Fixes password profile saving from mobile applications

ogarcia · ogarcia · commit 16d3861d29e6 · 2023-04-14T13:56:33.000+02:00
- A workaround is added so that mobile applications do not crash when
  sending a new password profile.
- Adds /auth/users/me/ endpoint that returns information about the user.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rockpass"
-version = "0.7.1"
+version = "0.8.0"
 authors = ["Óscar García Amor"]
 license = "GPL-3.0"
 readme = "README.md"
diff --git a/migrations/2022-03-21-153112_multitokens/down.sql b/migrations/2022-03-21-153112_multitokens/down.sql
@@ -1,5 +1,5 @@
 CREATE TABLE IF NOT EXISTS tokens_migration (
-  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  id INTEGER NOT NULL PRIMARY KEY,
   user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
   token TEXT NOT NULL UNIQUE,
   created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
diff --git a/migrations/2023-02-21-103736_tokensincrement/down.sql b/migrations/2023-02-21-103736_tokensincrement/down.sql
@@ -0,0 +1,18 @@
+CREATE TABLE IF NOT EXISTS tokens_migration (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  access_token TEXT NOT NULL UNIQUE,
+  refresh_token TEXT NOT NULL UNIQUE,
+  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  modified DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+INSERT INTO tokens_migration (
+  id,
+  user_id,
+  access_token,
+  refresh_token,
+  created,
+  modified
+) SELECT id, user_id, access_token, refresh_token, created, modified FROM tokens;
+DROP TABLE tokens;
+ALTER TABLE tokens_migration RENAME TO tokens;
diff --git a/migrations/2023-02-21-103736_tokensincrement/up.sql b/migrations/2023-02-21-103736_tokensincrement/up.sql
@@ -0,0 +1,18 @@
+CREATE TABLE IF NOT EXISTS tokens_migration (
+  id INTEGER NOT NULL PRIMARY KEY,
+  user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  access_token TEXT NOT NULL UNIQUE,
+  refresh_token TEXT NOT NULL UNIQUE,
+  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  modified DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+INSERT INTO tokens_migration (
+  id,
+  user_id,
+  access_token,
+  refresh_token,
+  created,
+  modified
+) SELECT id, user_id, access_token, refresh_token, created, modified FROM tokens;
+DROP TABLE tokens;
+ALTER TABLE tokens_migration RENAME TO tokens;
diff --git a/src/main.rs b/src/main.rs
@@ -74,6 +74,8 @@ fn rocket() -> _ {
         .mount("/", routes![
                routes::options_auth_users,
                routes::post_auth_users,
+               routes::options_auth_users_me,
+               routes::get_auth_users_me,
                routes::options_auth_users_set_password,
                routes::post_auth_users_set_password,
                routes::options_auth_jwt_create,
@@ -167,6 +169,32 @@ mod tests {
         assert_eq!(response.into_string().await.unwrap(), r#"{"detail":"User already exists"}"#);
     }
 
+    #[rocket::async_test]
+    async fn test_get_auth_users_me() {
+        let client = Client::tracked(rocket()).await.unwrap();
+        // Create a user and token
+        let token = create_token(&client).await;
+        // Attempt to get user data fails because no access token specified
+        let request = client.get("/auth/users/me")
+            .header(ContentType::JSON);
+        let response = request.dispatch().await;
+        assert_eq!(response.status(), Status::BadRequest);
+        // The attempt to get user data fails because, although a valid formatted token is
+        // specified, the token is not correct.
+        let request = client.get("/auth/users/me")
+            .header(ContentType::JSON)
+            .header(Header::new("authorization", "bearer false"));
+        let response = request.dispatch().await;
+        assert_eq!(response.status(), Status::Unauthorized);
+        // Get user data
+        let request = client.get("/auth/users/me")
+            .header(ContentType::JSON)
+            .header(Header::new("authorization", format!("bearer {}", token.access)));
+        let response = request.dispatch().await;
+        assert_eq!(response.status(), Status::Ok);
+        assert_eq!(response.into_string().await.unwrap(), r#"{"email":"test@rockpass.sample","id":1}"#);
+    }
+
     #[rocket::async_test]
     async fn test_post_auth_jwt_create() {
         let client = Client::tracked(rocket()).await.unwrap();
@@ -291,6 +319,13 @@ mod tests {
         let response = request.dispatch().await;
         assert_eq!(response.status(), Status::Created);
         assert_eq!(response.into_string().await.unwrap(), r#"{"detail":"Created new password entry for site rockpass.sample"}"#);
+        // Password is added with broken scheme
+        let request = client.post("/passwords")
+            .header(ContentType::JSON)
+            .header(Header::new("authorization", format!("bearer {}", token.access)))
+            .body(r#"{"login":"bob@rockpass.sample","site":"bob.rockpass.sample","uppercase":true,"symbols":true,"lowercase":true,"number":true,"counter":1,"length":16}"#);
+        let response = request.dispatch().await;
+        assert_eq!(response.status(), Status::Created);
     }
 
     #[rocket::async_test]
diff --git a/src/models.rs b/src/models.rs
@@ -82,8 +82,12 @@ pub struct NewPassword {
     pub uppercase: bool,
     pub symbols: bool,
     pub lowercase: bool,
+    #[serde(alias = "number")]
     pub numbers: bool,
     pub counter: i32,
+    #[serde(default = "default_version")]
     pub version: i32,
     pub length: i32,
 }
+
+const fn default_version() -> i32 { 2 }
diff --git a/src/routes.rs b/src/routes.rs
@@ -236,6 +236,21 @@ pub async fn post_auth_users(connection: RockpassDatabase, config: &State<Rockpa
     }
 }
 
+#[options("/auth/users/me")]
+pub async fn options_auth_users_me() -> Status {
+    Status::NoContent
+}
+
+#[get("/auth/users/me")]
+pub async fn get_auth_users_me(authorization: Authorization) -> status::Custom<Json<Value>> {
+    status::Custom(Status::Ok, Json(
+            json!({
+                "id": authorization.1.id,
+                "email": authorization.1.email
+            })
+        ))
+}
+
 #[options("/auth/users/set_password")]
 pub async fn options_auth_users_set_password() -> Status {
     Status::NoContent
