update user secret

2026-02-12 10:35:39 +00:00 · 2021-04-10 21:44:08 +05:30
parent 52ab947e3b
commit 08ec215709
4 changed files with 51 additions and 7 deletions
--- a/src/api/v1/auth.rs
+++ b/src/api/v1/auth.rs
@@ -142,6 +142,44 @@ pub async fn get_secret(id: Identity, data: web::Data<Data>) -> ServiceResult<im
    Ok(HttpResponse::Ok().json(secret))
 }

+#[post("/api/v1/account/secret/")]
+pub async fn update_user_secret(
+    id: Identity,
+    data: web::Data<Data>,
+) -> ServiceResult<impl Responder> {
+    is_authenticated(&id)?;
+
+    let username = id.identity().unwrap();
+
+    let mut secret;
+
+    loop {
+        secret = get_random(32);
+        let res = sqlx::query!(
+            "UPDATE mcaptcha_users set secret = $1
+        WHERE name = $2",
+            &secret,
+            &username,
+        )
+        .execute(&data.db)
+        .await;
+        if res.is_ok() {
+            break;
+        } else {
+            if let Err(sqlx::Error::Database(err)) = res {
+                if err.code() == Some(Cow::from("23505"))
+                    && err.message().contains("mcaptcha_users_secret_key")
+                {
+                    continue;
+                } else {
+                    Err(sqlx::Error::Database(err))?;
+                }
+            };
+        }
+    }
+    Ok(HttpResponse::Ok())
+}
+
 #[post("/api/v1/signout")]
 pub async fn signout(id: Identity) -> impl Responder {
    if let Some(_) = id.identity() {
--- a/src/api/v1/mod.rs
+++ b/src/api/v1/mod.rs
@@ -34,6 +34,7 @@ pub fn services(cfg: &mut ServiceConfig) {
    cfg.service(auth::username_exists);
    cfg.service(auth::email_exists);
    cfg.service(auth::get_secret);
+    cfg.service(auth::update_user_secret);

    // mcaptcha
    cfg.service(mcaptcha::mcaptcha::add_mcaptcha);
--- a/src/api/v1/tests/auth.rs
+++ b/src/api/v1/tests/auth.rs
@@ -44,6 +44,7 @@ async fn auth_works() {
    let (_, _, signin_resp) = register_and_signin(NAME, EMAIL, PASSWORD).await;
    let cookies = get_cookie!(signin_resp);

+    // chech if get user secret works
    let resp = test::call_service(
        &mut app,
        test::TestRequest::get()
@@ -54,6 +55,17 @@ async fn auth_works() {
    .await;
    assert_eq!(resp.status(), StatusCode::OK);

+    // check if update user secret works
+    let resp = test::call_service(
+        &mut app,
+        test::TestRequest::post()
+            .cookie(cookies.clone())
+            .uri(GET_SECRET)
+            .to_request(),
+    )
+    .await;
+    assert_eq!(resp.status(), StatusCode::OK);
+
    // 2. check if duplicate username is allowed
    let msg = Register {
        username: NAME.into(),