Update game password from page

O01eg

Jan 27, 2022, 5:25 PM

5UYVIBUMRPOX5ZK6UZ34BSDNJCA24FOLBME67ZA6UKU7KSAT5XTQC

Dependencies

[2] 3HT5CE6S Manage TTL duration in config
[3] WW3KRXX6 Add page for reset game password
[4] HTYEGVBU Add data to reset password page
[5] ZE5UFPX4 Add TTL cache for CSRF
[6] WVHXYKCV Add postgresql pools
[*] EVP2FSBH Split index page

Change contents

edit in src/pages/reset_game_pwd.rs at line 13

[3.987]

[3.987]

}

#[derive(serde_derive::Deserialize)]
pub struct FormData {
login: String,
password: String,
password_copy: String,
token: Uuid,
csrf: Uuid,
replacement in src/pages/reset_game_pwd.rs at line 43

[3.1500]→[3.1500:1657](∅→∅)

let stmt = match dbclient.prepare("select last_error from auth.reset_tokens where token = $1 and NOW() < create_ts + interval '1 day' limit 1;").await {

[3.1500]

[3.1657]

let stmt = match dbclient.prepare("select player_name, last_error from auth.reset_tokens where token = $1 and NOW() < create_ts + interval '1 day' limit 1;").await {
replacement in src/pages/reset_game_pwd.rs at line 64

[3.2293]→[3.2293:2345](∅→∅)

let last_error = row.get::<_, Option<&str>>(0);

[3.2293]

[3.2345]

let player_name = row.get::<_, &str>(0);
let last_error = row.get::<_, Option<&str>>(1);
replacement in src/pages/reset_game_pwd.rs at line 72

[2.40]→[2.40:59](∅→∅)

token,

[2.40]

[2.59]

(token, player_name.to_string()),
replacement in src/pages/reset_game_pwd.rs at line 95

[3.300]→[3.300:382](∅→∅),[3.382]→[3.963:1064](∅→∅),[3.963]→[3.963:1064](∅→∅)

pub async fn post_reset_game_pwd(_data: web::Data<WebData<'_>>) -> HttpResponse {
HttpResponse::Found()
.append_header((header::LOCATION, "index.html"))
.finish()

[3.300]

[3.1064]

pub async fn post_reset_game_pwd(
form: web::Form<FormData>,
data: web::Data<WebData<'_>>,
) -> HttpResponse {
let cached_data = {
let mut cache = data.cache.lock().await;
cache.remove(&form.csrf)
};
let (cached_token, cached_login) = match cached_data {
Some(d) => d,
None => {
log::warn!("Unknown data for CSRF: {}", form.csrf);
return HttpResponse::BadRequest().body("Incorrect");
}
};
if form.token != cached_token {
log::warn!("Mismatch token for CSRF: {}", form.csrf);
return HttpResponse::BadRequest().body("Incorrect");
}

let dbclient = match data.pool_rw.get().await {
Ok(c) => c,
Err(e) => {
log::error!("Pool RW error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};

let pass_match = form.password == form.password_copy;
let login_match = form.login.to_ascii_lowercase() == cached_login.to_ascii_lowercase();
if pass_match && login_match {
let stmt = match dbclient
.prepare("delete from auth.reset_tokens where token = $1 and player_name = $2;")
.await
{
Ok(stmt) => stmt,
Err(e) => {
log::error!("Pool RW statement delete error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
let deleted = match dbclient.execute(&stmt, &[&form.token, &form.login]).await {
Ok(c) => c,
Err(e) => {
log::error!("Pool RW execute delete error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
if deleted == 0 {
log::error!("Not delete error: {}", cached_token);
return HttpResponse::BadRequest().body("Incorrect");
}
let stmt = match dbclient.prepare("update auth.users set game_password = crypt($1, gen_salt('bf', 8)) where player_name = $2;").await {
Ok(stmt) => stmt,
Err(e) => {
log::error!("Pool RW statement upd pwd error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
let changed = match dbclient
.execute(&stmt, &[&form.password, &form.login])
.await
{
Ok(c) => c,
Err(e) => {
log::error!("Pool RW execute upd pwd error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
if changed > 0 {
HttpResponse::Found()
.append_header((header::LOCATION, "index.html"))
.finish()
} else {
log::error!("Not update pwd error: {}", cached_token);
HttpResponse::BadRequest().body("Incorrect")
}
} else {
let stmt = match dbclient.prepare("update auth.reset_tokens set last_error = $1 where token = $2 and player_name = $3;").await {
Ok(stmt) => stmt,
Err(e) => {
log::error!("Pool RW statement error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
let changed = match dbclient
.execute(
&stmt,
&[
&if login_match {
"Passwords mismatch"
} else {
"Login mismatch"
},
&cached_token,
&cached_login,
],
)
.await
{
Ok(c) => c,
Err(e) => {
log::error!("Pool RW execute error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
if changed > 0 {
HttpResponse::Found()
.append_header((
header::LOCATION,
format!("reset-game-pwd-{}.html", cached_token),
))
.finish()
} else {
log::error!("Not set error: {}", cached_token);
HttpResponse::BadRequest().body("Incorrect")
}
}
replacement in src/pages/mod.rs at line 13

[3.559]→[3.201:245](∅→∅)

pub cache: Mutex<TtlCache<Uuid, Uuid>>,

[3.559]

[2.140]

pub cache: Mutex<TtlCache<Uuid, (Uuid, String)>>,