Initial commit after extraction

2018-07-20 15:42:02 -07:00 · 2018-07-20 15:42:02 -07:00 · 80ba54e4ef
commit 80ba54e4ef
43 changed files with 3865 additions and 0 deletions
--- a/src/users/views/login.rs
+++ b/src/users/views/login.rs
@ -0,0 +1,85 @@
+//  src/users/views/login.rs
+//
+//  Views for user authentication.
+//  
+//  @author Ryan McGrath <ryan@rymc.io>
+//  @created 06/18/2018
+
+use askama::Template;
+use validator::Validate;
+use futures::future::Future;
+use djangohashers::{check_password};
+use actix_web::{Form, AsyncResponder, HttpRequest, HttpResponse};
+use actix_web::middleware::session::RequestSession;
+
+use State;
+use users::models::{UserLogin};
+use users::middleware::UserAuthentication;
+use util::forms::collect_validation_errors;
+use util::responses::{FutureResponse, future_render, future_redirect, redirect, render};
+
+#[derive(Template)]
+#[template(path = "users/login.html")]
+pub struct Login {
+    pub errors: Option<Vec<String>>
+}
+
+impl Login {
+    pub fn get(request: HttpRequest<State>) -> HttpResponse {
+        if request.is_authenticated() {
+            let url = request.url_for("homepage", &[""; 0]).unwrap();
+            return redirect(url.as_str());
+        }
+
+        render(&Self {
+            errors: None
+        })
+    }
+
+    pub fn post((request, login): (HttpRequest<State>, Form<UserLogin>)) -> FutureResponse {
+        if request.is_authenticated() {
+            let url = request.url_for("homepage", &[""; 0]).unwrap();
+            return future_redirect(url.as_str());
+        }
+
+        // No sense in wasting a database call if they didn't pass in an actual email address.
+        // *shrug*
+        let login = login.into_inner();
+        if let Err(e) = login.validate() {
+            return future_render(&Self {
+                errors: Some(collect_validation_errors(e))
+            });
+        }
+
+        let password = login.password.clone();
+        request.state().db.send(login).from_err().and_then(move |res| match res {
+            Ok(user) => {
+                // Yo, so I know you're coming here and looking at this .unwrap(), and probably
+                // going "man what is this guy doing?". This should only ever give a Err() result
+                // if we're trying to use an unknown algorithm... which isn't the case here.
+                if check_password(&password, &user.password).unwrap() {
+                    if let Err(e) = request.session().set("uid", user.id) {
+                        error!("Could not set UID for user session! {:?}", e);
+                        return Ok(render(&Self {
+                            errors: Some(vec!["An internal error occurred while attempting to sign you in. Please try again in a bit.".into()])
+                        }));
+                    }
+                
+                    let url = request.url_for("homepage", &[""; 0]).unwrap();
+                    Ok(redirect(url.as_str()))
+                } else {
+                    Ok(render(&Self {
+                        errors: Some(vec!["Email or password is incorrect.".into()])
+                    }))
+                }
+            },
+            
+            Err(e) => {
+                warn!("Error locating user: {:?}", e);
+                Ok(render(&Self {
+                    errors: Some(vec!["Email or password is incorrect.".into()])
+                }))
+            }
+        }).responder()
+    }
+}