add validation to user registration

This commit is contained in:
Ilion Beyst 2022-04-09 10:04:12 +02:00
parent 0e3ff9201e
commit cc7014b04b
3 changed files with 89 additions and 5 deletions

View file

@ -25,6 +25,7 @@ zip = "0.5"
toml = "0.5" toml = "0.5"
planetwars-matchrunner = { path = "../planetwars-matchrunner" } planetwars-matchrunner = { path = "../planetwars-matchrunner" }
config = { version = "0.12", features = ["toml"] } config = { version = "0.12", features = ["toml"] }
thiserror = "1.0.31"
# TODO: remove me # TODO: remove me
shlex = "1.1" shlex = "1.1"

View file

@ -57,10 +57,14 @@ pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResul
.get_result::<User>(conn) .get_result::<User>(conn)
} }
pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> { pub fn find_user(username: &str, db_conn: &PgConnection) -> QueryResult<User> {
users::table users::table
.filter(users::username.eq(&credentials.username)) .filter(users::username.eq(username))
.first::<User>(db_conn) .first::<User>(db_conn)
}
pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> {
find_user(credentials.username, db_conn)
.optional() .optional()
.unwrap() .unwrap()
.and_then(|user| { .and_then(|user| {

View file

@ -8,6 +8,8 @@ use axum::http::StatusCode;
use axum::response::{Headers, IntoResponse, Response}; use axum::response::{Headers, IntoResponse, Response};
use axum::{async_trait, Json}; use axum::{async_trait, Json};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_json::json;
use thiserror::Error;
type AuthorizationHeader = TypedHeader<Authorization<Bearer>>; type AuthorizationHeader = TypedHeader<Authorization<Bearer>>;
@ -53,16 +55,93 @@ pub struct RegistrationParams {
pub password: String, pub password: String,
} }
#[derive(Debug, Error)]
pub enum RegistrationError {
#[error("database error")]
DatabaseError(#[from] diesel::result::Error),
#[error("validation failed")]
ValidationFailed(Vec<String>),
}
impl RegistrationParams {
fn validate(&self, conn: &DatabaseConnection) -> Result<(), RegistrationError> {
let mut errors = Vec::new();
// TODO: do we want to support cased usernames?
// this could be done by allowing casing in names, but requiring case-insensitive uniqueness
if !self
.username
.chars()
.all(|c| c.is_ascii_alphanumeric() && !c.is_uppercase())
{
errors.push("username must be alphanumeric and lowercase".to_string());
}
if self.username.len() < 3 {
errors.push("username must be at least 3 characters".to_string());
}
if self.username.len() > 32 {
errors.push("username must be at most 32 characters".to_string());
}
if self.password.len() < 8 {
errors.push("password must be at least 8 characters".to_string());
}
if users::find_user(&self.username, &conn).is_ok() {
errors.push("username is already taken".to_string());
}
if errors.is_empty() {
Ok(())
} else {
Err(RegistrationError::ValidationFailed(errors))
}
}
}
impl IntoResponse for RegistrationError {
fn into_response(self) -> Response {
let (status, json_body) = match self {
RegistrationError::DatabaseError(_e) => {
// TODO: create an error response struct
(
StatusCode::INTERNAL_SERVER_ERROR,
json!({
"error": {
"type": "internal_server_error",
}
}),
)
}
RegistrationError::ValidationFailed(errors) => (
StatusCode::UNPROCESSABLE_ENTITY,
json!({
"error": {
"type": "validation_failed",
"validation_errors": errors,
}
}),
),
};
(status, Json(json_body)).into_response()
}
}
pub async fn register( pub async fn register(
conn: DatabaseConnection, conn: DatabaseConnection,
params: Json<RegistrationParams>, params: Json<RegistrationParams>,
) -> Json<UserData> { ) -> Result<Json<UserData>, RegistrationError> {
params.validate(&conn)?;
let credentials = Credentials { let credentials = Credentials {
username: &params.username, username: &params.username,
password: &params.password, password: &params.password,
}; };
let user = users::create_user(&credentials, &conn).unwrap(); let user = users::create_user(&credentials, &conn)?;
Json(user.into()) Ok(Json(user.into()))
} }
#[derive(Deserialize)] #[derive(Deserialize)]