != value.email_check {
+            return Err("Email addresses don't match.".into());
+        }
         let email = SubscriberEmail::parse(value.email)?;
         Ok(Self { name, email })
     }

src/routes/subscriptions_confirm.rs

@@ -2,7 +2,7 @@ use crate::startup::AppState;
 use axum::{
     extract::{Query, State},
     http::StatusCode,
-    response::IntoResponse,
+    response::{Html, IntoResponse, Response},
 };
 use serde::Deserialize;
 use sqlx::PgPool;
@@ -14,23 +14,23 @@ pub async fn confirm(
         connection_pool, ..
     }): State<AppState>,
     Query(params): Query<Params>,
-) -> impl IntoResponse {
+) -> Response {
     let Ok(subscriber_id) =
         get_subscriber_id_from_token(&connection_pool, &params.subscription_token).await
     else {
-        return StatusCode::INTERNAL_SERVER_ERROR;
+        return StatusCode::INTERNAL_SERVER_ERROR.into_response();
     };
     if let Some(subscriber_id) = subscriber_id {
         if confirm_subscriber(&connection_pool, &subscriber_id)
             .await
             .is_err()
         {
-            StatusCode::INTERNAL_SERVER_ERROR
+            StatusCode::INTERNAL_SERVER_ERROR.into_response()
         } else {
-            StatusCode::OK
+            Html(include_str!("register/confirm.html")).into_response()
         }
     } else {
-        StatusCode::UNAUTHORIZED
+        StatusCode::UNAUTHORIZED.into_response()
     }
 }
 

src/startup.rs

@@ -96,6 +96,7 @@ pub fn app(
         .layer(middleware::from_fn(require_auth));
     Router::new()
         .route("/", get(home))
+        .route("/register", get(register))
         .route("/login", get(get_login).post(post_login))
         .route("/health_check", get(health_check))
         .route("/subscriptions", post(subscribe))

tests/api/helpers.rs

@@ -177,6 +177,17 @@ impl TestApp {
         self.get_admin_dashboard().await.text().await.unwrap()
     }
 
+    pub async fn get_register_html(&self) -> String {
+        self.api_client
+            .get(format!("{}/register", &self.address))
+            .send()
+            .await
+            .expect("Failed to execute request")
+            .text()
+            .await
+            .unwrap()
+    }
+
     pub async fn get_change_password(&self) -> reqwest::Response {
         self.api_client
             .get(format!("{}/admin/password", &self.address))

tests/api/newsletters.rs

@@ -199,7 +199,8 @@ async fn create_unconfirmed_subscriber(app: &TestApp) -> ConfirmationLinks {
     let email: String = SafeEmail().fake();
     let body = serde_urlencoded::to_string(serde_json::json!({
         "name": name,
-        "email": email
+        "email": email,
+        "email_check": email
     }))
     .unwrap();
 

tests/api/subscriptions.rs

@@ -1,11 +1,11 @@
-use crate::helpers::TestApp;
+use crate::helpers::{TestApp, assert_is_redirect_to};
 use wiremock::{
     Mock, ResponseTemplate,
     matchers::{method, path},
 };
 
 #[tokio::test]
-async fn subscribe_returns_a_200_for_valid_form_data() {
+async fn subscribe_displays_a_confirmation_message_for_valid_form_data() {
     let app = TestApp::spawn().await;
 
     Mock::given(path("/v1/email"))
@@ -14,10 +14,13 @@ async fn subscribe_returns_a_200_for_valid_form_data() {
         .mount(&app.email_server)
         .await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
-    let response = app.post_subscriptions(body.into()).await;
+    let body = format!("name=Alphonse&email={0}&email_check={0}", email);
+    let response = app.post_subscriptions(body).await;
 
-    assert_eq!(200, response.status().as_u16());
+    assert_is_redirect_to(&response, "/register");
+    let page_html = app.get_register_html().await;
+    assert!(page_html.contains("A confirmation email has been sent"));
 }
 
 #[tokio::test]
@@ -30,10 +33,13 @@ async fn subscribe_persists_the_new_subscriber() {
         .mount(&app.email_server)
         .await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
-    let response = app.post_subscriptions(body.into()).await;
+    let body = format!("name=Alphonse&email={0}&email_check={0}", email);
+    let response = app.post_subscriptions(body).await;
 
-    assert_eq!(200, response.status().as_u16());
+    assert_is_redirect_to(&response, "/register");
+    let page_html = app.get_register_html().await;
+    assert!(page_html.contains("A confirmation email has been sent"));
 
     let saved = sqlx::query!("SELECT email, name, status FROM subscriptions")
         .fetch_one(&app.connection_pool)
@@ -67,21 +73,32 @@ async fn subscribe_returns_a_422_when_data_is_missing() {
 }
 
