diff options
| author | metamuffin <metamuffin@disroot.org> | 2023-08-01 19:56:38 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2023-08-01 19:56:38 +0200 |
| commit | f7992589cf45c699599a7ee5fc4634c9db16ff87 (patch) | |
| tree | 973c2e0bc9d50a9e137f999b3c1f231e8471c4be /server/src/routes/ui/account/mod.rs | |
| parent | 551e62a6012284823d6b22a9257c3fae07de7fd9 (diff) | |
| download | jellything-f7992589cf45c699599a7ee5fc4634c9db16ff87.tar jellything-f7992589cf45c699599a7ee5fc4634c9db16ff87.tar.bz2 jellything-f7992589cf45c699599a7ee5fc4634c9db16ff87.tar.zst | |
error format depends on accept header
Diffstat (limited to 'server/src/routes/ui/account/mod.rs')
| -rw-r--r-- | server/src/routes/ui/account/mod.rs | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs index 79fa652..f1b243c 100644 --- a/server/src/routes/ui/account/mod.rs +++ b/server/src/routes/ui/account/mod.rs @@ -113,11 +113,11 @@ pub fn r_account_register_post<'a>( None => return Err(format_form_error(form)), }; - if database.invites.remove(&form.invitation).unwrap().is_none() { + if database.invite.remove(&form.invitation).unwrap().is_none() { return Err(MyError(anyhow!("invitation invalid"))); } match database - .users + .user .compare_and_swap( &form.username, None, @@ -151,8 +151,14 @@ pub fn r_account_login_post( Some(v) => v, None => return Err(format_form_error(form)), }; - - login_logic(jar, database, &form.username, &form.password)?; + jar.add( + Cookie::build( + "session", + login_logic(database, &form.username, &form.password)?, + ) + .permanent() + .finish(), + ); Ok(Redirect::found(uri!(r_home()))) } @@ -163,17 +169,12 @@ pub fn r_account_logout_post(jar: &CookieJar) -> MyResult<Redirect> { Ok(Redirect::found(uri!(r_home()))) } -pub fn login_logic( - jar: &CookieJar, - database: &Database, - username: &str, - password: &str, -) -> MyResult<()> { +pub fn login_logic(database: &Database, username: &str, password: &str) -> MyResult<String> { // hashing the password regardless if the accounts exists to prevent timing attacks let password = hash_password(username, password); let user = database - .users + .user .get(&username.to_string())? .ok_or(anyhow!("invalid password"))?; @@ -181,16 +182,10 @@ pub fn login_logic( Err(anyhow!("invalid password"))? } - jar.add( - Cookie::build( - "session", - session::token::create(user.name, Duration::days(CONF.login_expire)), - ) - .permanent() - .finish(), - ); - - Ok(()) + Ok(session::token::create( + user.name, + Duration::days(CONF.login_expire), + )) } pub fn format_form_error<T>(form: Form<Contextual<T>>) -> MyError { |