ntr/mnml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

password change

Browse Source
This commit is contained in:
ntr 2019-08-13 12:26:32 +10:00
parent 0507381e20
commit f0166a1779
4 changed files with 217 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
client/src/components/account.management.jsx
View File

@ -1,9 +1,11 @@
const { connect } = require('preact-redux');
const preact = require('preact');
const { Component } = require('preact')
const { connect } = require('preact-redux');
const linkState = require('linkstate').default;
const SpawnButton = require('./spawn.button');
const { postData } = require('./../utils');
const { postData, errorToast, infoToast } = require('../utils');
const actions = require('../actions');
const addState = connect(
@ -15,10 +17,22 @@ const addState = connect(
} = state;
function setPassword(current, password) {
postData('/account/password', { current, password })
.then(res => res.json())
.then(data => {
if (!data.success) return errorToast(data.error_message);
infoToast('Password changed. Reloading...')
setTimeout(() => window.location.reload(), 5000);
})
.catch(error => errorToast(error));
}
function logout() {
postData('/account/logout').then(() => window.location.reload(true));
}
function sendConstructSpawn(name) {
return ws.sendMtxConstructSpawn(name);
}
@ -27,81 +41,111 @@ const addState = connect(
account,
ping,
logout,
setPassword,
sendConstructSpawn,
};
},
);
function AccountStatus(args) {
const {
account,
ping,
logout,
sendConstructSpawn,
} = args;
class AccountStatus extends Component {
constructor(props) {
super(props);
if (!account) return null;
this.state = {
setPassword: { current: '', password: '', confirm: ''},
};
}
return (
<section class='account'>
<div>
<h1>{account.name}</h1>
<dl>
<dt>Subscription</dt>
<dd>{account.subscribed ? 'some date' : 'unsubscribed'}</dd>
</dl>
<button onClick={() => logout()}>Logout</button>
</div>
<form>
<label for="email">Update Email:</label>
<input
class="login-input"
disabled
type="email"
name="current"
placeholder={account.email || 'no email set'}
/>
<input
class="login-input"
type="email"
name="email"
placeholder="new email"
/>
<button>Update</button>
</form>
<form>
<label for="current">Change Password:</label>
<input
class="login-input"
type="password"
name="current"
placeholder="current"
/>
<input
class="login-input"
type="password"
name="new"
placeholder="new password"
/>
<input
class="login-input"
type="password"
name="confirm"
placeholder="confirm"
/>
<button>Change</button>
</form>
<div class="list">
<figure>
<figcaption>spawn new construct</figcaption>
<button onClick={() => sendConstructSpawn()} type="submit">
¤50
render(args) {
const {
account,
ping,
logout,
setPassword,
sendConstructSpawn,
} = args;
if (!account) return null;
const passwordsEqual = () =>
this.state.setPassword.password === this.state.setPassword.confirm;
const setPasswordDisabled = () => {
const { current, password, confirm } = this.state.setPassword;
return !(passwordsEqual() && password && current && confirm);
}
return (
<section class='account'>
<div>
<h1>{account.name}</h1>
<dl>
<dt>Subscription</dt>
<dd>{account.subscribed ? 'some date' : 'unsubscribed'}</dd>
</dl>
<button onClick={() => logout()}>Logout</button>
</div>
<div>
<label for="email">Update Email:</label>
<input
class="login-input"
disabled
type="email"
name="current"
placeholder={account.email || 'no email set'}
/>
<input
class="login-input"
type="email"
name="email"
placeholder="new email"
/>
<button>Update</button>
</div>
<div>
<label for="current">Change Password:</label>
<input
class="login-input"
type="password"
name="current"
value={this.state.setPassword.current}
onInput={linkState(this, 'setPassword.current')}
placeholder="current"
/>
<input
class="login-input"
type="password"
name="new"
value={this.state.setPassword.password}
onInput={linkState(this, 'setPassword.password')}
placeholder="new password"
/>
<input
class="login-input"
type="password"
name="confirm"
value={this.state.setPassword.confirm}
onInput={linkState(this, 'setPassword.confirm')}
placeholder="confirm"
/>
<button
disabled={setPasswordDisabled()}
onClick={() => setPassword(this.state.setPassword.current, this.state.setPassword.password)}>
Set Password
</button>
</figure>
</div>
</section>
);
</div>
<div class="list">
<figure>
<figcaption>spawn new construct</figcaption>
<button onClick={() => sendConstructSpawn()} type="submit">
¤50
</button>
</figure>
</div>
</section>
);
}
}
module.exports = addState(AccountStatus);

10
client/src/utils.jsx
View File

@ -213,6 +213,15 @@ function errorToast(message) {
});
}
function infoToast(message) {
toast.info({
position: 'topRight',
drag: false,
close: false,
message,
});
}
function convertItem(v) {
if (['Red', 'Green', 'Blue'].includes(v)) {
return (
@ -233,6 +242,7 @@ module.exports = {
postData,
convertItem,
errorToast,
infoToast,
NULL_UUID,
STATS,
COLOURS,