 #[tokio::test]
-async fn subscribe_returns_a_400_when_fields_are_present_but_invalid() {
+async fn subscribe_shows_an_error_message_when_fields_are_present_but_invalid() {
     let app = TestApp::spawn().await;
 
     let test_cases = [
-        ("name=&email=alphonse.paix%40outlook.com", "empty name"),
+        ("name=&email=alphonse.paix%40outlook.com", "an empty name"),
-        ("name=Alphonse&email=", "empty email"),
+        ("name=Alphonse&email=&email_check=", "an empty email"),
-        ("name=Alphonse&email=not-an-email", "invalid email"),
+        (
+            "name=Alphonse&email=not-an-email&email_check=not-an_email",
+            "an invalid email",
+        ),
+        (
+            "name=Alphonse&email=alphonse.paix@outlook.com&email_check=alphonse.paix@outlook.fr",
+            "two different email addresses",
+        ),
     ];
     for (body, description) in test_cases {
-        let response = app.post_subscriptions(body.into()).await;
+        let response_text = app
+            .post_subscriptions(body.into())
+            .await
+            .text()
+            .await
+            .unwrap();
 
-        assert_eq!(
+        assert!(
-            400,
+            !response_text.contains("Your account has been confirmed"),
-            response.status().as_u16(),
+            "the API did not displayed an error message when the payload had an {}.",
-            "the API did not fail with 400 Bad Request when the payload had an {}.",
             description
         );
     }
@@ -91,7 +108,8 @@ async fn subscribe_returns_a_400_when_fields_are_present_but_invalid() {
 async fn subscribe_sends_a_confirmation_email_for_valid_data() {
     let app = TestApp::spawn().await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
+    let body = format!("name=Alphonse&email={0}&email_check={0}", email);
 
     Mock::given(path("v1/email"))
         .and(method("POST"))
@@ -100,14 +118,15 @@ async fn subscribe_sends_a_confirmation_email_for_valid_data() {
         .mount(&app.email_server)
         .await;
 
-    app.post_subscriptions(body.into()).await;
+    app.post_subscriptions(body).await;
 }
 
 #[tokio::test]
 async fn subscribe_sends_a_confirmation_email_with_a_link() {
     let app = TestApp::spawn().await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
+    let body = format!("name=Alphonse&email={0}&email_check={0}", email);
 
     Mock::given(path("v1/email"))
         .and(method("POST"))
@@ -116,7 +135,7 @@ async fn subscribe_sends_a_confirmation_email_with_a_link() {
         .mount(&app.email_server)
         .await;
 
-    app.post_subscriptions(body.into()).await;
+    app.post_subscriptions(body).await;
 
     let email_request = &app.email_server.received_requests().await.unwrap()[0];
     let confirmation_links = app.get_confirmation_links(email_request);
@@ -127,14 +146,15 @@ async fn subscribe_sends_a_confirmation_email_with_a_link() {
 async fn subscribe_fails_if_there_is_a_fatal_database_error() {
     let app = TestApp::spawn().await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
+    let body = format!("name=Alphonse&email={0}&email_check={0}", email);
 
     sqlx::query!("ALTER TABLE subscriptions DROP COLUMN email")
         .execute(&app.connection_pool)
         .await
         .unwrap();
 
-    let response = app.post_subscriptions(body.into()).await;
+    let response = app.post_subscriptions(body).await;
 
     assert_eq!(response.status().as_u16(), 500);
 }

tests/api/subscriptions_confirm.rs

@@ -15,10 +15,11 @@ async fn confirmation_links_without_token_are_rejected_with_a_400() {
 }
 
 #[tokio::test]
-async fn the_link_returned_by_subscribe_returns_a_200_if_called() {
+async fn clicking_on_the_link_shows_a_confiramtion_message() {
     let app = TestApp::spawn().await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
+    let body = format!("name=Alphonse&email={email}&email_check={email}");
 
     Mock::given(path("v1/email"))
         .and(method("POST"))
@@ -27,19 +28,27 @@ async fn the_link_returned_by_subscribe_returns_a_200_if_called() {
         .mount(&app.email_server)
         .await;
 
-    app.post_subscriptions(body.into()).await;
+    app.post_subscriptions(body).await;
 
     let email_request = &app.email_server.received_requests().await.unwrap()[0];
     let confirmation_links = app.get_confirmation_links(email_request);
     let response = reqwest::get(confirmation_links.html).await.unwrap();
     assert_eq!(response.status().as_u16(), 200);
+    assert!(
+        response
+            .text()
+            .await
+            .unwrap()
+            .contains("Your account has been confirmed")
+    );
 }
 
 #[tokio::test]
 async fn clicking_on_the_confirmation_link_confirms_a_subscriber() {
     let app = TestApp::spawn().await;
 
-    let body = "name=Alphonse&email=alphonse.paix%40outlook.com";
+    let email = "alphonse.paix@outlook.com";
+    let body = format!("name=Alphonse&email={email}&email_check={email}");
 
     Mock::given(path("v1/email"))
         .and(method("POST"))
@@ -48,7 +57,7 @@ async fn clicking_on_the_confirmation_link_confirms_a_subscriber() {
         .mount(&app.email_server)
         .await;
 
-    app.post_subscriptions(body.into()).await;
+    app.post_subscriptions(body).await;
 
     let email_request = &app.email_server.received_requests().await.unwrap()[0];
     let confirmation_links = app.get_confirmation_links(email_request);