From 2378a31f8dcde91238c9788d62dbf04bc0098f82 Mon Sep 17 00:00:00 2001 From: Xander Bil Date: Sun, 29 Sep 2024 22:41:49 +0200 Subject: [PATCH 1/3] Add reject functionality --- src/controllers/users_controller.rs | 38 +++++++++++++++ src/lib.rs | 1 + templates/mails/user_rejected.txt | 7 +++ templates/users/index.html | 8 ++++ tests/users.rs | 73 +++++++++++++++++++++++++++++ 5 files changed, 127 insertions(+) create mode 100644 templates/mails/user_rejected.txt diff --git a/src/controllers/users_controller.rs b/src/controllers/users_controller.rs index c4b11873..e9886c05 100644 --- a/src/controllers/users_controller.rs +++ b/src/controllers/users_controller.rs @@ -303,6 +303,44 @@ pub async fn set_approved<'r>( }) } +#[post("/users//reject")] +pub async fn reject<'r>( + username: String, + _session: AdminSession, + mailer: &'r State, + conf: &'r State, + db: DbConn, +) -> Result> { + let user = User::find_by_username(username, &db).await?; + + if user.state != UserState::PendingApproval { + return Err(ZauthError::Unprocessable(String::from( + "user is not in the pending approval state", + ))); + } + + mailer + .create( + &user, + String::from("[Zauth] Your account has been rejected"), + template!( + "mails/user_rejected.txt"; + name: String = user.full_name.to_string(), + admin_email: String = conf.admin_email.clone() + ) + .render() + .map_err(InternalError::from)?, + ) + .await?; + + user.delete(&db).await?; + + Ok(Accepter { + html: Redirect::to(uri!(list_users())), + json: Custom(Status::NoContent, ()), + }) +} + #[get("/users/forgot_password")] pub fn forgot_password_get<'r>() -> impl Responder<'r, 'static> { template! { "users/forgot_password.html" } diff --git a/src/lib.rs b/src/lib.rs index 02cd6aac..a6f1140c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -129,6 +129,7 @@ fn assemble(rocket: Rocket) -> Rocket { users_controller::change_state, users_controller::set_admin, users_controller::set_approved, + users_controller::reject, users_controller::forgot_password_get, users_controller::forgot_password_post, users_controller::reset_password_get, diff --git a/templates/mails/user_rejected.txt b/templates/mails/user_rejected.txt new file mode 100644 index 00000000..70ee83e1 --- /dev/null +++ b/templates/mails/user_rejected.txt @@ -0,0 +1,7 @@ +Hi {{name}} + +Your account has been rejected. +If you think this is a mistake you can contact us at {{admin_email}}. + +Kind regards +The Zeus Authentication Server diff --git a/templates/users/index.html b/templates/users/index.html index d977ab2f..45c8b219 100644 --- a/templates/users/index.html +++ b/templates/users/index.html @@ -33,6 +33,7 @@ Email Created at Approve + Reject @@ -59,6 +60,13 @@ + + + +
+ +
+ {% endfor %} diff --git a/tests/users.rs b/tests/users.rs index a01e2ade..c88eaec1 100644 --- a/tests/users.rs +++ b/tests/users.rs @@ -788,6 +788,79 @@ async fn user_approval_flow() { .await; } +#[rocket::async_test] +async fn user_rejectal_flow() { + common::as_admin(async move |http_client: HttpClient, db, _admin| { + let email = String::from("test@example.com"); + let user = User::create_pending( + NewUser { + username: String::from("user"), + password: String::from("password"), + full_name: String::from("name"), + email: email.clone(), + ssh_key: None, + not_a_robot: true, + }, + &common::config(), + &db, + ) + .await + .unwrap(); + + let token = user + .pending_email_token + .as_ref() + .expect("email token") + .clone(); + + let response = http_client + .get(format!("/users/confirm/{}", token)) + .header(Accept::HTML) + .header(ContentType::Form) + .dispatch() + .await; + + assert_eq!(response.status(), Status::Ok); + + let response = + common::expect_mail_to(vec!["admin@localhost"], async || { + http_client + .post("/users/confirm") + .header(Accept::HTML) + .header(ContentType::Form) + .body(format!("token={}", token)) + .dispatch() + .await + }) + .await; + + assert_eq!