o01eg/freeorion-test-web - Change 5UYVIBUMRPOX5ZK6UZ34BSDNJCA24FOLBME67ZA6UKU7KSAT5XTQC

Update game password from page

Created by O01eg on January 27, 2022

5UYVIBUMRPOX5ZK6UZ34BSDNJCA24FOLBME67ZA6UKU7KSAT5XTQC

Dependencies

In channels

main

Change contents

Insertion in src/pages/reset_game_pwd.rs at line 13 [4.597]

[3.987]

}
#[derive(serde_derive::Deserialize)]
pub struct FormData {
    login: String,
    password: String,
    password_copy: String,
    token: Uuid,
    csrf: Uuid,

Replacement in src/pages/reset_game_pwd.rs at line 43 [4.597]

B:BD[3.1500] → [3.1500:1657]

    let stmt = match dbclient.prepare("select last_error from auth.reset_tokens where token = $1 and NOW() < create_ts + interval '1 day' limit 1;").await {

[3.1500]

[3.1657]

    let stmt = match dbclient.prepare("select player_name, last_error from auth.reset_tokens where token = $1 and NOW() < create_ts + interval '1 day' limit 1;").await {

Replacement in src/pages/reset_game_pwd.rs at line 64 [4.597]

B:BD[3.2293] → [3.2293:2345]

    let last_error = row.get::<_, Option<&str>>(0);

[3.2293]

[3.2345]

    let player_name = row.get::<_, &str>(0);
    let last_error = row.get::<_, Option<&str>>(1);

Replacement in src/pages/reset_game_pwd.rs at line 72 [4.597]
B:BD[2.40] → [2.40:59]
```
            token,
```
[2.40]
[2.59]
```
            (token, player_name.to_string()),
```

Replacement in src/pages/reset_game_pwd.rs at line 95 [4.597]

B:BD[5.300] → [5.300:382]

∅:D[5.382] → [4.963:1064]

B:BD[4.963] → [4.963:1064]

pub async fn post_reset_game_pwd(_data: web::Data<WebData<'_>>) -> HttpResponse {
    HttpResponse::Found()
        .append_header((header::LOCATION, "index.html"))
        .finish()

[5.300]

[4.1064]

pub async fn post_reset_game_pwd(
    form: web::Form<FormData>,
    data: web::Data<WebData<'_>>,
) -> HttpResponse {
    let cached_data = {
        let mut cache = data.cache.lock().await;
        cache.remove(&form.csrf)
    };
    let (cached_token, cached_login) = match cached_data {
        Some(d) => d,
        None => {
            log::warn!("Unknown data for CSRF: {}", form.csrf);
            return HttpResponse::BadRequest().body("Incorrect");
        }
    };
    if form.token != cached_token {
        log::warn!("Mismatch token for CSRF: {}", form.csrf);
        return HttpResponse::BadRequest().body("Incorrect");
    }
    let dbclient = match data.pool_rw.get().await {
        Ok(c) => c,
        Err(e) => {
            log::error!("Pool RW error {}", e);
            return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
        }
    };
    let pass_match = form.password == form.password_copy;
    let login_match = form.login.to_ascii_lowercase() == cached_login.to_ascii_lowercase();
    if pass_match && login_match {
        let stmt = match dbclient
            .prepare("delete from auth.reset_tokens where token = $1 and player_name = $2;")
            .await
        {
            Ok(stmt) => stmt,
            Err(e) => {
                log::error!("Pool RW statement delete error {}", e);
                return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
            }
        };
        let deleted = match dbclient.execute(&stmt, &[&form.token, &form.login]).await {
            Ok(c) => c,
            Err(e) => {
                log::error!("Pool RW execute delete error {}", e);
                return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
            }
        };
        if deleted == 0 {
            log::error!("Not delete error: {}", cached_token);
            return HttpResponse::BadRequest().body("Incorrect");
        }
        let stmt = match dbclient.prepare("update auth.users set game_password = crypt($1, gen_salt('bf', 8)) where player_name = $2;").await {
            Ok(stmt) => stmt,
            Err(e) => {
                log::error!("Pool RW statement upd pwd error {}", e);
                return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
            }
        };
        let changed = match dbclient
            .execute(&stmt, &[&form.password, &form.login])
            .await
        {
            Ok(c) => c,
            Err(e) => {
                log::error!("Pool RW execute upd pwd error {}", e);
                return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
            }
        };
        if changed > 0 {
            HttpResponse::Found()
                .append_header((header::LOCATION, "index.html"))
                .finish()
        } else {
            log::error!("Not update pwd error: {}", cached_token);
            HttpResponse::BadRequest().body("Incorrect")
        }
    } else {
        let stmt = match dbclient.prepare("update auth.reset_tokens set last_error = $1 where token = $2 and player_name = $3;").await {
            Ok(stmt) => stmt,
            Err(e) => {
                log::error!("Pool RW statement error {}", e);
                return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
            }
        };
        let changed = match dbclient
            .execute(
                &stmt,
                &[
                    &if login_match {
                        "Passwords mismatch"
                    } else {
                        "Login mismatch"
                    },
                    &cached_token,
                    &cached_login,
                ],
            )
            .await
        {
            Ok(c) => c,
            Err(e) => {
                log::error!("Pool RW execute error {}", e);
                return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
            }
        };
        if changed > 0 {
            HttpResponse::Found()
                .append_header((
                    header::LOCATION,
                    format!("reset-game-pwd-{}.html", cached_token),
                ))
                .finish()
        } else {
            log::error!("Not set error: {}", cached_token);
            HttpResponse::BadRequest().body("Incorrect")
        }
    }

Replacement in src/pages/mod.rs at line 13 [7.50]

B:BD[5.559] → [6.201:245]

    pub cache: Mutex<TtlCache<Uuid, Uuid>>,

[5.559]

[2.140]

    pub cache: Mutex<TtlCache<Uuid, (Uuid, String)>>,