Authentication and form for newsletter publishing

2025-09-01 15:47:27 +02:00
parent 6f6e6ab017
commit d47fba5cc9
16 changed files with 394 additions and 408 deletions
--- a/src/routes/admin/change_password.rs
+++ b/src/routes/admin/change_password.rs
@@ -0,0 +1,72 @@
+use crate::{
+    authentication::{self, AuthenticatedUser, Credentials, validate_credentials},
+    routes::AdminError,
+    startup::AppState,
+};
+use axum::{
+    Extension, Form,
+    extract::State,
+    response::{Html, IntoResponse, Redirect, Response},
+};
+use axum_messages::Messages;
+use secrecy::{ExposeSecret, SecretString};
+use std::fmt::Write;
+
+#[derive(serde::Deserialize)]
+pub struct PasswordFormData {
+    pub current_password: SecretString,
+    pub new_password: SecretString,
+    pub new_password_check: SecretString,
+}
+
+pub async fn change_password_form(messages: Messages) -> Result<Response, AdminError> {
+    let mut error_html = String::new();
+    for message in messages {
+        writeln!(error_html, "<p><i>{}</i></p>", message).unwrap();
+    }
+    Ok(Html(format!(
+        include_str!("html/change_password_form.html"),
+        error_html
+    ))
+    .into_response())
+}
+
+pub async fn change_password(
+    Extension(AuthenticatedUser { user_id, username }): Extension<AuthenticatedUser>,
+    State(AppState {
+        connection_pool, ..
+    }): State<AppState>,
+    messages: Messages,
+    Form(form): Form<PasswordFormData>,
+) -> Result<Response, AdminError> {
+    let credentials = Credentials {
+        username,
+        password: form.current_password,
+    };
+    if form.new_password.expose_secret() != form.new_password_check.expose_secret() {
+        messages.error("You entered two different passwords - the field values must match.");
+        Err(AdminError::ChangePassword)
+    } else if validate_credentials(credentials, &connection_pool)
+        .await
+        .is_err()
+    {
+        messages.error("The current password is incorrect.");
+        Err(AdminError::ChangePassword)
+    } else if let Err(e) = verify_password(form.new_password.expose_secret()) {
+        messages.error(e);
+        Err(AdminError::ChangePassword)
+    } else {
+        authentication::change_password(user_id, form.new_password, &connection_pool)
+            .await
+            .map_err(|_| AdminError::ChangePassword)?;
+        messages.success("Your password has been changed.");
+        Ok(Redirect::to("/admin/password").into_response())
+    }
+}
+
+fn verify_password(password: &str) -> Result<(), String> {
+    if password.len() < 12 || password.len() > 128 {
+        return Err("The password must contain between 12 and 128 characters.".into());
+    }
+    Ok(())
+}