From 5e4e0862477f46a6ea477a56f01fd84e720a9546 Mon Sep 17 00:00:00 2001 From: Greg Burri Date: Tue, 22 Nov 2022 01:13:19 +0100 Subject: [PATCH] Sign up method. beginning of adding methods to create account and authentication. --- backend/sql/data_test.sql | 18 ++++ backend/sql/version_1.sql | 26 ++++- backend/src/db.rs | 200 ++++++++++++++++++++++++++++++++++---- backend/src/hash.rs | 16 +++ backend/src/main.rs | 22 ++++- 5 files changed, 254 insertions(+), 28 deletions(-) create mode 100644 backend/sql/data_test.sql create mode 100644 backend/src/hash.rs diff --git a/backend/sql/data_test.sql b/backend/sql/data_test.sql new file mode 100644 index 0000000..c5fe230 --- /dev/null +++ b/backend/sql/data_test.sql @@ -0,0 +1,18 @@ +INSERT INTO [User] ([id], [email], [name], [password], [creation_datetime], [validation_token]) +VALUES ( + 1, + 'paul@test.org', + 'paul', + '$argon2id$v=19$m=4096,t=3,p=1$1vtXcacYjUHZxMrN6b2Xng$wW8Z59MIoMcsIljnjHmxn3EBcc5ymEySZPUVXHlRxcY', + 0, + NULL +); + +INSERT INTO [Recipe] ([user_id], [title]) +VALUES (1, 'Croissant au jambon'); + +INSERT INTO [Recipe] ([user_id], [title]) +VALUES (1, 'Gratin de thon aux olives'); + +INSERT INTO [Recipe] ([user_id], [title]) +VALUES (1, 'Saumon en croute'); diff --git a/backend/sql/version_1.sql b/backend/sql/version_1.sql index 9673d25..4457863 100644 --- a/backend/sql/version_1.sql +++ b/backend/sql/version_1.sql @@ -8,16 +8,38 @@ CREATE TABLE [Version] ( CREATE TABLE [User] ( [id] INTEGER PRIMARY KEY, [email] TEXT NOT NULL, - [password] TEXT NOT NULL, -- Hashed and salted. - [name] TEXT NOT NULL + [name] TEXT, + [default_servings] INTEGER DEFAULT 4, + + [password] TEXT NOT NULL, -- argon2(password_plain, salt). + + [creation_datetime] DATETIME NOT NULL, -- Updated when the validation email is sent. + [validation_token] TEXT -- If not null then the user has not validated his account yet. ); +CREATE UNIQUE INDEX [User_email_index] ON [User] ([email]); + +CREATE TABLE [UserLoginToken] ( + [id] INTEGER PRIMARY KEY, + [user_id] INTEGER NOT NULL, + [last_login_datetime] DATETIME, + [token] TEXT NOT NULL, -- 24 alphanumeric character token. Can be stored in a cookie to be able to authenticate without a password. + + [ip] INTEGER, + [user_agent] TEXT, + + FOREIGN KEY([user_id]) REFERENCES [User]([id]) +); + +CREATE INDEX [UserLoginToken_token_index] ON [UserLoginToken] ([token]); + CREATE TABLE [Recipe] ( [id] INTEGER PRIMARY KEY, [user_id] INTEGER NOT NULL, [title] TEXT NOT NULL, [estimate_time] INTEGER, [description] TEXT, + [servings] INTEGER DEFAULT 4, FOREIGN KEY([user_id]) REFERENCES [User]([id]) ); diff --git a/backend/src/db.rs b/backend/src/db.rs index 2bf383b..4ef37fe 100644 --- a/backend/src/db.rs +++ b/backend/src/db.rs @@ -1,12 +1,14 @@ -use std::{fs::{self, File}, path::Path, io::Read}; +use std::{fmt::Display, fs::{self, File}, path::Path, io::Read}; use itertools::Itertools; -//use rusqlite::types::ToSql; -//use rusqlite::{Connection, Result, NO_PARAMS}; +use chrono::{prelude::*, Duration}; +use rusqlite::{params, Params, OptionalExtension}; use r2d2::Pool; use r2d2_sqlite::SqliteConnectionManager; +use rand::distributions::{Alphanumeric, DistString}; use crate::consts; +use crate::hash::hash; use crate::model; const CURRENT_DB_VERSION: u32 = 1; @@ -31,8 +33,39 @@ impl From for DBError { } } +// TODO: Is there a better solution? +impl DBError { + fn from_dyn_error(error: Box) -> Self { + DBError::Other(error.to_string()) + } +} + type Result = std::result::Result; +#[derive(Debug)] +pub enum SignUpResult { + UserAlreadyExists, + UserCreatedWaitingForValidation(String), // Validation token. +} + +#[derive(Debug)] +pub enum ValidationResult { + ValidationExpired, + OK, +} + +#[derive(Debug)] +pub enum SignInResult { + NotValidToken, + OK, +} + +#[derive(Debug)] +pub enum AuthenticationResult { + NotValidToken, + OK, +} + #[derive(Clone)] pub struct Connection { //con: rusqlite::Connection @@ -41,25 +74,26 @@ pub struct Connection { impl Connection { pub fn new() -> Result { + let path = Path::new(consts::DB_DIRECTORY).join(consts::DB_FILENAME); + Self::new_from_file(path) + } - let data_dir = Path::new(consts::DB_DIRECTORY); + pub fn new_in_memory() -> Result { + Self::create_connection(SqliteConnectionManager::memory()) + } - if !data_dir.exists() { - fs::DirBuilder::new().create(data_dir).unwrap(); + pub fn new_from_file>(file: P) -> Result { + if let Some(data_dir) = file.as_ref().parent() { + if !data_dir.exists() { + fs::DirBuilder::new().create(data_dir).unwrap(); + } } - let manager = SqliteConnectionManager::file(consts::DB_FILENAME); - let pool = r2d2::Pool::new(manager).unwrap(); - - let connection = Connection { pool }; - connection.create_or_update()?; - Ok(connection) + Self::create_connection(SqliteConnectionManager::file(file)) } - /* - * Called after the connection has been established for creating or updating the database. - * The 'Version' table tracks the current state of the database. - */ + /// Called after the connection has been established for creating or updating the database. + /// The 'Version' table tracks the current state of the database. fn create_or_update(&self) -> Result<()> { // Check the Database version. let mut con = self.pool.get()?; @@ -86,6 +120,13 @@ impl Connection { Ok(()) } + fn create_connection(manager: SqliteConnectionManager) -> Result {; + let pool = r2d2::Pool::new(manager).unwrap(); + let connection = Connection { pool }; + connection.create_or_update()?; + Ok(connection) + } + fn update_to_next_version(current_version: u32, tx: &rusqlite::Transaction) -> Result { let next_version = current_version + 1; @@ -106,7 +147,8 @@ impl Connection { match next_version { 1 => { - tx.execute_batch(&load_sql_file(next_version)?)?; + let sql_file = consts::SQL_FILENAME.replace("{VERSION}", &next_version.to_string()); + tx.execute_batch(&load_sql_file(&sql_file)?)?; update_version(next_version, tx)?; ok(true) @@ -131,6 +173,7 @@ impl Connection { Ok(titles) } + /* Not used for the moment. pub fn get_all_recipes(&self) -> Result> { let con = self.pool.get()?; let mut stmt = con.prepare("SELECT [id], [title] FROM [Recipe] ORDER BY [title]")?; @@ -139,7 +182,7 @@ impl Connection { Ok(model::Recipe::new(row.get(0)?, row.get(1)?)) })?.map(|r| r.unwrap()).collect_vec(); // TODO: remove unwrap. Ok(recipes) - } + } */ pub fn get_recipe(&self, id: i32) -> Result { let con = self.pool.get()?; @@ -147,12 +190,127 @@ impl Connection { Ok(model::Recipe::new(row.get(0)?, row.get(1)?)) }).map_err(DBError::from) } + + /// + pub fn sign_up(&self, password: &str, email: &str) -> Result { + self.sign_up_with_given_time(password, email, Utc::now()) + } + + fn sign_up_with_given_time(&self, password: &str, email: &str, datetime: DateTime) -> Result { + let mut con = self.pool.get()?; + let tx = con.transaction()?; + let token = + match tx.query_row("SELECT [id], [validation_token] FROM [User] WHERE [email] = ?1", [email], |r| { + Ok((r.get::<&str, i32>("id")?, r.get::<&str, Option>("validation_token")?)) + }).optional()? { + Some((id, validation_token)) => { + if validation_token.is_none() { + return Ok(SignUpResult::UserAlreadyExists) + } + let token = generate_token(); + let hashed_password = hash(password).map_err(|e| DBError::from_dyn_error(e))?; + tx.execute("UPDATE [User] SET [validation_token] = ?2, [creation_datetime] = ?3, [password] = ?4 WHERE [id] = ?1", params![id, token, datetime, hashed_password])?; + token + }, + None => { + let token = generate_token(); + let hashed_password = hash(password).map_err(|e| DBError::from_dyn_error(e))?; + tx.execute("INSERT INTO [User] ([email], [validation_token], [creation_datetime], [password]) VALUES (?1, ?2, ?3, ?4)", params![email, token, datetime, hashed_password])?; + token + }, + }; + tx.commit()?; + Ok(SignUpResult::UserCreatedWaitingForValidation(token)) + } + + pub fn validation(&self, token: &str, validation_time: Duration) -> Result { + todo!() + } + + pub fn sign_in(&self, password: &str, email: String) -> Result { + todo!() + } + + pub fn authentication(&self, token: &str) -> Result { + todo!() + } + + pub fn logout(&self, token: &str) -> Result<()> { + todo!