66
server/src/account.rs
View File

@ -117,7 +117,7 @@ pub fn login(tx: &mut Transaction, name: &String, password: &String) -> Result<A
Ok(Account { id, name, balance, subscribed })
}
pub fn new_token(tx: &mut Transaction, id: Uuid) -> Result<String, Error> {
pub fn new_token(tx: &mut Transaction, id: Uuid) -> Result<String, MnmlHttpError> {
let mut rng = thread_rng();
let token: String = iter::repeat(())
.map(|()| rng.sample(Alphanumeric))
@ -136,11 +136,73 @@ pub fn new_token(tx: &mut Transaction, id: Uuid) -> Result<String, Error> {
.query(query, &[&token, &id])?;
result.iter().next()
.ok_or(format_err!("account not updated {:?}", id))?;
.ok_or(MnmlHttpError::Unauthorized)?;
Ok(token)
}
pub fn set_password(tx: &mut Transaction, id: Uuid, current: &String, password: &String) -> Result<String, MnmlHttpError> {
if password.len() < PASSWORD_MIN_LEN {
return Err(MnmlHttpError::PasswordUnacceptable);
}
let query = "
SELECT id, password
FROM accounts
WHERE id = $1
";
let result = tx
.query(query, &[&id])?;
let row = match result.iter().next() {
Some(row) => row,
None => {
let mut rng = thread_rng();
let garbage: String = iter::repeat(())
.map(|()| rng.sample(Alphanumeric))
.take(64)
.collect();
// verify garbage to prevent timing attacks
verify(garbage.clone(), &garbage).ok();
return Err(MnmlHttpError::AccountNotFound);
},
};
let id: Uuid = row.get(0);
let db_pw: String = row.get(1);
if !verify(current, &db_pw)? {
return Err(MnmlHttpError::PasswordNotMatch);
}
let rounds = 8;
let password = hash(&password, rounds)?;
let query = "
UPDATE accounts
SET password = $1, updated_at = now()
WHERE id = $2
RETURNING id, name;
";
let result = tx
.query(query, &[&password, &id])?;
let row = match result.iter().next() {
Some(row) => row,
None => return Err(MnmlHttpError::DbError),
};
let name: String = row.get(1);
info!("password updated name={:?} id={:?}", name, id);
new_token(tx, id)
}
pub fn credit(tx: &mut Transaction, id: Uuid, credits: i64) -> Result<String, Error> {
let query = "
UPDATE accounts

33
server/src/net.rs
View File

@ -221,7 +221,7 @@ fn login(req: &mut Request) -> IronResult<Response> {
match account::login(&mut tx, &params.name, &params.password) {
Ok(a) => {
let token = account::new_token(&mut tx, a.id).or(Err(MnmlHttpError::ServerError))?;
let token = account::new_token(&mut tx, a.id)?;
tx.commit().or(Err(MnmlHttpError::ServerError))?;
Ok(token_res(token))
},
@ -239,7 +239,7 @@ fn logout(req: &mut Request) -> IronResult<Response> {
let db = state.pool.get().or(Err(MnmlHttpError::DbError))?;
let mut tx = db.transaction().or(Err(MnmlHttpError::DbError))?;
account::new_token(&mut tx, a.id).or(Err(MnmlHttpError::Unauthorized))?;
account::new_token(&mut tx, a.id)?;
tx.commit().or(Err(MnmlHttpError::ServerError))?;
@ -252,6 +252,33 @@ fn logout(req: &mut Request) -> IronResult<Response> {
}
}
#[derive(Debug,Clone,Deserialize)]
struct SetPassword {
current: String,
password: String,
}
fn set_password(req: &mut Request) -> IronResult<Response> {
let state = req.get::<Read<State>>().unwrap();
let params = match req.get::<bodyparser::Struct<SetPassword>>() {
Ok(Some(b)) => b,
_ => return Err(IronError::from(MnmlHttpError::BadRequest)),
};
match req.extensions.get::<account::Account>() {
Some(a) => {
let db = state.pool.get().or(Err(MnmlHttpError::DbError))?;
let mut tx = db.transaction().or(Err(MnmlHttpError::DbError))?;
let token = account::set_password(&mut tx, a.id, &params.current, &params.password)?;
tx.commit().or(Err(MnmlHttpError::ServerError))?;
Ok(token_res(token))
},
None => Err(IronError::from(MnmlHttpError::Unauthorized)),
}
}
const MAX_BODY_LENGTH: usize = 1024 * 1024 * 10;
@ -269,6 +296,8 @@ pub fn start(pool: PgPool) {
router.post("/api/account/login", login, "login");
router.post("/api/account/logout", logout, "logout");
router.post("/api/account/register", register, "register");
router.post("/api/account/password", set_password, "set_password");
router.post("/api/account/email", logout, "email");
// payments
router.post("/api/payments/stripe", stripe, "stripe");