(response.status(), Status::Ok); + + let user = user.reload(&db).await.expect("reload user"); + + assert_eq!( + user.state, + UserState::PendingApproval, + "after email is confirmed, user should be pending for approval" + ); + + common::expect_mail_to(vec![&email], async || { + let response = http_client + .post(format!("/users/{}/reject/", user.username)) + .header(Accept::HTML) + .header(ContentType::Form) + .dispatch() + .await; + + assert_eq!(response.status(), Status::SeeOther); + }) + .await; + + user.reload(&db).await.expect_err("user should be removed"); + }) + .await; +} + #[rocket::async_test] async fn refuse_robots() { common::as_visitor(async move |http_client: HttpClient, db| { From e126f9c4f26f836f6f37ab850bc2046c060123b7 Mon Sep 17 00:00:00 2001 From: Xander Bil <47951455+xerbalind@users.noreply.github.com> Date: Wed, 2 Oct 2024 18:57:23 +0200 Subject: [PATCH 2/3] Update templates/mails/user_rejected.txt Co-authored-by: Rien --- templates/mails/user_rejected.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/mails/user_rejected.txt b/templates/mails/user_rejected.txt index 70ee83e1..9f8bf428 100644 --- a/templates/mails/user_rejected.txt +++ b/templates/mails/user_rejected.txt @@ -1,6 +1,6 @@ Hi {{name}} -Your account has been rejected. +Your registration request for a Zeus account has been rejected. If you think this is a mistake you can contact us at {{admin_email}}. Kind regards From 22818e64d4561529abc900f13568ab19a251437a Mon Sep 17 00:00:00 2001 From: Xander Bil Date: Wed, 2 Oct 2024 19:03:26 +0200 Subject: [PATCH 3/3] remove sending mail when rejected --- src/controllers/users_controller.rs | 16 ---------------- templates/mails/user_rejected.txt | 7 ------- tests/users.rs | 17 +++++++---------- 3 files changed, 7 insertions(+), 33 deletions(-) delete mode 100644 templates/mails/user_rejected.txt diff --git a/src/controllers/users_controller.rs b/src/controllers/users_controller.rs index e9886c05..cf502809 100644 --- a/src/controllers/users_controller.rs +++ b/src/controllers/users_controller.rs @@ -307,8 +307,6 @@ pub async fn set_approved<'r>( pub async fn reject<'r>( username: String, _session: AdminSession, - mailer: &'r State, - conf: &'r State, db: DbConn, ) -> Result> { let user = User::find_by_username(username, &db).await?; @@ -319,20 +317,6 @@ pub async fn reject<'r>( ))); } - mailer - .create( - &user, - String::from("[Zauth] Your account has been rejected"), - template!( - "mails/user_rejected.txt"; - name: String = user.full_name.to_string(), - admin_email: String = conf.admin_email.clone() - ) - .render() - .map_err(InternalError::from)?, - ) - .await?; - user.delete(&db).await?; Ok(Accepter { diff --git a/templates/mails/user_rejected.txt b/templates/mails/user_rejected.txt deleted file mode 100644 index 9f8bf428..00000000 --- a/templates/mails/user_rejected.txt +++ /dev/null @@ -1,7 +0,0 @@ -Hi {{name}} - -Your registration request for a Zeus account has been rejected. -If you think this is a mistake you can contact us at {{admin_email}}. - -Kind regards -The Zeus Authentication Server diff --git a/tests/users.rs b/tests/users.rs index c88eaec1..0a837cd7 100644 --- a/tests/users.rs +++ b/tests/users.rs @@ -844,17 +844,14 @@ async fn user_rejectal_flow() { "after email is confirmed, user should be pending for approval" ); - common::expect_mail_to(vec![&email], async || { - let response = http_client - .post(format!("/users/{}/reject/", user.username)) - .header(Accept::HTML) - .header(ContentType::Form) - .dispatch() - .await; + let response = http_client + .post(format!("/users/{}/reject/", user.username)) + .header(Accept::HTML) + .header(ContentType::Form) + .dispatch() + .await; - assert_eq!(response.status(), Status::SeeOther); - }) - .await; + assert_eq!(response.status(), Status::SeeOther); user.reload(&db).await.expect_err("user should be removed"); })