() + } + + /// Execute a given SQL file. + pub fn execute_file + Display>(&self, file: P) -> Result<()> { + let con = self.pool.get()?; + let sql = load_sql_file(file)?; + con.execute_batch(&sql).map_err(DBError::from) + } + + /// Execute any SQL statement. + /// Mainly used for testing. + pub fn execute_sql(&self, sql: &str, params: P) -> Result { + let con = self.pool.get()?; + con.execute(sql, params).map_err(DBError::from) + } } -fn load_sql_file(version: u32) -> Result { - let sql_file = consts::SQL_FILENAME.replace("{VERSION}", &version.to_string()); +fn load_sql_file + Display>(sql_file: P) -> Result { let mut file = File::open(&sql_file).map_err(|err| DBError::Other(format!("Cannot open SQL file ({}): {}", &sql_file, err.to_string())))?; let mut sql = String::new(); file.read_to_string(&mut sql).map_err(|err| DBError::Other(format!("Cannot read SQL file ({}) : {}", &sql_file, err.to_string())))?; Ok(sql) -} \ No newline at end of file +} + +fn generate_token() -> String { + Alphanumeric.sample_string(&mut rand::thread_rng(), 24) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn sign_up() -> Result<()> { + let connection = Connection::new_in_memory()?; + match connection.sign_up("12345", "paul@test.org")? { + SignUpResult::UserCreatedWaitingForValidation(_) => (), // Nominal case. + other => panic!("{:?}", other), + } + Ok(()) + } + + #[test] + fn sign_up_to_an_already_existing_user() -> Result<()> { + let connection = Connection::new_in_memory()?; + connection.execute_sql(" + INSERT INTO [User] ([id], [email], [name], [password], [creation_datetime], [validation_token]) + VALUES ( + 1, + 'paul@test.org', + 'paul', + '$argon2id$v=19$m=4096,t=3,p=1$1vtXcacYjUHZxMrN6b2Xng$wW8Z59MIoMcsIljnjHmxn3EBcc5ymEySZPUVXHlRxcY', + 0, + NULL + );", [])?; + match connection.sign_up("12345", "paul@test.org")? { + SignUpResult::UserAlreadyExists => (), // Nominal case. + other => panic!("{:?}", other), + } + Ok(()) + } + + #[test] + fn sign_up_to_an_unvalidated_already_existing_user() -> Result<()> { + todo!() + } + + fn sign_up_then_send_validation_at_time() -> Result<()> { + todo!() + } + + fn sign_up_then_send_validation_too_late() -> Result<()> { + todo!() + } + + //fn sign_up_then_send_validation_then_sign_in() +} diff --git a/backend/src/hash.rs b/backend/src/hash.rs new file mode 100644 index 0000000..3dd45a9 --- /dev/null +++ b/backend/src/hash.rs @@ -0,0 +1,16 @@ +use std::{string::String, env::consts::OS}; + +use argon2::{ + password_hash::{ + Error, + rand_core::OsRng, + PasswordHash, PasswordHasher, PasswordVerifier, SaltString + }, + Argon2 +}; + +pub fn hash(password: &str) -> Result> { + let salt = SaltString::generate(&mut OsRng); + let argon2 = Argon2::default(); + argon2.hash_password(password.as_bytes(), &salt).map(|h| h.to_string()).map_err(|e| e.into()) +} \ No newline at end of file diff --git a/backend/src/main.rs b/backend/src/main.rs index 5c6de4c..1fbfbc5 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -4,13 +4,15 @@ use std::sync::Mutex; use actix_files as fs; use actix_web::{get, web, Responder, middleware, App, HttpServer, HttpRequest}; use askama_actix::Template; +use chrono::prelude::*; use clap::Parser; use ron::de::from_reader; use serde::Deserialize; mod consts; -mod model; mod db; +mod hash; +mod model; #[derive(Template)] #[template(path = "home.html")] @@ -98,16 +100,26 @@ async fn main() -> std::io::Result<()> { #[derive(Parser, Debug)] struct Args { #[arg(long)] - test: bool + dbtest: bool } fn process_args() -> bool { let args = Args::parse(); - if args.test { - if let Err(error) = db::Connection::new() { - println!("Error: {:?}", error) + if args.dbtest { + match db::Connection::new() { + Ok(con) => { + if let Err(error) = con.execute_file("sql/data_test.sql") { + println!("Error: {:?}", error); + } + // Set the creation datetime to 'now'. + con.execute_sql("UPDATE [User] SET [creation_datetime] = ?1 WHERE [email] = 'paul@test.org'", [Utc::now()]).unwrap(); + }, + Err(error) => { + println!("Error: {:?}", error) + }, } + return true; } -- 2.45.2